New Google Tools Help Devs Improve Content Security Policy Protection

Cross-site scripting is the cockroach of web application security vulnerabilities, enjoying continued longevity despite the abundant availability of scanning tools and programming advice designed to squash it. Google yesterday took another shot at eradicating XSS attacks with the release of two...

Generic OS X Malware Detection Method Explained

When it comes to detecting OS X malware, the future may not be rooted in machine learning algorithms, but patterns and heatmap visualization, a researcher posits. In an academic paper published by Virus Bulletin on Monday, Vincent Van Mieghem, a former student at the Delft University of Technolog...

Microsoft Azure Cloud Security Auditing: Azurite

Microsoft Azure Cloud Security Auditing Auditing Cloud services has become an essential task and significant effort is required to assess the security of the available resources. Azurite was developed to assist penetration testers and auditors during the enumeration and reconnaissance activities...

PHP gettext 1.0.12 - (gettext.php) Unauthenticated Code Execution

Exploit for php platform in category web applications CVE-2016-6175 gettext.php | @kmkzsecurity Project Homepage: https://launchpad.net/php-gettext/ Download: https://launchpad.net/php-gettext/trunk/1.0.12/+download/php-gettext-1.0.12.tar.gz Version: 1.0.12 latest release Tested on: Linux Debian,...

Androguard - Reverse engineering, Malware and goodware analysis of Android applications

Reverse engineering, Malware and goodware analysis of Android applications ... and more ninja ! Features Androguard is a full python tool to play with Android files. Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects, Diassemble/Decompilation/Modification of DEX/ODEX/APK...

Open Source Threat Intelligence Collector: OSTrICa

Open Source Threat Intelligence Collector OSTrICa stands for Open Source Threat Intelligence Collector and is an Open Source plugin-oriented framework to collect and visualize Threat Intelligence Information. Furthermore, OSTrICa is also the Italian word for oyster: that’s where the logo come fro...

Advantech Patches WebAccess Remote Code Execution Flaws

Advantech has published a new version of its WebAccess product to address vulnerabilities that put installations at risk to remote code execution attacks. Exploiting the vulnerabilities would be a challenge, however, according to an advisory published Tuesday by the Industrial Control Systems Cyb...

Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation

Certec EDV atvise SCADA server 2.5.9 Privilege Escalation Vulnerability Vendor: Certec EDV GmbH Product web page: http://www.atvise.com Affected version: 2.5.9 Summary: atvise scada is based on newest technologies and standards: The visualization in pure web technology as well as a consistent...

Open Source Big Data Analytics and Visualization: Lumify

Open Source Big Data Integration, Analytics, and Visualization Lumify is an open source project big data fusion, analysis, and visualization platform designed for anyone. Its intuitive web-based interface helps users discover connections and explore relationships in their data via a suite of...

iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 2.02.0000 Summary: Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large...

Network Vision IntraVue Code Injection Vulnerability

OVERVIEW Researcher Jürgen Bilberger from Daimler TSS GmbH has identified a code injection vulnerability in Network Vision’s IntraVue software. Network Vision has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...

[SECURITY] Fedora 22 Update: COPASI-4.16-0.19.20150817git3bc4e9.fc22

COPASI is a software application for simulation and analysis of biochemical networks and their dynamics. COPASI is a stand-alone program that supports models in the SBML standard and can simulate their behavior using ODEs or Gillespie's stochastic simulation algorithm; arbitrary discrete events c...

[SECURITY] Fedora 23 Update: COPASI-4.16-0.19.20150817git3bc4e9.fc23

COPASI is a software application for simulation and analysis of biochemical networks and their dynamics. COPASI is a stand-alone program that supports models in the SBML standard and can simulate their behavior using ODEs or Gillespie's stochastic simulation algorithm; arbitrary discrete events c...

[SECURITY] Fedora 23 Update: openms-2.0.0-21.20150529git88dc25.fc23

OpenMS is an open-source C++ library for LC/MS data management and analyses. It offers an infrastructure for the rapid development of mass spectrometry related software. It comes with a vast variety ready-to-use tools for proteomics and metabolomics data analysis TOPPTools and powerful 2D and 3D...

Gping - Ping, But With A Graph

Ping, but with a graph Install and run Created/tested with Python 3.4, should run on 2.7 will require the statistics module though. pip3 install pinggraph Tested on Windows and Ubuntu, should run on OS X as well. After installation just run: gping yourhost If you don't give a host then it pings...

PE Static Malware Analysis: PortEx

PortEx is a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading Header information from: MSDOS Header, COFF File Header,...

JVN#07676450: Canary Labs Trend Web Server vulnerable to buffer overflow

Trend Web Server provided by Canary Labs is a solution used for data visualization. Trend Web Server contains a buffer overflow CWE-119 vulnerability. Impact A remote attacker may cause a denial-of-service DoS or execute arbitrary code when sending a specially crafted TCP packet. Solution Stop...

IT Security – Do it the hard or easy way!

Whether you are a one-stop-shop IT guy or a network admin on a large IT team you owe it to yourself to learn about Security Information and Event Management SIEM technology. Why? SIEM lets you correlate between events recorded in different logs for related systems. This is significant because...

[SECURITY] Fedora 21 Update: thermostat-1.0.6-2.fc21

Thermostat is a monitoring and instrumentation tool for the Hotspot JVM, with support for monitoring multiple JVM instances. The system is made up of two processes: an Agent, which collects data, and a Client which allows users to visualize this data. These components communicate via a...

[SECURITY] Fedora 22 Update: thermostat-1.2.2-7.fc22

Thermostat is a monitoring and instrumentation tool for the Hotspot JVM, with support for monitoring multiple JVM instances. The system is made up of two processes: an Agent, which collects data, and a Client which allows users to visualize this data. These components communicate via a...