9527 matches found
CVE-2013-1247
CVE-2013-1247 affects Cisco Prime Infrastructure; XSS in the wireless configuration module allows an unauthenticated remote attacker to inject scripts via a rogue SSID displayed in the XML windowing table (Bug CSCuf04356). Exploitation requires access to the rogue AP listing; Cisco notes software...
Cisco Prime Infrastructure Rogue AP SSID Cross-Site Scripting Vulnerability
A vulnerability in the wireless configuration module of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to insert scripts into the listing of rogue access points. The vulnerability is due to a failure to properly sanitize SSIDs before inserting them into the XML windowi...
Grid Utilities Critical Infrastructure Protection Lacking
It would seem that what spurs private and public electric grid utility operators to action with regard to cybersecurity isn’t the Chinese or Iranians attacking them, but the word “mandatory”. A paper published yesterday by two U.S. legislators revealed that when there are mandatory cybersecurity...
USN-1831-1: OpenStack Nova vulnerability
Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk...
Internet Explorer 8 zero-day attack spreads on 9 other sites
Watering hole Internet Explorer 8 zero-day attack on the US Department of Labor website last week has spread to 9 more global websites over the weekend, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and...
Obama Expands Surveillance to Critical Infrastructure
A little-known policy through which the Departments of Justice, Defense, and Homeland Security offered prosecutorial immunity to companies that helped the U.S. military monitor Internet traffic on the private networks of defense contractors has reportedly been expanded by Executive Order to inclu...
Brad Arkin Named Adobe CSO
Adobe has named Brad Arkin to the newly created position of CSO, a major expansion of responsibilities for Arkin, who has been leading the company’s product security and privacy initiatives. Adobe has been in the security spotlight for several years now, as attackers have focused their attention ...
HD Moore: Hackable Serial Port Servers Lack Authentication
Serial port servers are admittedly old school technology that you might think had been phased out as new IT, SCADA and industrial control system equipment has been phased in. Metasploit creator HD Moore cautions you to think again. Moore recently revealed that through his Critical IO project...
Malware More Globally Distributed, Still Made in China
In an attempt to better evade detection, cybercriminals are increasingly configuring their command and control infrastructure in such a way that initial malware callbacks communicate with a server located in the same country as the newly infected machines. This emerging trend is among the vast an...
CALL FOR PAPERS - The Hackers Conference 2013
The call for papers for The Hackers Conference 2013 is now open. THC2013 is a hacker conference taking place in New Delhi, India on August 25th, 2013. The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cybe...
Cisco TelePresence Infrastructure Denial of Service Vulnerability
Cisco TelePresence multipoint control unit MCU and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate thi...
Shylock Trojan Going Global with New Features, Resilient Infrastructure
The prolific, credential-stealing Shylock banking Trojan is growing increasingly sophisticated as its creators continue adding new modules and functionalities to the man-in-the-browser malware, according to a Symantec report. To this point, Shylock has made its money via man-in-the-browser attack...
keystone: online validation of Keystone PKI tokens bypasses revocation check
OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...
World's largest Digital documents library 'Scribd' Hacked
World's largest Digital documents library 'Scribd' announced that, they were hacked in a recent attack and hacker potentially able to compromise general user information, which includes usernames, emails, and encrypted passwords of partial database. "Even though this information was accessed, the...
PT-2013-3441 · Openstack · Openstack Keystone
Name of the Vulnerable Software and Affected Versions: OpenStack Keystone version 2012.2 Description: The issue allows remote attackers to bypass intended access restrictions via a revoked PKI token, due to improper revocation checks for Keystone PKI tokens when performed through a server...
Cyber 9/11, cyber doomsday...between fear and need for action
It's not a mystery, every nation is worried of the level of security of its infrastructure, the United States are among the most concerned governments due the high number of cyber-attack against its networks. US Government representative such us former States Secretary of Defense Leon Panetta and...
Cyber 9/11, cyber doomsday...between fear and need for action
It’s not a mystery, every nation is worried of the level of security of its infrastructure, the United States are among the most concerned governments due the high number of cyber-attack against its networks. US Government representative such us former States Secretary of Defense Leon Panetta and...
NSA Director Alexander: US Building Cyberattack Teams
More rhetoric is coming out of Washington regarding the use of malware as an auxiliary weapon to bombs and bullets. National Security Agency leader Gen. Keith Alexander told a House Armed Services Committee yesterday that his new Cyber Command will be ready to retaliate should the United States...
CVE-2013-1153
Cross-site request forgery CSRF vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676...