Security Alerts & News
by Tymoteusz A. Góral

#1780 Critical vulnerability patched in Roundcube webmail
Open source webmail provider Roundcube has released an update that addresses a critical vulnerability in all default configurations that could allow an attacker to run arbitrary code on the host operating system.

The flaw is serious because it’s relatively simple to exploit and can allow an attacker to access email accounts or move deeper onto the network.

Researchers at RIPS Technologies, a German company specializing in PHP application security analysis, privately disclosed the bug Nov. 21. Roundcube had the vulnerability fixed on Github a day later, and made an updated version publicly available Nov. 28. Versions 1.0 to 1.2.2 are vulnerable, and users are advised to update to 1.2.3.
Read more
#1785 Buffer overflow in BSD libc library patched
#1784 Phishing made easy: Time to rethink your prevention strategy? (PDF)
#1783 Phishing-as-a-service is making it easier than ever for hackers to steal your data
#1782 Millions exposed to malvertising that hid attack code in banner pixels
#1781 Hackers gamify DDoS attacks with collaborative platform
#1780 Critical vulnerability patched in Roundcube webmail
#1779 Backdoor accounts found in 80 Sony IP security camera models
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12