Announcements

VMware Security Advisories

VMSA-2016-0020

vRealize Operations update addresses REST API deserialization vulnerability.

VMware has released a security update to address a vulnerability in vRealize Operations. Exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

RCE Flaw Found in Bopup Enterprise Messaging Tool

Trustwave has disclosed an unpatched remote code execution (RCE) vulnerability affecting Bopup Communication Server, a solution that allows enterprises to manage and control their IM communications.

The flaw, discovered by Trustwave researcher Neil Kettle, is a buffer overflow related to how packets sent to the remote administration port on 19809/TCP, one of the two ports used by Bopup Communications Server, are handled and parsed prior to authentication. The security hole can be exploited by sending specially crafted packets to the application.

"Dirty COW" Linux Kernel Exploit Seen in the Wild

A new Linux kernel vulnerability disclosed on Wednesday allows an unprivileged local attacker to escalate their privileges on a targeted system. Red Hat said it was aware of an exploit in the wild.

The vulnerability, discovered by Phil Oester, was sarcastically dubbed by some people “Dirty COW” due to the fact that it’s caused by a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings.

WordPress.com Pushes Free HTTPS to All Hosted Sites

WordPress.com has announced free HTTPS for all custom domains that it hosts, including blogs and websites.

The switch to the new security enhancement is automatic, meaning that blog and site owners will immediately benefit from encryption. Furthermore, all new sites will benefit from encryption automatically within minutes, thus ensuring that users are provided only with secured, HTTPS traffic.

New eMail Security Standard Proposed

Engineers from major email service providers, including Google, Microsoft, and Comcast, have developed a new standard to bolster email security. 

The SMTP Strict Transport Security "is a mechanism enabling email service providers to declare their ability to receive TLS-secured connections, to declare particular methods for certificate validation, and to request sending SMTP servers to report upon and/or refuse to deliver messages that cannot be delivered securely."

Pages