CVE-2017-12852
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
Read MoreAuthor: Cyberthreat Blog
(Banker(GoogleChromeExtension)).targeting("Brazil"), (Tue, Aug 15th)
Introduction A new day, a new way to steal bank data in Brazil. Scammers are calling and urging victims to install a supposed update of the banks security module. In fact, it is a malicious extension of Google Chrome capable of...
Read MoreMalspam pushing Trickbot banking Trojan, (Tue, Aug 15th)
Introduction Ive been corresponding with @dvk01uk about malicious spam (malspam) pushing the Trickbot banking Trojan. Trickbot was first reported in the fall of 2016, and its been described as a successor to Dyreza (also known...
Read MoreCVE-2017-1190
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this...
Read MoreCVE-2016-6021
IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
Read More