Consortium Publishes Manifesto on Autonomous Vehicle Security

Intel, Uber and IoT company Aeris have joined forces in an effort aimed at fostering industry cooperation when it comes to building safety features into autonomous vehicles and the systems that support them. Today the group, which goes by the name Future of Automotive Security Technology Research...

Incident Detection and Investigation - How Math Helps But Is Not Enough

I love math. I am even going to own up to having been a "mathlete" and looking forward to the annual UVM Math Contest in high school. I pursued a degree in engineering, so I can now more accurately say that I love applied mathematics, which have a much different goal than pure mathematics. Taking...

Data Not Displayed Under Gateway Insight Node of NetScaler MAS

No data is displaced under the Analytics Gateway Insight node of the NetScaler MAS GUI...

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

CVE-2016-0217

CVE-2016-0217 is a stored cross-site scripting vulnerability in IBM Cognos Business Intelligence and IBM Cognos Analytics caused by improper validation of user input. A remote attacker could inject malicious script into a page viewed by an authenticated user, potentially stealing cookie-based cre...

CVE-2016-0218

CVE-2016-0218 affects IBM Cognos Business Intelligence/IBM Cognos Analytics (and related TM1 advisories) with a cross-site scripting vulnerability caused by improper validation of user input. A remote attacker can entice a user to click a crafted URL, triggering script execution in the victim’s b...

CVE-2016-8215

EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system...

CVE-2016-8215

EMC RSA Security Analytics affected versions 10.5.3 and 10.6.2 contain a Reflected Cross‑Site Scripting vulnerability. A remote attacker could potentially exploit this to compromise the affected system. The vulnerability is addressed by fixes in 10.5.3 and 10.6.2.

HackerOne: Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com

Greetings, I believe I may have found a way to bypass CSP on hackerone.com The issue lies here: img-src 'self' data: www.google-analytics.com As you can imagine, how can image tags be used maliciously here to this safe site? Well, as you know, on google-analytics.com we have the ability to host...

kcore-analytics.com XSS vulnerability

Vulnerable URL: http://www.kcore-analytics.com/searching/?keyword=twerp'"...

SA139 : November 2016 NTP Security Vulnerabilities

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can modify the targets system time, prevent the target from synchronizing its time, cause denial of service through...

SonicWall Global Management System (GMS) / Universal Management Suite (USM) / Analyzer / Analytics Detection (HTTP)

HTTP based detection of Dell SonicWALL Global Management System GMS / Universal Management Suite USM / Analyzer / Analytics. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2016-9247

Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel TMM to restart...

CVE-2016-9247

Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel TMM to restart...

CVE-2016-9247

Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel TMM to restart...

CVE-2016-9247

CVE-2016-9247 affects F5 BIG-IP TMM when a virtual server uses a FastL4 profile with a TCP analytics profile; a specific packet sequence can cause TMM restart, potentially disrupting traffic or causing failover. The F5 advisory lists vulnerable versions (e.g., BIG-IP LTM 12.1.0–12.1.1 and other a...

Shopify: apps.shopify.com - CSRF token leakage through Google Analytics

Description: When a user tries to send a support a message to an app developer in apps.shopify.com , he will be asked to login and once he is logged in , he will be redirected to apps.shopify.com/appid?authenticitytoken=currentuserauthenticitytoken. Developers can track their app page view in...

Western Digital MyCloud NAS Remote Command Injection Vulnerability

Western Digital MyCloud NAS is a personal cloud storage device. Western Digital MyCloud NAS version 2.11.142 suffers from a remote command injection vulnerability in /web/googleanalytics.php, which allows an attacker to execute arbitrary commands with root privileges via the arg parameter within...

CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...