9525 matches found
[SECURITY] Fedora 17 Update: zabbix-1.8.15-1.fc17
ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...
[SECURITY] Fedora 16 Update: zabbix-1.8.15-1.fc16
ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...
Oracle Releases Fix For Java CVE-2012-4681 Flaw
Oracle on Thursday released a new version of Java that included a fix for the CVE-2012-4681 vulnerability that has been used in limited targeted attacks in the last couple of weeks. The release of Java 7 update 7 comes about four days after the Java flaw was publicly disclosed, but several months...
Power Plants Are Vulnerable To Hackers with Siemens flaw
The U.S. Department of Homeland Security has issued an alert warning that hackers could exploit code in Siemens-owned technology to attack power plants and other national critical infrastructure. Justin W. Clarke, an expert in securing industrial control systems, disclosed at a conference in Los...
ICS-CERT Warns of Serious Flaws in Tridium Niagara Software
The DHS and ICS-CERT are warning users of some popular Tridium Niagara AX industrial control system software about a series of major vulnerabilities in the applications that are remotely exploitable and could be used to take over vulnerable systems. The bugs, discovered by researchers Billy Rios...
Infographic: Stuxnet's Cyberwar Vines Untangled
Keeping track of the relationships between various malware families can be hard, especially when you’re talking about espionage tools such as Stuxnet and Gauss. Veracode has put together an infographic as a general recap of the life and times of Stuxnet, the much-discussed cyber worm that first...
DEBIAN-CVE-2012-3449
Open vSwitch 1.4.2 uses world writable permissions for 1 /var/lib/openvswitch/pki/controllerca/incoming/ and 2 /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files...
Veeam ONE Monitor performance data collection times out
Challenge You are facing the following configuration issue: Veeam ONE Monitor performance graphs show the No Data Available message. Cause VeeamDCS.log file contains the following errors: Collecting thread has failed to initialize The operation has timed out and will be stopped Collecting thread...
Termineter Security Framework for Smart Meters Released
It’s that most wonderful time of the year again: tool release season. With Black Hat, DEF CON and BSides Las Vegas all looming, researchers are beginning to publish the tools that they’ll be discussing during their talks at the various conferences next week. Among the more interesting releases so...
Religious 'Madi' Spyware Spies on Critical Infrastructure in Middle East
A new variety of spyware has been targeting users in Iran, Israel and the Middle East for the last eight months according to joint research from Israeli security software firm Seculert and Kaspersky Lab. The new malware is using a variety of odd techniques and misdirection to entice users to...
U.S. Congress Hears Of Growing Cyber Espionage Threat To U.S.
Testimony before the U.S. House of Representatives’ Homeland Security Committee painted a grim picture about the problem of cyber espionage against U.S. companies and interests. Government and law enforcement experts testifying before the U.S. House of Representatives’ Homeland Security Committee...
Infrastructure Resources LLC - SQL Injection Vulnerability
Exploit for php platform in category web applications 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 0...
Tom Sawyer Software GET Extension Factory Remote Code Execution
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Tom Sawyer Software GET Extension Factory Remote Code Execution
This module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware...
DHS Says No Evidence That Flame Targets Industrial Systems, But Urges Caution
In and advisory, the Department of Homeland Security’s Industrial control System ICS CERT said that it doesn’t believe the Flame malware targets industrial control systems ICS or SCADA systems, but the group advised critical infrastructure owners to be on alert. The advisory, issued Wednesday,...
Moxie Marlinspike on TACK, Convergence and Trust Agility
Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better...
DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.
The FBI said that there are still more than 330,000 computers believed to be infected with the DNSChanger malware, with just weeks to go before a court order to cut off their ability to communicate with the rest of the Internet. Fully 77,000 are located in the U.S., according to data provided to...
Researchers Unveil New Way to Trust Certificates
Two independent researchers are proposing an extension for TLS to provide greater trust in certificate authorities, which have become a weak link in the entire public key infrastructure after some big breaches involving fraudulent SSL certificates. TACK, short for Trust Assertions for Certificate...
Pentagon boosts contractor cybersecurity program
Pentagon boosts contractor cybersecurity program The US Defense Department invited all of its eligible contractors on Friday to join a previously restricted information-sharing pact aimed at guarding sensitive Pentagon program data stored on private computer networks. The Pentagon predicts that a...
Anonymous: We Are Not Terrorists but Fearless Freedom Fighters
Anonymous: We Are Not Terrorists but Fearless Freedom Fighters Black Ops 2 trailer that was released recently, portrays the Anonymous organization as the enemy of the United States, which has pissed them off greatly. Anonymous has responded to Activision's marketing campaign for Call of Duty: Bla...