Reliance Jio Customers' Data Allegedly Hacked – Company Denies Breach

Personal details of some 120 Million customers have been allegedly exposed on the Internet in probably the biggest breach of personal data ever in India. Last night, an independent website named Magicapk.com went online, offering Reliance Jio customers to search for their identification data Know...

AnswerX - Akamai's 'Secret' DNS Platform

As I work with Operators all over the world, I'm amazed at two worrying. First, Operators are still treating DNS as an afterthought. Everyone knows that if DNS is down, the network is down. Too many people are taking DNS's resiliency for granted. DNS "just works" is assumed to be norm until it do...

SigPloit - Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP

SiGploit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SiGploit aims to cover all used protocols used in the...

Watch Hackers Sabotage an Industrial Robot Arm

Researchers were able to take control of a 220-pound robotic arm to damage the products it manufactures---or the person that operates it. The post Watch Hackers Sabotage an Industrial Robot Arm appeared first on WIRED...

CVE-2017-2128

Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data...

Design/Logic Flaw

Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data...

CVE-2017-2128

The CVE-2017-2128 entry relates to the IPA’s Security guide for website operators, where loading specially crafted saved data can cause arbitrary OS command execution (CWE-78). Root cause is an issue in loading saved data that enables command execution; the affected component is the Security guid...

CVE-2017-2128

Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data...

LibSass: stack overflow #3 in libsass

./sassc test387 /dev/null triggers this stack overflow. ==9081==ERROR: AddressSanitizer: stack-overflow on address 0x7fffb48eadc0 pc 0x00000087a07b bp 0x7fffb48eba30 sp 0x7fffb48ead60 T0 0 0x87a07a in Sass::Parser::parsefactor /home/geeknik/libsass/src/parser.cpp:1379 1 0x878304 in...

PHP Denial of Service Vulnerability (CNVD-2017-05493)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

PT-2017-17068 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP version 7.1.2 Description: The issue in the zval get long func ex function in Zend/zend operators.c allows attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via crafted use of...

NukeBot Banking Trojan Source Code Leaked Online by Author

The author behind NukeBot, a modular banking Trojan, released source code for the malware earlier this month in an apparent effort to regain the trust of the cybercrime community. Gosya, NukeBot’s creator, posted a GitHub link to the malware, calling it a “zeus-like banking trojan,” on several...

JVN#11448789: Security guide for website operators vulnerable to OS command injection

Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Do...

Arbitrary shell execution

Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...

shopify-scripts: NULL pointer dereference when parsing ternary operators

There is a NULL pointer dereference when parsing ternary operators which will cause a crash. This could be used to cause a DoS. Sample code causing the crash file sample.rb is also attached: ruby b = a ? 1 : 0 Note that a should be treated as a method call which in this case is also undefined, bu...

China Passes Cybersecurity Law to Tighten its Control over the Internet

China has long been known for its strict censorship policies, which has already made it difficult for foreign companies to do business in the world's most populous country of more than 1.35 Billion people. Now, the Chinese government has approved a broad new controversial cybersecurity regulation...

CVE-2016-0897

Pivotal Cloud Foundry PCF Ops Manager before 1.6.17 and 1.7.x before 1.7.8, when vCloud or vSphere is used, does not properly enable SSH access for operators, which has unspecified impact and remote attack vectors...

CVE-2016-1665

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

Code injection

The JSGenericLowering class in compiler/js-generic-lowering.cc in Google V8, as used in Google Chrome before 50.0.2661.94, mishandles comparison operators, which allows remote attackers to obtain sensitive information via crafted JavaScript code...

CVE-2016-1665

Removed by vendor...