[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
 
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition
 

Google is warning prominent journalists and professors that nation-sponsored hackers have recently targeted their accounts, according to reports delivered in the past 24 hours over social media.

The people reportedly receiving the warnings include Nobel Prize-winning economist and New York Times columnist Paul Krugman, Stanford University professor and former US diplomat Michael McFaul, GQ correspondent Keith Olbermann, and according to this tweet, Politico, Highline, and Foreign Policy contributor/columnist Julia Ioffe; New York Magazine reporter Jonathan Chait; and Atlantic magazine writer Jon Lovett. Reports of others receiving the warnings are here and here. Many of the reports included banners that Google displayed when account holders logged in. Ars spoke to someone who works for a well-known security company who also produced an image of a warning he received. The person said he was aware of a fellow security-industry professional receiving the same warning.

One of the red banners included large white text that stated: "Warning: Google may have detected government-backed attackers trying to steal your password." It included a link that led to advice for securing accounts. Some of the people who received the warning reported their accounts were protected by two-factor authentication, which requires a piece of cryptographic hardware or a one-time password that's sent through a mobile device. Google has been sending warnings of nation-sponsored hacking attempts since 2012.

Read 3 remaining paragraphs | Comments

 
LXC CVE-2016-8649 Directory Traversal Vulnerability
 
Wordpress csv2wpec-coupon Plugin CVE-2015-1000013 Arbitrary File Upload Vulnerability
 
WordPress mypixs Plugin CVE-2015-1000012 Local File Include Vulnerability
 
Oracle Java SE CVE-2016-5542 Remote Security Vulnerability
 
Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability
 
MoinMoin Multiple HTML Injection Vulnerabilities
 
Oracle Java SE CVE-2016-5554 Remote Security Vulnerability
 
Oracle Java SE CVE-2016-5556 Remote Security Vulnerability
 
Oracle Java SE CVE-2016-5597 Remote Security Vulnerability
 
Foxit Reader and PhantomPDF Multiple Security Vulnerabilities
 
TestDisk 'Check_OS2MB()' Method Stack Buffer Overflow Vulnerability
 
Oracle Java SE CVE-2016-5582 Remote Security Vulnerability
 
Python smtplib CVE-2016-0772 Man in the Middle Security Bypass Vulnerability
 
CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details
 
Memcached Multiple Integer Overflow Vulnerabilities
 
Python 'urrlib2/urllib/httplib/http.client' HTTP Header Injection Vulnerability
 
Python CVE-2016-5636 Heap Buffer Overflow Vulnerability
 
TP-LINK TL-WA5210G Buffer Overflow and Information Disclosure Vulnerabilities
 
VMware Identity Manager and vRealize Automation CVE-2016-5334 Information Disclosure Vulnerability
 
Fortinet FortiOS CVE-2016-8492 Information Disclosure Vulnerability
 
[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks
 
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
 
SAP NetWeaver Application Server Java XML External Entity Denial of Service Vulnerability
 
SAP NetWeaver Application Server Java Denial of Service Vulnerability
 
Multiple Siemens Products Cross Site Request Forgery and Information Disclosure Vulnerabilities
 
QEMU 'get_cmd()' Function Denial of Service Vulnerability
 
Internet Storm Center Infocon Status