# SANS ISC

# threatpost.com

# Reddit netsec

# Krebs On Security

  • ‘Money Mule’ Gangs Turn to Bitcoin ATMs Thu, 29 Sep 2016 17:28:59 +0000
    Fraudsters who hack corporate bank accounts typically launder stolen funds by making deposits from the hacked company into accounts owned by "money mules," willing or unwitting dupes recruited through work-at-home job scams. The mules usually are then asked to withdraw the funds in cash and wire the money to the scammers. Increasingly, however, the mules are being instructed to remit the stolen money via Bitcoin ATMs.
  • Inside Arizona’s Pump Skimmer Scourge Tue, 27 Sep 2016 21:06:45 +0000
    Crooks who deploy skimming devices made to steal payment card details from fuel station pumps don't just target filling stations at random: They tend to focus on those that neglect to deploy various tools designed to minimize such scams, including security cameras, non-standard pump locks and tamper-proof security tape. But don't take my word for it: Here's a look at fuel station compromises in 2016 as documented by the state of Arizona, which has seen a dramatic spike in fuel skimming attacks over the past year.
  • The Democratization of Censorship Sun, 25 Sep 2016 11:58:47 +0000
    John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it”. This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely powerful cyber weapons with transnational reach.

# Bruce Schneier's blog

# WIRED Threat Level

# exploit-db.com

# Securiteam

  • Oracle Advanced Collections 12.1.1 Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    Oracle Advanced Collections is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle E-business Suite 12.2.5 Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    Oracle E-business Suite is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Glassfish Server Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    Oracle Glassfish Server is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Knowledge Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    Oracle Knowledge is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Mysql CPU Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    Oracle Mysql is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Peoplesoft Enterprise Peopletools 8.53 Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    Oracle Peoplesoft Enterprise Peopletools is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Retail Order Broker Cloud Service 15.0 Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    Oracle Retail Order Broker Cloud Service is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Webcenter Sites 11.1.1.8 Remote Code Execution Vulnerability Tue, 27 Sep 2016 00:00 GMT
    is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Adobe Acrobat 11.0.16 Denial Of Service Execute Code Overflow Memory Corruption Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Adobe Acrobat is prone to a denial of service (DoS) vulnerability.This allow a remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources via certain vulnerable vectors. Adobe Acrobat is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. Adobe Acrobat is prone to a overflow vulnerability.This allows a remote attackers to execute arbitrary code via crafted packets and cause a denial of service (memory corruption). Adobe Acrobat is prone to a memory corruption vulnerability.This allows a remote attacker to run a arbitrary code in context of a logged in user. It might cause a denial of service conditions if the attack fails.
  • Adobe Flash Player 11.2.202.626 ChromeOS Execute Code Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
  • Apple Iphone Os 9.3.2 Bypass a restriction or similar Obtain Information Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Apple Iphone Os is prone to a bypass vulnerability. This allow an attacker to bypass detection or blocking system, which could allow malware to pass through the system undetected
  • Apple Mac Os X 10.11.5 Denial Of Service Execute Code Overflow Memory corruption Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Apple Mac Os X is prone to a denial of service (DoS) vulnerability.This allow a remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources via certain vulnerable vectors.
  • Apple Mac Os X 10.11.5 Window Gain privileges Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Apple Mac Os X is prone to a gain information vulnerability.This allows local or remote attackers to gain privileges via a malicious program in the affected application
  • Apple Webkit Remote Code Execution Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Apple Webkit is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Google Android 6.0.1 Nexus 5 Gain privileges Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Google Android is prone to a gain privilege vulnerability. This allow local or remote attackers to gain privileges via a crafted application.
  • Google Android Android MediaTek Gain privileges Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Google Android is prone to a gain privilege vulnerability. This allow local or remote attackers to gain privileges via a crafted application.
  • Google Android Android One Gain privileges Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Google Android is prone to a gain privilege vulnerability. This allow local or remote attackers to gain privileges via a crafted application.
  • Google Android Qualcomm Overflow Gain privileges Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Google Android is prone to a overflow vulnerability.This allows a remote attackers to execute arbitrary code via crafted packets and cause a denial of service (memory corruption)
  • Oracle Enterprise Communications Broker Remote Code Execution Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Oracle Enterprise Communications Broker is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.
  • Oracle Flexcube Direct Banking 12.0.1 Remote Code Execution Vulnerability Wed, 28 Sep 2016 00:00 GMT
    Oracle Flexcube Direct Banking is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.