SPECIAL COMMUNICATION AND INFORMATION SECURITY STATE SERVICE

COMPUTER EMERGENCY
RESPONSE CENTER

AZ EN
Report Incident

NEWS

Researcher Releases PoC for Recent Java Cryptographic Vulnerability

22 Apr 2022
Researcher Releases PoC for Recent Java Cryptographic Vulnerability

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

19 Apr 2022
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

16 Apr 2022
Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System

Researchers Share In-Depth Analysis of PYSA Ransomware Group

13 Apr 2022
Researchers Share In-Depth Analysis of PYSA Ransomware Group

title Password Generator
title CTF
title Black List
title Infected IP
title Malware Lab
title CVSS

ARTICLES

The top stories of 2020

The top stories of 2020
New cybersecurity readiness assessment for healthcare organizations

New cybersecurity readiness assessment for healthcare organizations
5 Cyber Basics for the C Suite From the Outside In

5 Cyber Basics for the C Suite From the Outside In
In 2020, coronavirus concerns are a cloud security catalyst

In 2020, coronavirus concerns are a cloud security catalyst

BUGTRACK

BMW web portal vulns pose car hack risk – researchers

Two unpatched vulnerabilities in BMW's ConnectedDrive web portal create a mechanism to manipulate car settings, a security researcher warns.

Food chain Wendy's hit by massive hack

Popular US food chain Wendy's has been hit by a massive cyber attack, the company has confirmed.

Facebook Messenger is getting end-to-end encryption

SOCIAL NETWORK Facebook, a firm not usually commended for its privacy-aware efforts, has revealed that it's started to test end-to-end encryption on the Messenger service.

Malaysia-based credit card fraud ring broken, 105 arrested

A total of 105 credit card fraud suspects have been arrested in Asia and Europe following a complex months-long investigation across two continents.

Symantec admits it won't patch 'catastrophic' security flaws until mid-July

SECURITY OUTFIT Symantec has warned customers that security flaws in the firm's systems outed by Google's Project Zero last month won't be fixed until mid-July.

Palo Alto offers $16,000 in looming CTF hack off

In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials.

JS/TrojanDownloader.FakejQuery
----

JS/TrojanDownloader.FakejQuery.A is a trojan that redirects the browser to a specific URL location with malicious software.

Win32/Filecoder.CryptProjectXXX
----

Win32/Filecoder.CryptProjectXXX.E is a trojan that encrypts files on fixed, removable and network drives.

MSIL/Agent.OJF
----

MSIL/Agent.OJF is a trojan that redirects results of online search engines to specific web sites.

Win32/Spy.Banker
----

Win32/Spy.Banker.ACJB is a trojan that steals sensitive information.

CVE

CVE-2017-9303: Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.

CVE-2017-9302: RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.

CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.

CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.