PingID (MFA) - Reflected Cross-Site Scripting
[slackware-security] kdelibs (SSA:2017-136-02)
Linux Kernel 'net/core/sock.c' Multiple Local Memory Corruption Vulnerabilities
Linux Kernel CVE-2017-6348 Local Denial of Service Vulnerability has a new message for visitors using private mode.

The Boston Globe website is closing off a hole in its paywall by preventing visitors who aren't logged in from reading articles in a browser's private mode.

"You're using a browser set to private or incognito mode" is the message given to visitors who click on articles in private mode. "To continue reading articles in this mode, please log in to your Globe account." People who aren't already Globe subscribers are urged to subscribe.

Like other news sites, the Globe limits the number of articles people can read without a subscription. Until the recent change, Globe website visitors could read more articles for free by switching to private or incognito mode. (You can still get a new supply of free articles by clearing the Globe's cookies from your browser.)

Read 11 remaining paragraphs | Comments


Enlarge (credit: Ed Westcott / American Museum of Science and Energy)

New hope glimmered on Friday for people hit by last week's virulent ransomware worm after researchers showed that a broader range of PCs infected by WCry can be unlocked without owners making the $300 to $600 payment demand.

A new publicly available tool is able to decrypt infected PCs running Windows XP and 7, and 2003, and one of the researchers behind the decryptor said it likely works for other Windows versions, including Vista, Server 2008, and 2008 R2. The tool, known as wanakiwi, builds off a key discovery implemented in a different tool released Thursday. Dubbed Wannakey, the previous tool provided the means to extract key material from infected Windows XP PCs but required a separate app to transform those bits into the secret key required to decrypt files.

Matt Suiche, cofounder of security firm Comae Technologies, helped develop and test wanakiwi and reports that it works. Europol the European Union's law-enforcement agency, has also validated the tool. Suiche has published technical details here, and provided the following screenshot of the tool in action:

Read 6 remaining paragraphs | Comments

WordPress Prior to 4.7.5 Multiple Security Vulnerabilities
RedHat JBoss Enterprise Application Platform XML External Entity Injection Vulnerability
Google Android Qualcomm Components CVE-2014-9925 Unspecified Security Vulnerabilities
[SECURITY] [DSA 3856-1] deluge security update
[security bulletin] HPESBGN03748 rev.1 - HPE Cloud Optimizer, Remote Disclosure of Information
Internet Storm Center Infocon Status