UBUNTU-CVE-2018-13301

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ffmpeg4decodepictureheader function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service...

DEBIAN-CVE-2018-13300

In FFmpeg 3.2 and 4.0.1, an improper argument AVCodecParameters passed to the avprivrequestsample function in the handleeac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information...

When It Comes To IoT Security, Liability Is Muddled

BOSTON—From hacked connected cars to power grids, the implications of IoT security issues seem to be getting graver – yet when it comes to pointing fingers for security troubles, many times victims don’t even know where to start. IoT experts said at the Security of Things Forum today said that a...

navalexperts.naval-group.com XSS vulnerability

Open Bug Bounty ID: OBB-629303 Description| Value ---|--- Affected Website:| navalexperts.naval-group.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Vulnerability to cause a Windows system crash, hardware experts published PoC exploit code-exploit warning-the black bar safety net

Bitdefender company researcher Marius Tivadar on GitHub released a PoC code, even if the computer is locking the case in a few seconds cause Windows computers to crash. ! The PoC code is the use of Microsoft processing an NTFS file system image process in the presence of a vulnerability, the code...

Linux server discovered bitcoin extortion event, do a good Four Points from a loss-vulnerability warning-the black bar safety net

Following the Windows encountered ransomware virus after the Linux server was bitcoin extortion cases have occurred, you think to pay a ransom just to end? Important warning Recently, Tencent cloud security team monitoring to the cloud on a Linux server began to appear bitcoin extortion event, th...

The Digital Security Exchange Is Live

Last year I wrote about the Digital Security Exchange. The project is live: The DSX works to strengthen the digital resilience of U.S. civil society groups by improving their understanding and mitigation of online threats. We do this by pairing civil society and social sector organizations with...

Highlights from the HITRUST Third-Party Assurance Summit

The HITRUST TPA Summit brought together experts representing customers, vendors, and assessor firms in various aspects of risk management to share best practices, lessons learned and effective third-party risk management strategies leveraging the HITRUST CSF Assurance Program and HITRUST Assessme...

New EU Privacy Law May Weaken Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down...

experts-tourister.ru XSS vulnerability

Open Bug Bounty ID: OBB-541595 Description| Value ---|--- Affected Website:| experts-tourister.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Forever 21 Says PoS Systems Exposed Customer Data for 8 Months

Fashion retailer Forever 21 confirmed a breach made public in November resulted in the theft of credit card data belonging to an undisclosed number of customers. The company had stated that a lack of encryption used on some of its point-of-sales payment terminals could have resulted in unauthoriz...

Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers

It's the last month of this year, but possibly not the last data breach report. Nissan warns of a possible data breach of personal information on its customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada. Although the company says it does not...

U.S. Government Blames North Korea for WannaCry

The United States government is officially blaming North Korea for the WannaCry ransomware outbreak in May that infected nearly a quarter-million computers in 150 countries. Calling it a “careless and reckless” attack, White House Homeland Security Adviser Tom Bossert said Tuesday at a White Hous...

Capital One Fraud Seminar Recap

Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital Ones Fraud Analysis team...

Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards

Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in...

Struts2 new flaws vulnerability bug（S2-052 presents the use case, and face the vulnerability flaws of the enterprise-the race against time-vulnerability warning-the black bar safety net

Prior to the black bar safety net it S2-052）vulnerabilities done in a special thematic report, I believe we also have understand! Recently from the Cisco Talos experimental study of the analysis chamber and NVISO laboratory for the research staff also found that there was an attacker of real use ...

New Locky Variant 'IKARUSdilapidated' Strikes Again

A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s truste...

The Intel processor is now a security vulnerability: it can be used by hackers as a backdoor-a vulnerability warning-the black bar safety net

Recently, in Moscow security research Positive Technologies report notes that the Intel Management Engine 11 There is the death of button, can be used by hackers to steal. Management Engine Management Engine is Intel a Firmware Interface for processors and peripheral chip for communication, therm...

The Next Generation of the Rapid7 Community

Rapid7s community is evolving! For the past several years, community.rapid7.com has been our platform for news and knowledge spanning blogs, questions, discussion, and documentation. We have tried to ensure that our community site has been a source of pragmatic, down-to-earth information and...

Visit Trend Micro at VMworld 2017

Trend Micro will be at VMworld 2017 in Las Vegas on August 27th – 31st, showing why experience matters when it comes to automated security for your data center and cloud environments. Stop by our booth, 610, to chat with our security experts, and enter our daily draws to win a Phantom 3 Drone! Se...