AMD RESPONSE TO “I see dead µops: leaking secrets via Intel/AMD micro-op caches” RESEARCH PAPER

Bulletin ID: AMD-SB-1006 Summary AMD has reviewed the research paper and believes existing mitigations were not being bypassed and no new mitigations are required. AMD recommends its existing side-channel mitigation guidance and standard secure coding practices be followed. CVE Details None...

Aura - Python Source Code Auditing And Static Analysis On A Large Scale

Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attac...

MISSIONS — The Next Level of Interactive Developer Security Training

If organizations want to get serious about software security, they need to empower their engineers to play a defensive role against cyberattacks as they craft their code. The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that...

SQLInjectionWiki

This is a comprehensive wiki on SQL injection, a type of web application security vulnerability. The wiki is maintained by NetSPI and is available in both English and Chinese versions. The wiki covers various aspects of SQL injection, including detection, exploitation, and mitigation. The wiki...

Barracuda and Microsoft: Securing applications in public cloud

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Barracuda Cloud Application Protection CAP platform features integrations with Microsoft Azure Active Directory Azure AD and Azure Security Center. A component of CAP,...

Applied ThreadFix: Getting the Most Out of Your Training Investment

As we talked about in an earlier blog post, secure coding training for developers can be expensive. Knowledgeable individuals who are adept at training are relatively rare. Quality training materials are expensive to develop and maintain. For these reasons, solid commercial instructor-led trainin...

ar.vlip-boxes.lv Cross Site Scripting vulnerability

Security Researcher Ellesig Helped patch 56 vulnerabilities Received 2 Coordinated Disclosure badges Received 1 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting ar.vlip-boxes.lv website and its users. Following coordinated...

Measuring the Security of IoT Devices

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 varies by vendo...

java-1.8.0-openjdk security update

1:1.8.0.212.b04-1 - Remove additions to EXTRACFLAGS and EXTRACPPFLAGS which are now made by upstream. - Resolves: rhbz1693468 1:1.8.0.212.b04-1 - Add JDK-8223219 to avoid -fstack-protector overriding -fstack-protector-strong - Resolves: rhbz1693468 1:1.8.0.212.b04-0 - Update to...

Vulnado - Purposely Vulnerable Java Application To Help Lead Secure Coding Workshops

This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. Up and running 1. Install Docker for MacOS or Windows. You'll need to create a Docker account if you don't already have one. 2. git clone git://github.com/ScaleSec/vulnado 3. cd...

How to Solve the Developer vs. Cybersecurity Team Battle

There is an ongoing tension between developers and security teams in many organizations. On one hand, developers face mounting pressure to build rich, feature-driven applications on nearly impossible timelines to remain competitive. On the other hand, security teams face rising pressures of their...

Kurukshetra - A Framework For Teaching Secure Coding By Means Of Interactive Problem Solving

Kurukshetra is a web framework that’s developed with the aim of being the first open source framework which provides a solid foundation to host reasonably complex secure coding challenges while still providing the ability to efficiently and dynamically execute each challenge on the basis of user...

Raptor - Web-based Source Code Vulnerability Scanner

Raptor is a web-based web-serivce + UI github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available...

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: WP Easy Poll 1.1.3 XSS and CSRF Exploit Author : Ahn Sung Jun Date : 2015-12-09 Vendor Homepage : https://wordpress.org/plugins/wp-easy-poll-afo/ Software Link : https://downloads.wordpress.org/plugin/wp-easy-poll-afo.1.1.3.zip Version : 1.1.3 Tested On : kail linux Iceweasel...

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: WP Easy Poll 1.1.3 XSS and CSRF Exploit Author : Ahn Sung Jun Date : 2015-12-09 Vendor Homepage : https://wordpress.org/plugins/wp-easy-poll-afo/ Software Link :...

WordPress WP Easy Poll 1.1.3 Plugin - XSS and CSRF Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WP Easy Poll 1.1.3 XSS and CSRF Exploit Author : Ahn Sung Jun Date : 2015-12-09 Vendor Homepage : https://wordpress.org/plugins/wp-easy-poll-afo/ Software Link : https://downloads.wordpress.org/plugin/wp-easy-poll-afo.1.1.3.zip...

Mac OS X <= 10.4.6 (launchd) Local Format String Exploit (ppc)

No description provided by source. !/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch-ppc.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom Much appreciation goes to John H for all kindsa random shit like exploiting Veritas and other random things in the past core... where the...

Debian Linux 2.0 Super Syslog Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/342/info After the first super buffer overflow vulnerability was discovered, another appeared shortly after. This vulnerability exists when the syslog option is enabled. The overflow is in the file error.c, in the Error...

What Does PCI 3.0 Mean to Security Practitioners?

Cybercrime, identity theft, and frauds are on the rise; and in most cases, the data breaches are associated with credit cards and cardholder data. The impact of data breach not only affects your organization, but also your customers. A common observation cites that organizations that are PCI...

[OWASP Bricks] Modular Deliberately Vulnerable Web Application

Bricks is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools Mantra and ZAP. The mission is to 'break...