Latest Security Advisories & Notable Vulnerabilities

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Android Mediaserver Vulnerability (CVE-2015-3823)
 Severity:    
 Advisory Date:  04 Aug 2015

Trend Micro researchers discovered this vulnerability in Android devices that could potentially allow attackers to perform Denial of Service (DoS) attacks once successfully exploited. It affects Android versions <4.0.1 Jelly Bean to 5.1.1 Lollipop.

Attackers need to trick users into installing a malicious app or go to a malicious website in order to download the said bug on their devices.

"Stagefright" Android vulnerability (CVE-2015-3824)
 Severity:    
 Advisory Date:  31 Jul 2015

This Android vulnerability known as “Stagefright” can be leveraged by attackers to install a malware on Android devices via a multimedia message (MMS). It affects versions of Android from 4.0.1 to 5.1.1. The said vulnerability, designated with CVE-2015-3824, resides in mediaserver component, which is for handling open media files.

Mozilla Firefox Vulnerability (CVE-2015-0817)
 Severity:    
 Advisory Date:  30 Jul 2015

This flaw allows remote attackers to read or write to memory thus allowing the execution of arbitrary code via crafted JavaScript. As such, it compromises the security of the system.

This zero-day vulnerability emerged in the Hacking Team leak, which could allow attackers to have remote control of the affected system when exploited successfully. In addition, affected systems can be potentially infected with rootkits and bootkits.
Adobe Flash Player Vulnerability (CVE-2015-3104)
 Severity:    
 Advisory Date:  27 Jul 2015
This Adobe Flash vulnerability is used by Angler Exploit Kit as a starting point in the infection chain that spreads a Point-of-Sale (PoS) malware reconnaissance. Trend Micro detects this PoS malware as TROJ_RECOLOAD.A that checks if the infected system is a PoS machine or part of the PoS network.
Arbitrary Memory Read in Libxslt (CVE-2012-2825)
 Severity:    
 Advisory Date:  21 Jul 2015
This vulnerability assigned with CVE-2012-2825 is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.

This vulnerability is assigned as CVE-2015-2426 and is described as the following:

Buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Driver Vulnerability."

Arbitrary Memory Read in Libxslt (CVE-2012-2871)
 Severity:    
 Advisory Date:  21 Jul 2015
This vulnerability is related to the Hacking Team leak, which exposed the RCSAndroid code. The said malicious code could potentially allow surveillance operations for cybercriminals. Based on our investigation, one of the methods that attackers used to lead users into downloading RCSAndroid is to send a specially crafted URL to the recipients/users via SMS or email.
Linux Kernel Futex Local Privilege Escalation (CVE-2014-3153)
 Severity:    
 Advisory Date:  16 Jul 2015
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.