9525 matches found
CERT Warns On Critical Hole In SCADA Software By Italian Firm Progea
The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors. DHS’s Industrial Control Systems Cyb...
CERT Warns Of Cyber Threats To Gas Pipelines
The Department of Homeland Security said it is investigating a string of cyber intrusions targeting companies that operate national gas pipelines in the U.S. The DHS’s Industrial Control System Computer Emergency Readiness Team ICS-CERT disclosed in its April, 2012 newsletter that it is...
Fortinet FortiWeb Web Application Firewall - Policy Bypass
Fortinet FortiWeb Web Application Firewall - Policy Bypass BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWe...
Fortinet FortiWeb Web Application Firewall - Policy Bypass
BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update to Tue, 2 May 2012 Type: Web...
FEMA: State, Local Officials Not Prepared to Respond to Cyberattack
A report by the Federal Emergency Management Agency FEMA finds that state and local government officials in the U.S. are pessimistic about their ability to respond to a cyberattacks. The National Preparedness Report NPR was commissioned by the Obama Administration. It found that, although the...
Iran: We Have Discovered 'Hidden Agenda' Of Oil Ministry Attack
The Iranian government has discovered what it describes as a ‘hidden agenda’ behind a recent malware attack on the country’s Oil Ministry, according to a report published by the FARS News Agency. The statement, from Deputy Oil Minister Hamdollah Mohammadnejad, confirmed earlier reports that the...
VoIP VLAN Hopper
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. This requires two important steps ...
Iran Preparing For Cyberwar Against U.S
Iran Preparing For Cyberwar Against U.S Security professionals in both the U.S. government and in private industry have long feared the prospect of a cyberwar with China or Russia, two states capable of launching destructive attacks on the computer networks that control critical assets such as th...
RuggedCom Rugged Operating System Vulnerability
RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password. This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative...
admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.
admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'
admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'
admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"
admin/createMissingPersonalInfo.jsp doesn't require a csrf token to trigger "build Personal Information objects". When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/fixCaseInSpacePermissions.jsp lacks an XSRF token to 'fix the case of your space permissions'
admin/fixCaseInSpacePermissions.jsp does not require a csrf token to 'fix the case of your space permissions'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
Use VoIP – or Copper
Google Voice is a free VOIP service that can be used to create “throw away” voice accounts for travelers. Having your conversations handled on Google’s infrastructure also provides a measure of security over foreign telecommunications networks, which – depending on the country – could cooperating...
No Patch Coming for Newly Announced Vulnerabilities in ABB Legacy Products
Two independent researchers who’ve been warning of the threat of serious attacks against bug-riddled ICS and SCADA systems today issued an alert through ICS-CERT that vulnerabilities in ABB products could lead to DoS attacks or allow an attacker to remotely launch malicious code. No patch is...
[SECURITY] [DSA 2443-1] linux-2.6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2443-1 [email protected] http://www.debian.org/security/ Dann Frazier March 26, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2443-1] linux-2.6 security update
---------------------------------------------------------------------- Debian Security Advisory DSA-2443-1 [email protected] http://www.debian.org/security/ Dann Frazier March 26, 2012 http://www.debian.org/security/faq - ----------------------------------------------------------------------...
DSA-2443-1 linux-2.6 - several
Bulletin has no description...
Free Configuration Check Tool by eEye Digital Security
Free Configuration Check Tool by eEye Digital Security eEye Digital Security, the industry's leading innovator of threat management solutions, just released new research, "Working Toward Configuration Best Practices" . Findings verify that proper configuration and mitigations remain the most...