Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a crash caused by the setchannelmap API support...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2024:4105-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4105-1 advisory. - Update to Tomcat 10.1.33 Fixed CVEs: - CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 stat...

SUSE-SU-2024:0319-1 Security update for gdb

This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency wi...

VTScanner - A Comprehensive Python-based Security Tool For File Scanning, Malware Detection, And Analysis In An Ever-Evolving Cyber Landscape

VTScanner is a versatile Python tool that empowers users to perform comprehensive file scans within a selected directory for malware detection and analysis. It seamlessly integrates with the VirusTotal API to deliver extensive insights into the safety of your files. VTScanner is compatible with...

How generate a Citrix Cloud bearer token and use it on a PowerShell API query

This article outlines the steps to generate a Citrix Cloud bearer tokenand use it on a PowerShell API query...

Empower Your Security Team With Our Robust Script Library

Introduction Qualys Custom Assessment and Remediation CAR lets you leverage your same Qualys Cloud Agent for custom detection and remediation measures. Yes, the same agent you rely on for VMDR, Patch Management, Policy Compliance, EDR, or FIM can now be used for custom detection and response...

Google Adds Passkey Support to Chrome for Windows, macOS and Android

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf said...

SUSE-SU-2022:3761-1 Security update for release-notes-susemanager, release-notes-susemanager-proxy

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 Containerized proxy and RBS are now fully supported HTTP API is now fully supported Ubuntu 22.04 is now supported as a client Cobbl...

@gearedminds/tsed-api-support (=2.0.0), @kabuce/api (=0.0.1-alpha.42) +20 more potentially affected by CVE-2020-7748 via @tsed/core (>=4.0.0 <=5.65.6)

@tsed/core NPM version =4.0.0, =5.0.4, =5.0.4, =5.0.4, =5.34.2, =5.60.0, =5.0.4, =5.0.4, =5.34.2, =5.45.0, =5.60.0, =5.34.2, =5.0.4, =5.0.4, =5.47.0 and more Source cves: CVE-2020-7748 Source advisory: OSV:GHSA-77XQ-CPVG-7XM2...

Microsoft Overhauls ‘Patch Tuesday’ Security Update Guide

Microsoft has updated its Security Update Guide, which is used by tens of millions of cybersecurity professionals the second Tuesday of every month, also known as Patch Tuesday. The update, according to Microsoft, is meant to deliver a more intuitive user experience. For its latest update,...

OPENSUSE-SU-2020:0818-1 Security update for xen

This update for xen to version 4.12.3 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling...

SUSE-SU-2020:1609-1 Security update for xen

This update for xen to version 4.12.3 fixes the following issues: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling...

UPDATE: Empire 3.1.0

Empire 3.1.0 was released a few hours ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. It’s a very good thing that, BC-Security has taken over the development of the tool and has made some awesome...

Citrix SD-WAN Software Feature Cheat Sheet

The purpose of this article is to provide guidance of what software, hardware, license and management tool is supported per release. Citrix SD-WAN Software Feature Cheat Sheet also attached for reference R11.4.2 – Nov 2,2021| • You can now configure the LTE interface-based WAN link as a Private...

Findomain v0.2.1 - The Fastest And Cross-Platform Subdomain Enumerator

The fastest and cross-platform subdomain enumerator. Comparision It comparision gives you a idea why you should use findomain instead of another tools. The domain used for the test was microsoft.com in the following BlackArch virtual machine: Host: KVM/QEMU Standard PC i440FX + PIIX, 1996...

Policy Compliance Adds UDC Support for Cloud Agent

Qualys is extending the Cloud Agent capabilities for users of the Policy Compliance PC application by letting them define controls. Until now, the Cloud Agent could only assess Qualys PC’s “out of the box” controls. By adding support for user defined controls UDC, Qualys PC users now can use Clou...

SUSE-SU-2018:3591-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss

This update for MozillaFirefox to ESR 60.2.2 fixes several issues. These general changes are part of the version 60 release. - New browser engine with speed improvements - Redesigned graphical user interface elements - Unified address and search bar for new installations - New tab page listing to...

DevOps-Ready WAF: Scaling Security for a More Agile Environment

With the maturation of DevOps, the growing concern around the security and compliance of more agile application development systems has made 2018 the year for DevSecOps. According to a study by Gartner, over 80% of development teams will have embedded DevSecOps by 2021. When evaluating how a WAF...

New and Improved Version of airpwn: airpwn-ng

Features Inject to all visible clients a.k.a Broadcast Mode Inject on both open networks and WEP/WPA protected networks Targeted injection with -t MAC:ADDRESS MAC:ADDRESS Gather all visible cookies Broadcast Mode Gather cookies for specific websites –websites websiteslist.txt In this scenario,...

Hash Buster - A Script Which Scraps Online Hash Crackers to Find Cleartext of a Hash (MD5, SHA1, SHA2)

Hash Buster is a python script which uses several online hash crackers to find the clear text of a hash in less than 5 seconds. Features of Hash Buster: Detects hash MD5 Support SHA1 Support SHA2 Support Adding more APIs for SHA1 and SHA2 More hash types will be added on demand Installing and Usi...