2013-10-18 - [slackware-security] hplip (SSA:2013-291-01)

2013-10-18 - [slackware-security] libtiff (SSA:2013-290-01)

2013-10-14 - [slackware-security] xorg-server (SSA:2013-287-05)

2013-10-14 - [slackware-security] libgpg-error (SSA:2013-287-04)

2013-10-14 - [slackware-security] gnutls (SSA:2013-287-03)

Downloader.Busadom!g1

Infostealer.Posteal

Downloader.Busadom

Trojan.Ladocosm

SONAR.SuspDocRun

SONAR.SuspHelpRun

W32.Tempedreve.D!inf

SONAR.PUA!AlnadInsta

SONAR.Infostealer!g5

SONAR.Infostealer!g4

Microsoft released Fix it tool for the zero-day vulnerability in GDI component in Microsoft Windows and Office

The flaw allows remote execution of arbitrary code on the target system via a specially crafted TIFF image.

Open source hardware can protect against NSA spying

It will more effectively detect backdoors and vulnerabilities that are built by NSA or other government agencies in the system of certain companies.

vBulletin Vulnerability allows unauthorized administrative access

Exploit for this vulnerability has already spread over hacking forums.

Microsoft to drop cookies

The company is going to apply its own technology that will store this sort of information on Redmond’s servers.

A fake Facebook login page steals user credentials

The phishers can also get access to personal and financial information.

Google to bounty fixing bugs in non-Google open source code software

Initially, the bounty program will be active for OpenSSL and OpenSSH libraries, BIND DNS and security critical components in Linux kernel.

CMU researchers created leak-proof messenger app

Messages remain encrypted until recipient gets them due to end-to-end method of encryption.

BlackHole exploit kit developer arrested in Russia

Ministry of Internal Affairs of the Russian Federation did not comment on the arrest.

EFF to sue FBI for usage of facial recognition software

The Electronic Frontier Foundation has filed a suit against the Federal Bureau of Investigation.

Facebook paid 20 grand for critical bug

UK-based security researcher was awarded with $20, 000 for discovery of critical vulnerability.

U.S. Department of Defense blocked The Guardian website

According to authorities, the resource published secret documents, access to which should be restricted.

Expert: Apple can get access to your iMessages

This is possible because the storage of messages in iCloud.

Researchers have doubted the relevance of the Common Vulnerability Scoring System

According to experts, the system does not provide the most relevant information on whether a vulnerability is used in real time for attacks on computer systems.

Backdoor in HP StoreOnce

Security experts discovered unchangeable admin account in HP StoreOnce SAN system software.

Attacker, distributing Ghost RAT Trojan, arrested in Taiwan

The virus spread via phishing email-messages.

Symantec: Pretending to be antivirus, malware blocks mobile devices

To unblock the device Fakedefender asks for a special code.

Carberp banking Trojan source code leaked

Guys from Russian security firm GROUP-IB published screen shots of a famous banking trojan Carberp.

CIA illegally read SMS of the Chinese

Snowden claimed that U.S. intelligence hacked the Chinese mobile operators’ databases.

Anonymous attack oil companies around the world

Hackers perform DDoS-attacks, compromise accounts of social networks, companies’ servers and websites, as well as hijack confidential data.

LinkedIn users were redirected to the false site because of the domain name registrar's error

Network Solutions suffered from a DDoS-attack and replaced 5 000 DNS records, which affected LinkedIn services.

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

Multiple Vulnerabilities in Linux kernel

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.