[SECURITY] Fedora 27 Update: moodle-3.3.9-1.fc27

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

Obfuscated Command Line Detection Using Machine Learning

This blog post presents a machine learning ML approach to solving an emerging security problem: detecting obfuscated Windows command line invocations on endpoints. We start out with an introduction to this relatively new threat capability, and then discuss how such problems have traditionally bee...

AWS Helping to Unlock Potentially Life-saving Innovation for the Healthcare Sector – While Keeping Sensitive Information Locked Down

Marnie Wilking – CISO, VP Information Assurance, Orion Health Many of the next significant, potentially lifesaving discoveries that will happen in healthcare will be the direct result of big data, machine learning and artificial intelligence. Making the shift to big data, machine learning and...

Cyberthreats to financial institutions 2019: overview and predictions

Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cryptocurrency threat predictions for 2019 Introduction – key events in 2018 The past year has been extremely eventful in terms of the digital threats faced by financial institutions:...

Using Machine Learning to Create Fake Fingerprints

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctiv...

Multiple loopholes in the cadre online learning platform of Hangzhou Elite Online Education Technology Co.

Hangzhou Elite Online Education Technology Co., Ltd. is a brand of cadre online learning, and has successfully built large-scale cadre education platforms for leading cadres of many organization ministries and other organs in China, providing solutions for all-round intelligent learning. There is...

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints: fake fingerprints designed to get past security...

Beers with Talos Ep. #41: Sex, money and malware

Beers with Talos BWT Podcast Ep. 41 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 41 show notes: Recorded Nov. 9, 2018 — We tried to make this episode last week, but thanks to some technical difficulties, we...

The evolution of Microsoft Threat Protection, November update

At Ignite 2018, we announced Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure Figure 1. The foundation of the solution is the Microsoft Intelligent Security Graph, which...

Welcome to Qualys Security Conference 2018

The rise of cloud computing coupled with DevOps is forcing enterprises to rewrite their cybersecurity playbook, and part of that book will be written this week at Qualys Security Conference 2018 in Las Vegas. Today, the dual cloud and DevOps mega-trends are helping companies to digitally transfor...

Extreme Office suffers from a memory corruption vulnerability

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. A memory corruption vulnerability exists in Extreme Office. An attacker can exploit the vulnerability to cause memory corruption, leading to code execution...

SQL Injection Vulnerability in the Frontend of Online Learning System of Beijing Xinqi Technology Co.

Beijing Xinqi Technology Co., Ltd. is a technical service enterprise specializing in the research and development of training management software. A SQL injection vulnerability exists in the frontend of the online learning system of Beijing Xinqi Technology Co. An attacker can exploit the...

XSS Vulnerability in IM-Learning Intelligent Learning Management System of Guangyi East

IM-Learning Intelligent Learning Management System is a web-based academy with key technologies that can be customized and expanded. An XSS vulnerability exists in the Guangyi East IM-Learning Intelligent Learning Management System, which can be exploited by attackers to obtain sensitive...

Vulnerabilities in the Frontend of IM-Learning Intelligent Learning Management System of Guangyi Orient

IM-Learning Intelligent Learning Management System is a web-based academy with key technologies that can be customized and expanded. An override access vulnerability exists in the frontend of the Guangyi Orient IM-Learning Intelligent Learning Management System, which can be exploited by an...

Learning with Texts 1.6.2 - 'start' SQL Injection

Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version: 1.6.2 Category: Webapps Tested on:...

Learning With Texts 1.6.2 SQL Injection

Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version: 1.6.2 Category: Webapps Tested on:...

Learning with Texts 1.6.2 - start SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version: 1.6.2 Category: Webap...

Learning with Texts 1.6.2 - start SQL Injection

Learning with Texts 1.6.2 - start SQL Injection Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version:...

CVE-2018-0056

If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon L2ALD daemon might crash when attempting to delete the duplicate MAC address when the...

MX Series: L2ALD daemon may crash if a duplicate MAC is learned by two different interfaces

If a duplicate MAC address is learned by two different interfaces on an MX Series device, the MAC address learning function correctly flaps between the interfaces. However, the Layer 2 Address Learning Daemon L2ALD daemon might crash when attempting to delete the duplicate MAC address when the...