Security Alerts & News
by Tymoteusz A. Góral

History
#706 Public exploits available for ImageMagick vulnerabilities
Within hours of the disclosure of serious vulnerabilities in ImageMagick, public exploits were available increasing the risk to thousands of websites that make use of the open source image-processing software.

Attackers can append malicious code to an image file that ImageMagick will process without question, leading to, in the case of one of the vulnerabilities, remote code execution. The scope of the issue is severe since image-processing plugins such as PHP imagick, Ruby rmagick and Ruby paperclip, and nodeJS imagemagick among others are built on top of the ImageMagick library.

Researcher Ryan Huber was among the first on Tuesday to publicly disclose that ImageMagick had a problem. A researcher from the Mail.ru team in Russia who goes by the handle Stewie found the flaw, while Nikolay Ermishkin, also of the Mail.ru team, found the remote code execution issue.

“We have collectively determined that these vulnerabilities are available to individuals other than the person(s) who discovered them,” Huber wrote on the ImageTragick website, a landing page complete with FAQ on the bugs. “An unknowable number of people having access to these vulnerabilities makes this a critical issue for everyone using this software.”
Read more
#713 Qualcomm software flaw exposes Android user data
#712 Diary of a ransomware victim
#711 Petya: the two-in-one trojan
#710 Kaspersky: IT threat evolution in Q1 2016 report (PDF)
#709 Malware may abuse Android’s accessibility service to bypass security enhancements
#708 IBM just made a powerful research tool available to everyone for free
#707 Big data breaches found at major email services - expert
#706 Public exploits available for ImageMagick vulnerabilities
#705 Identity thieves used leaked PII to steal ADP payroll Info
#704 Apple updates Xcode’s Git implementation
#703 Cisco patches critical TelePresence vulnerability
#702 Microsoft unveils new effort to make its developer, IT documentation great again
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12