Security Alerts & News
by Tymoteusz A. Góral

History
#205 VMware reissues vCenter server patch
The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowed unauthenticated attackers connect to the service and use it to run code on the server; versions 5.5, 5.1 and 5.0 are affected, VMware said. VCenter Server is used by organizations to manage their virtual server environments. Friday’s advisory from VMware said that the original patch for CVE-2015-2342 was incomplete, and an additional patch is require
#204 Password cracking attacks on Bitcoin wallets net $103,000
Hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure, according to research that tracked six years' worth of transactions. Account-holders used easy-to-remember passwords to protect their accounts instead of the long cryptographic keys normally required
#203 Symantec Blog: Latest Intelligence for January 2016
The Latest Intelligence for January 2016 shows an increase in fake offer social media scams and a decrease in spear-phishing activity.
#202 VIDEO: what ATM jackpotting malware is
Kaspersky Lab security researchers Santiago Pontirol and Roberto Martinez explain how ATM malware works in Latin America and why it’s difficult to discover ‘jackpotting’ malware. Kaspersky Security Analyst Summit 2016 on Tenerife, Spain.
#201 VoIP phone software bug 'eavesdrops and makes premium calls'
The problem affects voice-over-internet-protocol (Voip) phones, commonly used by businesses. Just by running a couple of lines of code on a website visited by the phone user, the researchers demonstrated how premium-rate calls could be made. A security expert said such bugs could make "millions" for the perpetrators.
#200 Mazar Bot actively targeting Android devices
Researchers at Heimdal Security said on Friday the bot is being sent to Android users via SMS and MMS messages and if the victim executes the APK, the bot roots the phone and gives the attacker extensive capabilities on the compromised device.
#199 Alert: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12