Brave Software: Unsafe handling of protocol handlers

Summary: Brave browser macOS handles protocol handlers in unsafe way and differently from other browsers. Key differences between protocol handlers handling in Brave and other browsers: Open external app vs Open "Terminal" Brave only asks about opening external app. Other browsers e.g. Chrome ask...

Microsoft Windows: MSS: (AutoAdminLogon) Enable Automatic Logon

This test checks the setting for policy SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.109313";...

June 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

June 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

June 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

Hash-Buster v2.0 - Tool Which Uses Several APIs To Perform Hash Lookups

Features Automatic hash type identification Supports MD5, SHA1, SHA2 Can extract & crack hashes from a file Can find hashes from a directory, recursively 6 robust APIs As powerful as Hulk, as intelligent as Bruce Banner Single Hash You don't need to specify the hash type. Hash Buster will identif...

CVE-2018-1453

IBM Security Identity Manager Virtual Appliance 7.0 allows an authenticated attacker to upload or transfer files of dangerous types that can be automatically processed within the environment. IBM X-Force ID: 140055...

Threat Roundup for May 18-25

Welcome to Cisco Talos' weekly Threat Roundup, where we go over some of the most prevalent malware and vulnerabilities we've seen over the past week. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by...

imagemagick/encoder_mvg_fuzzer: Crash in TracePath

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5349958956875776 Project: imagemagick Fuzzer: libFuzzerimagemagickencodermvgfuzzer Fuzz target binary: encodermvgfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

envoy/h1_capture_fuzz_test: Heap-use-after-free in Envoy::FakeRawConnection::FakeRawConnection

Detailed report: https://oss-fuzz.com/testcase?key=6215556767154176 Project: envoy Fuzzer: libFuzzerenvoyh1capturefuzztest Fuzz target binary: h1capturefuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash Address: 0x6120000fdf68 Crash State:...

Threat Outbreak Alert RuleID32739: Email Messages Distributing Malicious Software on May 15, 2018

Medium Alert ID: 57898 First Published: 2018 May 15 19:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32739 may contain the following files: Name | Size...

Want to See What A Live DDoS Attack Looks Like?

We’re fortunate enough to have had Andy Shoemaker, founder of NimbusDDoS, and our own Ofer Gayer chat about DDoS attacks and shed some light on the gaps in many people’s understanding of the threats out there. In a new BrightTALK webinar alongside Imperva Senior Product Manager, Ofer, Andy...

May 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

Zoom - Automatic & Lightning Fast Wordpress Vulnerability Scanner

Zoom is a lightning fast wordpress vulnerability scanner equipped with subdomain & infinite username enumeration.. It doesn't support plugin & theme enumeration at the moment. What's infinite enumeration? Try enumerating usernames of cybrary.com with Zoom & wpscan or your fav tool. Twitter:...

May 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

May 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. MSRC team...

Description of the security update for the vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: May 08, 2018

Description of the security update for the vulnerability in Windows Server 2008, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009: May 08, 2018 Summary An elevation of privilege vulnerability and an information disclosure vulnerability exist in Windows when the Win32k component...

May 8, 2018—KB4134196 Update for Windows 10 Mobile (OS Build 15254.401)

May 8, 2018—KB4134196 Update for Windows 10 Mobile OS Build 15254.401 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: This build includes all the improvements from KB4103731. If you...

Get Dashlane Password Manager Premium (50% + 10% OFF)

Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your passwor...

Red Hat Automatic Bug Reporting Tool Information Disclosure Vulnerability

Red Hat Automatic Bug Reporting Tool ABRT is a set of automated bug detection and reporting tools from Red Hat Red Hat. A security vulnerability exists in Red Hat ABRT versions prior to 2.1.6. A local attacker can exploit this vulnerability to obtain sensitive information from arbitrary files...