Security Alerts & News
by Tymoteusz A. Góral

#1924 Cisco warns of critical flaw in teleconferencing gear
Cisco Systems is warning customers of a critical vulnerability affecting three of its TelePresence MCU platform models. The flaw could give attackers the ability to remotely execute code on impacted systems or create conditions favorable to a denial-of-service (DoS) attack.

According to an advisory issued this week, the vulnerability (CVE-2017-3792) is tied to a proprietary device driver in the kernel of the Cisco TelePresence Multipoint Control Unit (MCU) Software used in platform models 4500, MSE 8510 and 5300 Series.

“The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets,” wrote Cisco in its bulletin. Affected systems are those running software version 4.3(1.68) or later configured for “Passthrough” content mode.
Read more
#1929 Exploiting a misused C++ shared pointer on Windows 10
#1928 PayPal users targeted in sophisticated new phishing campaign
#1927 Netflix scam delivers ransomware
#1926 SMS-exploitable bug in Samsung Galaxy phones can be used for ransomware attacks
#1925 WordPress 4.7.2 update fixes XSS, SQL injection bugs
#1924 Cisco warns of critical flaw in teleconferencing gear
#1923 Majority of Android VPNs can’t be trusted to make users more secure
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12