Lucene search
+L

287 matches found

Carbon Black Blog
Carbon Black Blog
added 2018/08/13 2:3 p.m.31 views

Partner Perspectives: Detect All Devices, Respond to All Threats

Michael Tanji is the Chief Operations Officer for Senrio. The ability to detect and respond to cyber threats in a timely manner is an essential capability of every security-minded enterprise. Endpoint detection and response EDR solutions, such as Carbon Black’s Cb Response, are a critical compone...

0.9AI score
Exploits0
ThreatPost
ThreatPost
added 2018/07/06 6:30 p.m.12 views

Keeping False Positives in Check

In 2017, seven out of ten organizations said their security risks increased significantly, according to a Ponemon Institute study. This is no surprise given that last year organizations suffered the largest ransomware outbreak in history WannaCry and vulnerabilities such as Meltdown and Spectre...

7.3AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 12:16 p.m.15 views

Security Bulletin: FileNet Workplace can be affected by the Open URL Redirection Vulnerability (CVE-2016-5878)

Summary FileNet Workplace is susceptible to the Open URL Redirection Vulnerability. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-5878 DESCRIPTION: IBM FileNet WorkPlace could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a...

6.8CVSS0.5AI score0.00805EPSS
Exploits0Affected Software1
Microsoft KB
Microsoft KB
added 2018/05/08 7:0 a.m.39 views

Security update for Adobe Flash Player: May 8, 2018

None None...

6.1AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/12/11 4:17 p.m.16 views

Deploying and Troubleshooting Compliance Baselines

If you are in the IT space, youve most likely encountered or are bound by some form of regulation/framework such as PCI, HIPAA, FISMA, and/or CGIS. Most of these compliance programs require a hardened baseline to be implemented within your information systems to reduce the risk and impact of an...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2017/10/24 12:0 a.m.46 views

HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Vulnerability Summary The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch. The vulnerability affect versions: Software Version: 01.00.10 Boot version: 1.0.0.14 Hardware Version: 01.01.0a “On April 12, 2010...

6.6AI score
Exploits0
n0where
n0where
added 2017/06/26 3:55 a.m.30 views

Windows NSA Information Assurance: Locklevel

Windows NSA Information Assurance LOCKLEVEL was a rapidly built prototype that demonstrates a method for scoring how well Windows systems have implemented some of the NSA Information Assurance top 10 mitigation strategies . This prototype is being shared to encourage industry adoption of these...

0.4AI score
Exploits0References1
Imperva Blog
Imperva Blog
added 2017/06/12 3:30 p.m.74 views

Today’s File Security is So ‘80s, Part 2: Detect Suspicious File Access with Dynamic Peer Groups

In a previous post, we shared three primary reasons why the traditional, static approach to file security no longer works for today’s modern enterprises. Working groups are formed organically and are cross-functional by nature, making a black and white approach to file access control outdated—it...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/05/23 5:2 p.m.30 views

Thwart Insider Threats with Machine Learning [Infographic]

Potentially the most lethal kind of threat to an organization’s security, insider threats can pose risks as significant as—if not more than—external attacks. Because insiders are granted trusted access to sensitive data, these threats often fly under the security radar. By examining how users...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2017/04/10 2:29 p.m.15 views

ssh_scan - A prototype SSH Configuration and Policy Scanner

A SSH configuration and policy scanner Key Benefits Minimal Dependancies - Uses native Ruby and BinData to do its work, no heavy dependancies. Not Just a Script - Implementation is portable for use in another project or for automation of tasks. Simple - Just point sshscan at an SSH service and...

7.2AI score
Exploits0References3
0day.today
0day.today
added 2016/07/20 12:0 a.m.1304 views

OpenSSHd 7.2p2 - Username Enumeration (2)

Exploit for linux platform in category remote exploits !/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-1...

4.3CVSS6.8AI score0.88944EPSS
Exploits12
The Coalfire Blog
The Coalfire Blog
added 2016/06/28 10:58 p.m.20 views

FedRAMP High Baseline Requirements Published

The Federal Risk and Authorization Management Program FedRAMP Project Management Office officially released its High baseline for High impact-level systems. This baseline is at the High/High/High categorization level for confidentiality, integrity, and availability in accordance with FIPS 199; an...

1.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2016/03/08 12:0 a.m.9 views

March 8, 2016, update for Project 2016 (KB3114865)

None None...

6.1AI score
Exploits0
Oracle linux
Oracle linux
added 2015/11/24 12:0 a.m.74 views

glibc security, bug fix, and enhancement update

2.17-105.0.1 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. 2.17-105 - Fix up test case for initial-exec fix 1248208. 2.17-104 - Mark all TLS variables i...

7.5CVSS0.2AI score0.05808EPSS
Exploits4
Atlassian
Atlassian
added 2015/04/16 6:32 a.m.48 views

Multiple vulnerabilites in Java 1.7.0_15

The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for...

5.5AI score
Exploits0
OSV
OSV
added 2014/08/03 6:55 p.m.2 views

DEBIAN-CVE-2014-0179

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service read block and hang via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virConnectCompareCPU or 2 virConnectBaselineCPU API method, relate...

1.9CVSS6.6AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2014/08/03 12:0 a.m.4 views

UBUNTU-CVE-2014-0179

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service read block and hang via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virConnectCompareCPU or 2 virConnectBaselineCPU API method, relate...

1.9CVSS6.8AI score0.0056EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Baseline CMS 1.95 Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15961/info Baseline CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2014/05/14 12:13 a.m.10 views

Mozilla Asks CAs for Details on Subordinate Certificate Controls

Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2013/12/04 11:35 a.m.9 views

IG Report Shows DHS Making Progress, But Still Has Room to Improve on Information Security

Although there are still a number of issues that need to be addressed with the Department of Homeland Security’s information security efforts, the department is improving in many areas and making strong progress toward implementing better security controls, a new report from the Inspector General...

Exploits0References1
Rows per page
Query Builder