[SECURITY] [DSA 3331-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq -...

RCSAndroid — Advanced Android Hacking Tool Leaked Online

As digging deeper and deeper into the huge Hacking Team data dump, security researchers are finding more and more source code, including an advanced Android Hacking Tool. Yes, this time researchers have found a source code to a new piece of weaponized android malware that had the capability to...

IniNet Solutions SCADA Web Server Vulnerabilities

OVERVIEW Kirill Nesterov and Aleksandr Timorin of Positive Technologies have identified three vulnerabilities in IniNet Solutions GmbH’s SCADA Web Server. IniNet Solutions GmbH has produced a new version that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely...

Hacking Team and Boeing Built Cyber Weaponized Drones to Spy on Targets

The leaked internal emails from the Italian surveillance software company Hacking Team have revealed that the spyware company developed a robotic aircraft designed to attack computers and smartphone devices through Wi-Fi networks. Over a year ago, some security researchers developed a drone calle...

The Truman show: the Ｈacking Team Win32 monitor code analysis-vulnerability warning-the black bar safety net

Hacking Team,an Italian software company. Their company is mainly to governments and legal bodies selling intrusion and surveillance software. 7 on the 5th night by the hacker attack, 400G of information were to leak, 0Day, various exploits also together is known around the world know, which is t...

Hacking Team Promises to Rebuild RCS

The aftermath of the Hacking Team attack raised legitimate questions about the controversial Italian surveillance software vendor’s long-term viability. With reams of sensitive internal data and intellectual property posted online, how could the company survive? For now, however, the company seem...

CVE-2015-4219

The CVE-2015-4219 issue affects Cisco Secure Access Control System and Cisco Identity Services Engine. The root cause is improper access control for support bundles, allowing an authenticated remote attacker to brute-force credentials and download the bundle contents, potentially leading to infor...

CVE-2015-0768

The Device Work Center DWC component in Cisco Prime Network Control System NCS 2.10.0.85, 2.20.0.58, and 2.20.0.69 does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371...

CVE-2015-0768

The Device Work Center DWC component in Cisco Prime Network Control System NCS 2.10.0.85, 2.20.0.58, and 2.20.0.69 does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371...

Cisco Prime Network Control System Unauthorized Configuration Vulnerability

A vulnerability in the authentication, authorization, and accounting AAA user roles of the Cisco Prime Network Control System NCS network management application could allow an authenticated, remote attacker who is logged in as a system monitor user to perform configuration tasks. The vulnerabilit...

CVE-2015-0744

Cisco DTA Control System DTACS 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service CPU and memory consumption, and TCP service outage via 1 a SYN flood or 2 another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and...

Design/Logic Flaw

Cisco DTA Control System DTACS 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service CPU and memory consumption, and TCP service outage via 1 a SYN flood or 2 another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and...

CVE-2015-0744

The CVE affects Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release. It is caused by a lack of rate limiting in the TCP listener, enabling an unauthenticated remote attacker to trigger a denial-of-service via a TCP flood (e.g., SYN flood) that can exhaust CPU/memory and disr...

CVE-2015-0744

Cisco DTA Control System DTACS 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service CPU and memory consumption, and TCP service outage via 1 a SYN flood or 2 another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and...

Rockwell RSView32 Security Vulnerability Patched

Human machine interface software from Rockwell Automation has been patched, protecting users from a vulnerability in the way stored passwords are protected. The vulnerability was discovered in RSView32, versions 7.60.00 and earlier, according to an alert from the Industrial Control System Cyber...

Debian DSA-3257-1 : mercurial - security update

Jesse Hertz of Matasano Security discovered that Mercurial, a distributed version control system, is prone to a command injection vulnerability via a crafted repository name in a clone command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Open Smart Grid Protocol Homegrown Crypto Weaknesses

In the three years since its inception, the Open Smart Grid Protocol has found its way into more than four million smart meters and similar devices worldwide. And like its SCADA, industrial control system, and embedded system brethren, it’s rife with security issues. Two researchers, Phillip...

[SECURITY] Fedora 20 Update: ikiwiki-3.20150329-1.fc20

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

[SECURITY] Fedora 21 Update: ikiwiki-3.20150329-1.fc21

Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages suitable for publishing on a website. Ikiwiki stores pages and history in a revision control system such as Subversion or Git. There are many other features, including support for blogging, as well as a large array of plugins...

The vulnerability of Cisco ACS’s microprogramming software allows a remote attacker to execute arbitrary code.

The vulnerability of the ACS View interface allows a remote authenticated user with administrator privileges to execute arbitrary SQL commands using specially crafted HTTPS requests...