New Outlook Bug Doesn't Require Users To Interact With Emails To Be Compromised - Slashdot:
"The bug is because Outlook allows Flash objects to be previewed without a Sandbox".
More details here:
http://news.softpedia.com/news/badwinmail-microsoft-outlook-bug-can-give-attackers-control-over-pcs-497795.shtml
PDF Here:
https://sites.google.com/site/zerodayresearch/BadWinmail.pdf?attredirects=0
'via Blog this'
I'm just a simple techie who sometimes forgets things. I use this as a notepad to remember things by. I hope it helps you too. I post as myself, not as any organisation.
Sunday, 20 December 2015
Saturday, 19 December 2015
'Unauthorized code' that decrypts VPNs found in Juniper's ScreenOS • The Register
'Unauthorized code' that decrypts VPNs found in Juniper's ScreenOS • The Register:
Statement from Juniper:
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
KB article from Juniper:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST
CVE for remote access vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7755
CVE for VPN monitoring vulnerability:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7756
'via Blog this'
Statement from Juniper:
https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
KB article from Juniper:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST
CVE for remote access vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7755
CVE for VPN monitoring vulnerability:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7756
'via Blog this'