How organizations can protect against new CERBER variations

TrendMicro Ransomware hit hard in 2016, with big attacks, large payouts and many new strains developed to thwart security measures. At the end of last year, Locky and CERBER ransomware families seemed to be neck and neck for market dominance. But that changed as CERBER evolved to offer new...

In the picture, the added noise will be able to fool Google's best image recognition AI-vulnerability warning-the black bar safety net

! Recently, a group from the University of Washington, network security lab NSL's computer experts found that a malicious attacker can trick Google's CloudVision API, this will cause the API to the user-submitted images were incorrectly classified. In recent years, based on the AI of the image...

CVE-2017-2099

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors...

CVE-2017-2102

Cross-site request forgery CSRF vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2017-2100

The CVE-2017-2100 entry applies to the Hands-on Vulnerability Learning Tool “AppGoat” for Web Application, specifically versions up to V3.0.1. The vulnerability is a DNS rebinding issue that can allow arbitrary code execution when a user visits a malicious page, as described by JVN/Japanese advis...

CVE-2017-2099

The CVE-2017-2099 entry concerns the Hands-on Vulnerability Learning Tool “AppGoat” for Web Application (V3.0.0 and earlier). The connected JVN entries and NVD description indicate a remote code execution vulnerability, but the vectors are not specified in the documents provided. Affected product...

Machine learning and the fight against ransomware

Ransomware is now everywhere. The number of emails containing ransomware rose 6,000 percent since 2015, and in 2016, 40 percent of all spam emails had one of these malicious programs hidden within, according to IBM. Other reports highlight the sophistication of ransomware nowadays and it's...

Inject Custom Code Into PE File: InfectPE

Inject Custom Code Into PE File Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files. Why you need InjectPE? You can test your security products. Use in a phishing campaign. Learn how PE injection works. …and so on. In the project, there i...

Arbitrary file upload vulnerability in the Uploading.ashx file of MicroXia e-learning platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file uploading vulnerability exists in the Uploading.ashx file of the Weixia Online Learning Platform. It allows attackers to exploit the vulnerability to upload webshell and gain server...

DBShield - Database Firewall Written In Go

Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones. How it works? For example, this is how web server normally interacts with database server: By adding DBShield in front of database server we can protect it against abnormal queries. To dete...

Combating a spate of Java malware with machine learning in real-time

In recent weeks, we have seen a surge in emails carrying fresh malicious Java .jar malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get real-time protection against these latest threats...

Five Reasons Why I Joined Wallarm

By Johan Nordstrom The question of “what made you change jobs?” may be old, but the answer with my move to Wallarm is new and clear. I have a vision how to address the dynamic threat landscape of today and Wallarm’s innovative approach to security is in line with these ideas. In my 30 years caree...

teambasedlearning.site-ym.com XSS vulnerability

Vulnerable URL: https://teambasedlearning.site-ym.com/login.aspx?returl="--...

Kong and Wallarm Partner Up to Boost Microservices API Security

Wallarm has partnered with Mashape to provide the microservices community with API security. Mashape enterprise customers who use Kong API gateway can now quickly add API security protection without change in Kong user’s deployment. Read more about Kong and Wallarm partnership in this blog. Today...

Tech support scams persist with increasingly crafty techniques

Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app. Millions of users continue to...

[SECURITY] Fedora 25 Update: moodle-3.1.5-1.fc25

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

[SECURITY] Fedora 24 Update: moodle-3.1.5-1.fc24

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

Database Firewall: DBShield

Database Firewall DBShield is a Database Firewall written in Go that has protection for MySQL/MariaDB, Oracle and PostgreSQL databases. It works in a proxy fashion inspecting traffic and dropping abnormal queries after a learning period to populate the internal database with regular queries. For...

IBM Kenexa LMS on Cloud Cross-Site Scripting Vulnerability

IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS developed by IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and sha...

Design/Logic Flaw

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning...