Microsoft has released [1] an advance notification for the August patchday. This month, 9 security bulletins are being published: 2 rated as critical allowing remote code execution in Internet Explorer, Windows Media Center Pack and Windows 7 rated as important […]
A new Trojan mainly composed of Node.js and native C++ code currently targets a few French online banking website. This Trojan, embedded in a bootkit from the Cidox/Rovnix family, fully qualifies as a banking malware; and more so by inheriting […]
Microsoft has released [1] an advance notification for the july patchday. This month, 6 security bulletins are being published: 2 rated as critical allowing remote code execution in Internet Explorer and Windows 3 rated as important allowing elevation of privilege […]
Following our blog post “OpenSSL: the bleeding continues“, published on June 5th, CERT-LEXSI performed a deeper analysis of vulnerability CVE-2014-0195. As a reminder, CVE-2014-0195 is a potential code execution vulnerability due to a heap-based buffer overflow in the “dtls1_reassemble_fragment()” function […]
Two new critical vulnerabilities on OpenSSL, that’s not yet doomsday but for those of you with specific configuration (DTLS with OpenSSL on the server and client side) you might be impacted. It isn’t so long ago that OpenSLL was on […]
English
Français