Building Better Evaluation Criteria for Linux Security

Carbon Black recently published a report on the challenges of securing Linux-based operating systems and how Carbon Black is redesigning the approach. For more information about how the Cb Predictive Security Cloud, Carbon Black's consolidated endpoint security platform, helps enterprises cut cos...

Debian: Security Advisory (DSA-4343-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CAINE 10.0 - GNU/Linux Live Distribution For Digital Forensics Project, Windows Side Forensics And Incident Response

CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti Bari - Italy. CAINE offers a complete forensic environment that is organized to integrate existing software tools as...

Intel Distribution Python (IDP) 2018 - Privilege Escalation

Document Title: =============== Intel Distribution Python IDP 2018 - Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2166 ID: INTEL-SA-00181 https://nvd.nist.gov/vuln/detail/CVE-2018-12175 https://vuldb.com/fr/?id.123941...

Intel Distribution Python (IDP) 2018 - Privilege Escalation

Document Title: =============== Intel Distribution Python IDP 2018 - Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2166 ID: INTEL-SA-00181 https://nvd.nist.gov/vuln/detail/CVE-2018-12175 https://vuldb.com/fr/?id.123941...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1038 more potentially affected by CVE-2018-11770 via org.apache.spark:spark-core_2.11 (>=1.2.0 <=2.3.2)

org.apache.spark:spark-core2.11 MAVEN version =1.2.0, =0.25, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2018-11770 Source advisory: OSV:GHSA-W4R4-65MG-45X2...

Metamorfo Banking Trojan Keeps Its Sights on Brazil

This blog post was authored by Edmund Brumaghin, Warren Mercer, Paul Rascagneres, and Vitor Ventura. Executive Summary Financially motivated cybercriminals have used banking trojans for years to steal sensitive financial information from victims. They are often created to gather credit card...

CVE-2018-12413 TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks

The Schema repository server tibschemad component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an...

CVE-2018-12413

The Schema repository server tibschemad component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an...

CVE-2018-12413

The Schema repository server tibschemad component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an...

Cross site request forgery (csrf)

The Schema repository server tibschemad component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an...

[SECURITY] [DSA 4334-1] mupdf security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4334-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 04, 2018 https://www.debian.org/security/faq -...

ThreatList: Fewer Big DDoS Attacks in Q3, Overall Rate Holds Steady

When it comes to distributed denial of service DDoS attacks, the third quarter of 2018 marked an apparent lull in the action, with fewer huge, multi-day attacks than in previous quarters. Researchers however warn against having a false sense of security: The total number of attacks in the quarter...

[SECURITY] [DSA 4330-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4330-1 [email protected] https://www.debian.org/security/ Michael Gilbert November 02, 2018 https://www.debian.org/security/faq -...

Insufficient Entropy

Overview Versions of cryptiles from version 3.1.0 through 3.1.2, and versions 4.0.0 to version 4.1.1 are vulnerable to insufficient entropy. The randomDigits method generates digits that lack a perfect distribution over enough attempts. Recommendation Update to version 3.1.3 or 4.1.2 or later...

Kraken Ransomware Upgrades Distribution with RaaS Model

The Kraken ransomware author has released a second version of the malicious code, along with a unique affiliate program on the Dark Web. According to research into Kraken v.2 the new version is being promoted in a ransomware-as-a-service RaaS model to underground forum customers, via a video...

Httplab - Inspect HTTP Requests And Forge Responses

The interactive web server. HTTPLabs let you inspect HTTP requests and forge responses. Install Golang go get github.com/gchaincl/httplab go install github.com/gchaincl/httplab/cmd/httplab Archlinux yaourt httplab Snap FIXME On systems where snap is supported: snap install httplab Binary...

iOS 12 adoption and performance - what it means for your business's app

On September 17th, Apple released iOS 12. And while many innovative new features were announced, the very first feature listed in the release notes was "Performance." Earlier this year, Apple was heavily criticized for throttling CPU speeds on mobile devices, which drastically affected their...

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Vulnerability

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Author: Gjoko 'LiquidWorm' Krstic @zeroscience Vendor: FLIR Systems, Inc Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board Tested on...