February 3, Softpedia – (International) Security flaws in SerVision HVG video gateway grant access to the web interface. Researchers with the Computer Emergency Response Team Coordination Center at Carnegie Mellon University (CERT/CC) reported that two high-severity vulnerabilities in SerVision’s HVG video gateway product series which could allow unauthorized access to the unit’s web interface and enable users to log into the web interface with administrative rights were resolved in the latest revision of the firmware. The privilege elevation danger has yet to be mitigated. Source
February 2, Securityweek – (International) Dyre banking trojan uses worm to spread via Microsoft Outlook. Researchers at Trend Micro discovered a new variant of the Dyre (Dyreza) malware in the form of a spam email containing the Upatre downloader that propagates itself via a worm that uses Microsoft Outlook to send emails to targets, including 355 sites belonging primarily to banks and Bitcoin wallets. Source