SECURITY LABS

INTELLIGENCE BULLETIN
WannaCrypt ransomware attack

A new ransomware that has been spread since 12th of March worldwide affecting hundreds of thousands of Windows computers and for which you should be considering the application of an emergency security patch update that Microsoft has released few hours ago.

READ MORE
Vulnerability in Windows http.sys could allow DOS or remote code execution

Yesterday Microsoft has patched a critical vulnerability in Windows HTTP stack (http.sys), which would have extreme consequences if an exploit is publicly disclosed.

READ MORE
Major Internet Explorer Vulnerability Publicly Disclosed Today

Update: As estimated, the community has responded to this public disclosure 4 days after it was announced. MS has been notified Oct-2014. CVE assigned is CVE-2015-0072.

READ MORE
Critical vulnerability on Drupal 7

Today a vulnerability was disclosed under CVE-2014-3704 / SA-CORE-2014-005 on the Drupal <7.32 that allows an unauthenticated attacker to execute arbitrary SQL.

READ MORE
POODLE attack or the end of SSLv3

Google has recently disclosed a (new?) SSLv3 vulnerability that allows an attacker controlling the SSL-encrypted network stream between client and server to extract the plaintext of specific parts of the communication, most "preferable" cookies.

READ MORE
Critical GNU Bash Vulnerability

On Wedneday, 24 September 2014, a new and very powerful vulnerability affecting Linux and Unix-based systems was published (CVE-2014-6271).

READ MORE
Man-in-the-Browser Attacks - Citadel

While the Man-in-the-Browser (MitB) type of attacks have been around for quite some time, the last year has seen a significant increase in amount of money being stolen as well as the “quality” and capabilities of the attack mechanisms.

READ MORE