(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM WebSphere Application Server CVE-2017-1151 Remote Privilege Escalation Vulnerability
 
Cybozu KUNAI CVE-2017-2109 Information Disclosure Vulnerability
 
Uninett mod_auth_mellon Module CVE-2017-6807 Authentication Bypass Vulnerability
 
Hitek Software Automize CVE-2016-10101 Information Disclosure Vulnerability
 
Google Android Qualcomm components Multiple Unspecified Security Vulnerabilities
 
Google Android Qualcomm Wi-Fi Driver Multiple Privilege Escalation Vulnerabilities
 
Google Android MediaTek Video Codec Driver CVE-2017-0532 Information Disclosure Vulnerability
 
Google Nexus Qualcomm Camera Driver CVE-2017-0452 Information Disclosure Vulnerability
 
Google Nexus HTC Sound Codec Driver CVE-2017-0535 Information Disclosure Vulnerability
 
Google Nexus Synaptics Touchscreen Driver CVE-2017-0536 Information Disclosure Vulnerability
 
Google Android Kernel USB Gadget Driver CVE-2017-0537 Information Disclosure Vulnerability
 
Google Nexus Qualcomm Camera Driver CVE-2016-8417 Privilege Escalation Vulnerability
 
IBM Rational Rhapsody Design Manager CVE-2016-9698 XML External Entity Injection Vulnerability
 
IBM Rational Rhapsody Design Manager CVE-2016-9696 HTML Injection Vulnerability
 
IBM Rational Rhapsody Design Manager CVE-2016-8973 Arbitrary File Upload Vulnerability
 
IBM Rational Rhapsody Design Manager CVE-2016-9697 Information Disclosure Vulnerability
 

Yahoo CEO Marissa Mayer seen at the Fortune Global Forum on November 3, 2015 in San Francisco. (credit: Getty Images | Justin Sullivan)

In filings with the Securities and Exchange Commission today, Yahoo laid out the severance packages for executives that will be leaving the company as it sheds its Internet business chrysalis and emerges as an Alibaba stock-holding company moth called Altaba. Marissa Mayer, Yahoo's chief executive officer, will receive a package of cash, stock, and benefits valued at a total of $23,011,325 at the completion of the deal, according to Yahoo's proxy statement. Of that, $3 million will be in cash.

Lisa Utzschneider, Yahoo's chief revenue officer, will receive a $16,536,363 severance package. Ken Goldman, Yahoo's chief financial officer, will get a $9,478,568 farewell. Yahoo cofounder David Filo will get $15,000 in cash and two years' worth of continued health insurance. Ronald Bell, Yahoo's general counsel, resigned on March 1; he gets no golden parachute.

The proxy statement filing is a preliminary copy of what will be sent to Yahoo shareholders in advance of the as-of-yet-unannounced special meeting to approve the Verizon acquisition of Yahoo's Internet business—a deal that lost $350 million of its value as the result of a string of data breaches uncovered during audits of Yahoo's systems. Mayer and other Yahoo executives reportedly knew of some of the breaches, which were blamed on a "state actor," well before the acquisition began. But users were still being informed of potential exposure of personal data because of an attacker using cookies forged to bypass user authentication as of February 17.

Read on Ars Technica | Comments

 

Back in 2005, I wrote a perl script to calculate multiple cryptographic hashes for me. We had md5sum and sha1sum, but I wanted a single script that could calculate whichever one I wanted or all of them at the same time. Well, the weekend before last, I rewrote it in Python[1] and added SHA3 support. Ive added it to my githup scripts repo[2].I also added the -r switch to the Python version, so that it can be used to recursively hash all the files in a directory a la Jesse Kornblums hashdeep suite. Also, for consistency with Jesses recent release of his beta of sha3deep[3], I chose to use SHA3-384 for my SHA3 hash choice (in preliminary testing I had been using SHA3-256, but that could have been confused with SHA2-256 aka SHA256 as currently used by VirusTotal, etc.). By default, it will calculate all 5 hashes, or you can specify which ones you want with command-line switches. For example, sigs.py -m will give you output that should be identical to md5sum. Also, without the -f switch, it will show relative paths, with it, it will show full path. Enjoy.

[email protected][510]$ sigs.py -h
usage: sigs.py [-h] [-V] [-r] [-a] [-m] [-s] [-2] [-3] [-5] [-f] [-b blk]
FILE [FILE ...]

Calculate hashes

positional arguments:
FILE files to hash

optional arguments:
-h, --help show this help message and exit
-V, --version print version number
-r, --recursive recursive mode. All subdirectories are traversed
-a, --all All (MD5, SHA1, SHA256, SHA512, and SHA3-384), default
if no other options chosen
-m, --md5 MD5 signature (md5sum equivalent output)
-s, --sha1 SHA1 signature (sha1sum equivalent output)
-2, --sha256 SHA2 (aka SHA2-256) signature (sha256sum equivalent
output)
-3, --sha3 SHA3-384 signature
-5, --sha512 SHA512 (aka SHA2-512) signature (note: base64 encoded
rather than hex)
-f, --fullpath print full path rather than relative
-b blk, --block blk block size to read file, default = 65536

References

  1. https://github.com/clausing/scripts/blob/master/sigs.py
  2. https://github.com/clausing/scripts
  3. http://jessekornblum.livejournal.com/296308.html

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
dnaLIMS Multiple Security Vulnerabilities
 
IBM Rational Rhapsody Design Manager CVE-2016-9694 Cross Site Scripting Vulnerability
 
Azure Data Expert Ultimate CVE-2017-6506 Buffer Overflow Vulnerability
 
QEMU 'hw/usb/dev-smartcard-reader.c' Integer Overflow Vulnerability
 
Qemu CVE-2017-2620 Remote Code Execution Vulnerability
 
icoutils 'extract_icons()' Function Buffer Overflow Vulnerability
 
icoutils 'decode_ne_resource_id()' Function Buffer Overflow Vulnerability
 
icoutils 'simple_vec()' Function Buffer Overflow Vulnerability
 
Internet Storm Center Infocon Status