Bruce Schneier on Surveillance at Source Boston keynote

BOSTON – History is not entirely kind to those responsible for the Industrial Age in the 19th century. How, for example, were the consequences of industrial innovation such as pollution largely ignored? Flash forward to today’s digital age and ask the same question: How are those responsible for...

Threat Outbreak Alert: Fake Debt Collection Notification Email Messages on April 8, 2014

Medium Alert ID: 33697 First Published: 2014 April 8 16:40 GMT Last Updated: 2014 April 9 12:24 GMT Version: 2 Summary Cisco Security has detected significant activity related to Spanish-language spam email messages that claim to contain a debt collection notice for the recipient. The text in the...

Splunk collect file Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the advanced search...

How to Collect Logs for Veeam ONE

Purpose This article documents the process for gathering diagnostic logging from Veeam ONE. Solution Collecting Veeam ONE Logs 1. Open the Veeam ONE Settings Utility Run: C:\Program Files\Common Files\Veeam\Veeam ONE Settings\VeeamOneSettings.exe 2. In the lower-left corner, clickExport Logs 3. Y...

Clapper: NSA Queries Databases for Information on U.S. Persons

UPDATE–The NSA searches the data it collects incidentally on Americans, including phone calls and emails, during the course of terrorism investigations. James Clapper, the director of national intelligence, confirmed the searches in a letter to Sen. Ron Wyden, the first time that such actions hav...

Check_MK跨站请求伪造漏洞(CVE-2014-2330)

BUGTRAQ ID:66389 CVE ID:CVE-2014-2330 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在跨站请求伪造漏洞，成功利用后可使远程攻击者在受影响浏览器上下文中执行未授权操作。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序： http://mathias-kettner.de...

Firefox Gather Cookies from Privileged Javascript Shell

This module allows collection of cookies from a Firefox Privileged Javascript Shell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Firefox Gather Cookies from Privileged...

Check_MK 任意文件删除漏洞(CVE-2014-2332)

BUGTRAQ ID:66396 CVE ID:CVE-2014-2332 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在任意文件删除漏洞，成功利用后可使远程攻击者删除受影响应用上下文内的任意文件。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://mathias-kettner.de...

Check_MK 多个HTML注入和跨站脚本漏洞(CVE-2014-2329)

BUGTRAQ ID:66391 CVE ID:CVE-2014-2329 CheckMK是一款通用的Nagios/Icinga数据采集插件。 CheckMK 1.2.2p2及其他版本在实现上存在多个HTML注入漏洞和跨站脚本漏洞，成功利用后可使远程攻击者在受影响浏览器上下文中运行上传的HTML和脚本代码。 0 mathias-kettner checkmk 1.2.2p2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://mathias-kettner.de...

White House Proposal Would End NSA Metadata Program

Privacy advocates are cautiously applauding the reports that the Obama administration will unveil a legislative proposal to end the National Security Agency’s collection of Americans’ bulk phone records, but are concerned what the fine print on that proposal might hold. “Given all the various way...

Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...

USN-2151-1: Thunderbird vulnerabilities

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...

Mozilla: Use-after-free in TypeObject (MFSA 2014-30)

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

NSA RETRO Tool Collects Content of Phone Calls

The latest in the slow but steady trickle of leaks dripping out of NSA whistleblower Edward Snowden reportedly shows that the U.S. spying agency has the capacity to recall entire foreign phone call conversations for as long a month after the fact. The program, according to a Washington Post repor...

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

Design/Logic Flaw

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage...

Firefox ESR 24.x < 24.4 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is prior to 24.4 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist that could lead to arbitrary code execution. CVE-2014-1493, CVE-2014-1494 - A flaw exists in the checkHandshake function due to improper...

Ubuntu 12.04 LTS / 12.10 / 13.10 : firefox vulnerabilities (USN-2150-1)

Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker...