112 matches found
SUSE-SU-2018:3973-1 Security update for qemu
This update for qemu fixes the following issues: Security issues fixed: - CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use...
Removing the jam in your printer security
Printers are an important, invisible—albeit sometimes loud—component of the office. But all too often they’re filled with mystery meat icons, peculiar blinking lights, or error messages with no instruction manual to hand. No problem, you can just print at the next station! Wrong. Printers also...
kernel security update
kernel 2.6.18-419.0.0.0.12 - x86 mm/dumppagetables: Add a checkl1tf debugfs file Chris von Recklinghausen 1593378 CVE-2018-3620 - x86 cpu: Make flushl1d visible in /proc/cpuinfo Chris von Recklinghausen 1593378 - x86 cpufeatures: Add detection of L1D cache flush support. Chris von Recklinghausen...
OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0236)
The remote OracleVM system is missing necessary patches to address critical security updates : - block: update integrity interval after queue limits change Ritika Srivastava Orabug: 27586756 - dccp: check sk for closed state in dccpsendmsg Alexey Kodanev Orabug: 28001529 CVE-2017-8824 CVE-2018-11...
Tutorial: Mutiny Fuzzing Framework and Decept Proxy
Here's a basic demo video for our new opensource tools, Decept and Mutiny. Happy New Year ^^ Lilith Recently, Talos released new tools to assist in the monumental task of finding vulnerabilities in network applications. Mutiny and Decept work together to help researchers fuzz quickly and...
KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II WPA2 protocol that could allow an attacker to hack into your Wi-Fi network a...
IoT Device Security At Home
My girlfriend read something that worried her about the security risks posed by Internet of Things IoT devices at home. She had recently purchased a new TV, and she has an older home security system. She asked if her privacy might be at risk. We talked about the kinds of problems an unprotected...
Cloud, IoT Big Factors in Annual BSIMM 7 Report
Bad software equals insecure software, and companies don’t have to accept this status quo. That’s both the takeaway and goal of Cigital’s seventh annual Building Security in Maturity Model report released Tuesday. The report reveals that the cloud, application containers, and agile software...
Typosquatters Target Mac Users With New .OM Domain Scam
Typosquatters are targeting Apple computer users with malware in a recent campaign that snares clumsy web surfers who mistakenly type .om instead of .com when surfing the web. According to Endgame security researchers, the top level domain for Middle Eastern country Oman .om is being exploited by...
[SECURITY] [DLA 310-1] linux-2.6 security update
Package : linux-2.6 Version : 2.6.32-48squeeze14 CVE ID : CVE-2015-0272 CVE-2015-5156 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5707 CVE-2015-6937 This update fixes the CVEs described below. CVE-2015-0272 It was discovered that NetworkManager would set IPv6 MTUs based on the values...
LedgerSMB Improper Logout
Security Advisory: LedgerSMB 1.3.36, Improper Logout on Some Browsers Severity: Low cvssv2 base score: 3.6, total 0.5 Remotely Exploitable: No Complexity of Attack: High Impact: Relatively low. Prerequisite for Attack: Physical Access to Previously Logged In Browser, so high complexity in most...
USN-1907-2: IcedTea Web update
USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7. Original advisory details: Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploi...
New network vulnerabilities continue to hijack all the new network domain name of the state is forbidden to modify the exception-vulnerability warning-the black bar safety net
Brief description: New network vulnerabilities continue to hijack all the new network domain name of the state is forbidden to modify, except Statement: I talked to the new network really didn't hate Detailed description: How to obtain the domain administrative password of the MD5 value will not...
Operation Red October : Cyber Espionage campaign against many Governments
A new sensational discovered has been announced by Kaspersky Lab’s Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies. A new large scale cyber-espionage operation has been discovered, named Re...
Japanese Dating compensated Dating CMS injection vulnerability-vulnerability warning-the black bar safety net
Find mining on the network vulnerabilities is not what is the problem with the light thing, but because of the political issues to the invasion of Japan website, nor what glorious things will only become cannon fodder. You think you're out of breath, in fact you and I have what difference. Front...
USN-1212-1 : linux-ti-omap4 vulnerabilities
Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. CVE-2011-0463 Timo Warns discovered that the LDM disk partition handli...
Asterisk Multiple Channel Drivers Denial of Service (AST-2011-008/AST-2011-009/AST-2011-010)
Binary data 5969.prm...
Have We Lost the Desktop Security Battle?
For years, security experts, analysts and even users have been lamenting the state of desktop security. Viruses, spam, Trojans and rootkits have added up to create an ugly picture. But, the good news is that the desktop security battle may be over. The less-than-good news, however, is that we may...
Alien Technology ALR-9900 Default Passwords
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tested: www.alientechnology.com/readers/alr9900.php Background: Alien Technology is a major rfid-reader designer and manufacturer. Alien's products are sold to many corporations and the military. Alien's readers can be interfaced with in several ways...
A network of popular campus web CMS system vulnerabilities-vulnerability warning-the black bar safety net
Today inadvertently browsing to the home of a high school's website, casually turn to turn. The bottom of the page directly to have“admin”, and click directly into the Background address for http://www.xxxxx.net/xyadmin/login.asp Guess a bit of the database, found at: http://www. xxxxx...