Security Alerts & News
by Tymoteusz A. Góral

History
#724 ImageMagick vulnerability allows for remote code execution, now patched
ImageMagick is a popular software suite that is used to display, convert, and edit images. On May 3, security researchers publicly disclosed multiple vulnerabilities in the open-source image processing tool in this suite, one of which could potentially allow remote attackers to take over websites.

This suite can read and write images in over 200 formats including PNG, JPEG-2000, GIF, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Content management systems frequently use it to process any images before they are shown to the user.

The developers of ImageMagick have released updated versions of their software to fix these vulnerabilities. One vulnerability, CVE-2016-3714, allows for remote code execution on the server. This could be used to compromise Web servers and take over websites. Reports indicate that this vulnerability is already being exploited in the wild. Other reported vulnerabilities allow for HTTP/GET requests to be made from the server and for files to be read, moved, or deleted. Proof of concept code for these vulnerabilities is made available by the researchers.
Read more
#730 Opera launches 'free and unlimited' VPN app for iOS
#729 GoDaddy addresses blind XSS vulnerability affecting online support
#728 Police allege SWIFT technicians left Bangladesh bank vulnerable
#727 Researcher arrested after reporting pwnage hole in elections site
#726 Bucbi ransomware gets a big makeover
#725 How was this Windows Store app able to download adware to a Windows 10 PC?
#724 ImageMagick vulnerability allows for remote code execution, now patched
#723 On the monetization of crypto-ransomware
#722 Lego-driven robot programmed to hack gesture-based security
#721 Qatar National Bank suffers massive breach
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12