SPECIAL STATE PROTECTION SERVICE
SPECIAL COMMUNICATION AND INFORMATION
SECURITY STATE AGENCY

COMPUTER EMERGENCY
RESPONSE CENTER

AZ EN
Report Incident

NEWS

Mezzo banking trojan gathers financial data for further campaigns

Mezzo banking trojan gathers financial data for further campaigns
1.4 Billion Clear Text Credentials Discovered in a Single Database

1.4 Billion Clear Text Credentials Discovered in a Single Database
Baku hosts 9th Annual International Conference on cyber security

Baku hosts 9th Annual International Conference on cyber security
Critical IOS Flaws Expose Cisco Devices to Remote Attacks

Critical IOS Flaws Expose Cisco Devices to Remote Attacks
title Password Generator
title Secure password
title My IP address
title Infected IP
title Malware Lab
title CVSS

ARTICLES

Android Trojanized Adware 'Shedun' Infections Surge

Android Trojanized Adware 'Shedun' Infections Surge
Google Tests Post-Quantum Crypto

Google Tests Post-Quantum Crypto
D-Link Bug Could Affect Over 400,000 IoT Devices

D-Link Bug Could Affect Over 400,000 IoT Devices
Trojanized Remote-Access Tool Spreads Malware

Trojanized Remote-Access Tool Spreads Malware

BUGTRACK

BMW web portal vulns pose car hack risk – researchers

Two unpatched vulnerabilities in BMW's ConnectedDrive web portal create a mechanism to manipulate car settings, a security researcher warns.

Food chain Wendy's hit by massive hack

Popular US food chain Wendy's has been hit by a massive cyber attack, the company has confirmed.

Facebook Messenger is getting end-to-end encryption

SOCIAL NETWORK Facebook, a firm not usually commended for its privacy-aware efforts, has revealed that it's started to test end-to-end encryption on the Messenger service.

Malaysia-based credit card fraud ring broken, 105 arrested

A total of 105 credit card fraud suspects have been arrested in Asia and Europe following a complex months-long investigation across two continents.

Symantec admits it won't patch 'catastrophic' security flaws until mid-July

SECURITY OUTFIT Symantec has warned customers that security flaws in the firm's systems outed by Google's Project Zero last month won't be fixed until mid-July.

Palo Alto offers $16,000 in looming CTF hack off

In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials.

JS/TrojanDownloader.FakejQuery
----

JS/TrojanDownloader.FakejQuery.A is a trojan that redirects the browser to a specific URL location with malicious software.

Win32/Filecoder.CryptProjectXXX
----

Win32/Filecoder.CryptProjectXXX.E is a trojan that encrypts files on fixed, removable and network drives.

MSIL/Agent.OJF
----

MSIL/Agent.OJF is a trojan that redirects results of online search engines to specific web sites.

Win32/Spy.Banker
----

Win32/Spy.Banker.ACJB is a trojan that steals sensitive information.

CVE

CVE-2017-9303: Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.

CVE-2017-9302: RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.

CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.

CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.