ATENTION‼ New - CVE-2012-5474
📖 Read
via "National Vulnerability Database".
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-2016
📖 Read
via "National Vulnerability Database".
A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-0264
📖 Read
via "National Vulnerability Database".
An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-0196
📖 Read
via "National Vulnerability Database".
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-5663
📖 Read
via "National Vulnerability Database".
The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp).📖 Read
via "National Vulnerability Database".
❌ 2020 Cybersecurity Trends to Watch ❌
📖 Read
via "Threatpost".
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.📖 Read
via "Threatpost".
Threat Post
2020 Cybersecurity Trends to Watch
Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.
🕴 Cybercrime's Most Lucrative Careers 🕴
📖 Read
via "Dark Reading: ".
Crime pays. Really well. Here's a look at just how much a cybercriminal can earn in a month.📖 Read
via "Dark Reading: ".
Dark Reading
Cybercrime's Most Lucrative Careers
Crime pays. Really well. Here's a look at just how much a cybercriminal can earn in a month.
❌ 7 Tips for Maximizing Your SOC ❌
📖 Read
via "Threatpost".
Use the seven points listed above to create an effective and efficient operational workflow and, importantly, happier analysts who aren't buried at the bottom of a pile of mostly irrelevant data.📖 Read
via "Threatpost".
Threat Post
7 Tips for Maximizing Your SOC
Use the seven points listed above to create an effective and efficient operational workflow and, importantly, happier analysts who aren't buried at the bottom of a pile of mostly irrelevant data.
🕴 Operational Technology: Why Old Networks Need to Learn New Tricks 🕴
📖 Read
via "Dark Reading: ".
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.📖 Read
via "Dark Reading: ".
Darkreading
Operational Technology: Why Old Networks Need to Learn New Tricks
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
🕴 Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group 🕴
📖 Read
via "Dark Reading: ".
'Thallium' nation-state threat group used the domains to target mostly US victims.📖 Read
via "Dark Reading: ".
Darkreading
Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group
'Thallium' nation-state threat group used the domains to target mostly US victims.
🔏 Is It Time To Outsource Your Data Security? 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
Access to advanced technology and expertise at a cost-effective price is making managed security services an increasingly attractive prospect for many organizations.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Is It Time To Outsource Your Data Security?
Access to advanced technology and expertise at a cost-effective price is making managed security services an increasingly attractive prospect for many organizations.
🔐 Wearable industrial tech is coming to a production line near you 🔐
📖 Read
via "Security on TechRepublic".
From VR training to heads-up schematics, industrial wearables may be the wave of the future.📖 Read
via "Security on TechRepublic".
TechRepublic
Wearable industrial tech is coming to a production line near you
From VR training to heads-up schematics, industrial wearables may be the wave of the future.
ATENTION‼ New - CVE-2013-4357
📖 Read
via "National Vulnerability Database".
The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2013-4161
📖 Read
via "National Vulnerability Database".
gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-3585
📖 Read
via "National Vulnerability Database".
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2004-2776
📖 Read
via "National Vulnerability Database".
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.📖 Read
via "National Vulnerability Database".
🛠 SQLMAP - Automatic SQL Injection Tool 1.4 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❤1
🕴 6 Security Team Goals for DevSecOps in 2020 🕴
📖 Read
via "Dark Reading: ".
Huge opportunities await security teams that are finally ready move the needle on security problems that have plagued organizations for years.📖 Read
via "Dark Reading: ".
Dark Reading
6 Security Team Goals for DevSecOps in 2020
Huge opportunities await security teams that are finally ready move the needle on security problems that have plagued organizations for years.
🕴 Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency 🕴
📖 Read
via "Dark Reading: ".
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.📖 Read
via "Dark Reading: ".
Dark Reading
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
❌ TikTok Banned By U.S. Army Over China Security Concerns ❌
📖 Read
via "Threatpost".
The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.📖 Read
via "Threatpost".
Threat Post
TikTok Banned By U.S. Army Over China Security Concerns
The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.
🕴 How Cybersecurity's Metrics of Misery Fail to Describe Cybercrime Pain 🕴
📖 Read
via "Dark Reading: ".
Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.📖 Read
via "Dark Reading: ".
Dark Reading
How Cybersecurity's Metrics of Misery Fail to Describe Cybercrime Pain
Dollars lost and data records exposed are valuable measurements, but the true pain of a cybersecurity incident goes far beyond that. We asked infosec pros how they put words to the pain they feel when their defenses fall apart.