[security bulletin] HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Multiple Remote Vulnerabilities
[CVE-2016-7098] GNU Wget < 1.18 Access List Bypass / Race Condition

Google is warning prominent journalists and professors that nation-sponsored hackers have recently targeted their accounts, according to reports delivered in the past 24 hours over social media.

The people reportedly receiving the warnings include Nobel Prize-winning economist and New York Times columnist Paul Krugman, Stanford University professor and former US diplomat Michael McFaul, GQ correspondent Keith Olbermann, and according to this tweet, Politico, Highline, and Foreign Policy contributor/columnist Julia Ioffe; New York Magazine reporter Jonathan Chait; and Atlantic magazine writer Jon Lovett. Reports of others receiving the warnings are here and here. Many of the reports included banners that Google displayed when account holders logged in. Ars spoke to someone who works for a well-known security company who also produced an image of a warning he received. The person said he was aware of a fellow security-industry professional receiving the same warning.

One of the red banners included large white text that stated: "Warning: Google may have detected government-backed attackers trying to steal your password." It included a link that led to advice for securing accounts. Some of the people who received the warning reported their accounts were protected by two-factor authentication, which requires a piece of cryptographic hardware or a one-time password that's sent through a mobile device. Google has been sending warnings of nation-sponsored hacking attempts since 2012.

Read 3 remaining paragraphs | Comments

LXC CVE-2016-8649 Directory Traversal Vulnerability
Wordpress csv2wpec-coupon Plugin CVE-2015-1000013 Arbitrary File Upload Vulnerability
WordPress mypixs Plugin CVE-2015-1000012 Local File Include Vulnerability
Oracle Java SE CVE-2016-5542 Remote Security Vulnerability
Multiple Samsung Galaxy Product CVE-2016-9567 Security Bypass Vulnerability
MoinMoin Multiple HTML Injection Vulnerabilities
Oracle Java SE CVE-2016-5554 Remote Security Vulnerability
Oracle Java SE CVE-2016-5556 Remote Security Vulnerability
Oracle Java SE CVE-2016-5597 Remote Security Vulnerability
Foxit Reader and PhantomPDF Multiple Security Vulnerabilities
TestDisk 'Check_OS2MB()' Method Stack Buffer Overflow Vulnerability
Oracle Java SE CVE-2016-5582 Remote Security Vulnerability
Python smtplib CVE-2016-0772 Man in the Middle Security Bypass Vulnerability
CVE-2015-1251: Chrome blink Speech­Recognition­Controller use-after-free details
Memcached Multiple Integer Overflow Vulnerabilities
Python 'urrlib2/urllib/httplib/http.client' HTTP Header Injection Vulnerability
Python CVE-2016-5636 Heap Buffer Overflow Vulnerability
TP-LINK TL-WA5210G Buffer Overflow and Information Disclosure Vulnerabilities
VMware Identity Manager and vRealize Automation CVE-2016-5334 Information Disclosure Vulnerability
Fortinet FortiOS CVE-2016-8492 Information Disclosure Vulnerability
[SYSS-2016-072] Olympia Protect 9061 - Missing Protection against Replay Attacks
[SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
SAP NetWeaver Application Server Java XML External Entity Denial of Service Vulnerability
SAP NetWeaver Application Server Java Denial of Service Vulnerability
Multiple Siemens Products Cross Site Request Forgery and Information Disclosure Vulnerabilities
QEMU 'get_cmd()' Function Denial of Service Vulnerability
Internet Storm Center Infocon Status