Bountycraft at Nullcon 2017

Security is a critical component of our products at Microsoft. A strong emphasis on security is a persistent factor throughout our entire development process. Microsoft is committed to designing and developing secure software. Testing is performed both internally and by working closely with the...

Five Reasons Why I Joined Wallarm

By Johan Nordstrom The question of “what made you change jobs?” may be old, but the answer with my move to Wallarm is new and clear. I have a vision how to address the dynamic threat landscape of today and Wallarm’s innovative approach to security is in line with these ideas. In my 30 years caree...

Lenovo Customer Care Software Development Kit Local Elevation of Privilege Vulnerability

The Lenovo Customer Care Software Development Kit CCSDK is a set of pre-installed software for program maintenance use by the Chinese company Lenovo. A local elevation of privilege vulnerability exists in Lenovo Customer Care Software Development Kit. A local attacker could exploit this...

Android security development of started private components of vulnerability talking about-vulnerability warning-the black bar safety net

! 0x00 the private component talking about android applications, if a component of foreign export, then this component is a the attack surface. Most likely there is a lot of problems, because the attacker can in various ways to the components of the test attack. But developers are not necessarily...

Watch your home TV: Samsung re-trapping product of the crisis, the Tizen system is explosion 40 0-day-vulnerability warning-the black bar safety net

Samsung is currently the biggest crisis is what? Palm door Person Mr. Lee arrested for? Note7 explode? If this is not enough? Tizen operating systemonce to be disclosed 40 A 0-day, how? Strong enough? Samsung has been dedicated to making their products able to get rid of the Android system of...

USN-3254-1: Django vulnerabilities

It was discovered that Django incorrectly handled numeric redirect URLs. A remote attacker could possibly use this issue to perform XSS attacks, and to use a Django server as an open redirect. CVE-2017-7233 Phithon Gong discovered that Django incorrectly handled certain URLs when the...

Memory Corruption Mitigations Driving Up Exploit Development Costs

SINT MAARTEN—Memory corruption mitigations that have been integrated into major desktop and mobile operating systems are driving up the cost of client-side exploit development and making viable vulnerabilities scarcer than they were a decade ago. Mark Dowd, whose career has been intimately linked...

[SECURITY] Fedora 26 Update: R-3.3.3-1.fc26

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide varie...

Metasploit, [REDACTED] Edition

Why should REDACTED have all the fun with spiffy codenames for their exploits? As of today, Metasploit is taking a page from REDACTED, and equipping all Metasploit modules with equally fear-and-awe-inspiring codenames. Sure, there are catchy names for vulnerabilities -- we remember you fondly,...

Programmers are also people who also make mistakes

It's the first part of our talk with Daniil Svetlov at his radio show "Safe Environment" or "Safe Wednesday" - kind of wordplay in Russian recorded 29.03.2017. We were discussing why Software Vulnerabilities are everyone's problem. Full video in Russian without subtitles is available here. I adde...

FIVE MINUTES WITH: Judy Piper, Senior Engineering Manager, Akamai's Enterprise & Carrier Division

No matter what else she does in her day, Judy Piper is, first and foremost, a people manager. Her role as a senior engineering manager in the Enterprise business unit is all about empowering others, and her curiosity and fearlessness help her succeed. Judy recently answered a few questions about...

Web Application Vulnerability Testing: ZAProxy

Web Application Vulnerability Testing The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are...

Stable Channel Updates for Chrome OS

The Stable channel has been updated to 57.0.2987.137 Platform version: 9202.60.0 for all Chrome OS devices except AOpen Chromebase Mini, AOpen Chromebox Mini, Google Chromebook Pixel 2015, ASUS Chromebook Flip C100PA, Samsung Chromebook Plus. This build contains a number of bug fixes, security...

CTF Framework and Exploit Development Library: pwntools

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. Whether you’re using it to write exploits, or as part of another software project will dictate how you...

Debian DLA-875-1 : php5 security update

Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. CVE-2016-7478: Zend/zendexceptions.c in PHP allows remote attacke...

[SECURITY] [DLA 875-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u8 CVE ID : CVE-2016-7478 CVE-2016-7479 CVE-2017-7272 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development and...

CVE-2017-7271

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

Cybersecurity Domains Mind Map

Last month I retweeted an image labelled "The Map of Cybersecurity Domains v1.0". I liked the way this graphic divided "security" into various specialties. At the time I did not do any research to identify the originator of the graphic. Last night before my Brazilian Jiu-Jitsu class I heard some ...

[SECURITY] Fedora 25 Update: R-3.3.3-1.fc25

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide varie...

UBUNTU-CVE-2017-6381

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerabl...