287 matches found
Partner Perspectives: Detect All Devices, Respond to All Threats
Michael Tanji is the Chief Operations Officer for Senrio. The ability to detect and respond to cyber threats in a timely manner is an essential capability of every security-minded enterprise. Endpoint detection and response EDR solutions, such as Carbon Black’s Cb Response, are a critical compone...
Keeping False Positives in Check
In 2017, seven out of ten organizations said their security risks increased significantly, according to a Ponemon Institute study. This is no surprise given that last year organizations suffered the largest ransomware outbreak in history WannaCry and vulnerabilities such as Meltdown and Spectre...
Security Bulletin: FileNet Workplace can be affected by the Open URL Redirection Vulnerability (CVE-2016-5878)
Summary FileNet Workplace is susceptible to the Open URL Redirection Vulnerability. Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-5878 DESCRIPTION: IBM FileNet WorkPlace could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a...
Security update for Adobe Flash Player: May 8, 2018
None None...
Deploying and Troubleshooting Compliance Baselines
If you are in the IT space, youve most likely encountered or are bound by some form of regulation/framework such as PCI, HIPAA, FISMA, and/or CGIS. Most of these compliance programs require a hardened baseline to be implemented within your information systems to reduce the risk and impact of an...
HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS
Vulnerability Summary The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch. The vulnerability affect versions: Software Version: 01.00.10 Boot version: 1.0.0.14 Hardware Version: 01.01.0a “On April 12, 2010...
Windows NSA Information Assurance: Locklevel
Windows NSA Information Assurance LOCKLEVEL was a rapidly built prototype that demonstrates a method for scoring how well Windows systems have implemented some of the NSA Information Assurance top 10 mitigation strategies . This prototype is being shared to encourage industry adoption of these...
Today’s File Security is So ‘80s, Part 2: Detect Suspicious File Access with Dynamic Peer Groups
In a previous post, we shared three primary reasons why the traditional, static approach to file security no longer works for today’s modern enterprises. Working groups are formed organically and are cross-functional by nature, making a black and white approach to file access control outdated—it...
Thwart Insider Threats with Machine Learning [Infographic]
Potentially the most lethal kind of threat to an organization’s security, insider threats can pose risks as significant as—if not more than—external attacks. Because insiders are granted trusted access to sensitive data, these threats often fly under the security radar. By examining how users...
ssh_scan - A prototype SSH Configuration and Policy Scanner
A SSH configuration and policy scanner Key Benefits Minimal Dependancies - Uses native Ruby and BinData to do its work, no heavy dependancies. Not Just a Script - Implementation is portable for use in another project or for automation of tasks. Simple - Just point sshscan at an SSH service and...
OpenSSHd 7.2p2 - Username Enumeration (2)
Exploit for linux platform in category remote exploits !/usr/bin/python CVEs: CVE-2016-6210 Credits for this go to Eddie Harari Author: 0o -- nullnull nu11.nu11 at yahoo.com Oh, and it is n-u-one-one.n-u-one-one, no l's... Wonder how the guys at packet storm could get this wrong : Date: 2016-07-1...
FedRAMP High Baseline Requirements Published
The Federal Risk and Authorization Management Program FedRAMP Project Management Office officially released its High baseline for High impact-level systems. This baseline is at the High/High/High categorization level for confidentiality, integrity, and availability in accordance with FIPS 199; an...
March 8, 2016, update for Project 2016 (KB3114865)
None None...
glibc security, bug fix, and enhancement update
2.17-105.0.1 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. 2.17-105 - Fix up test case for initial-exec fix 1248208. 2.17-104 - Mark all TLS variables i...
Multiple vulnerabilites in Java 1.7.0_15
The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for...
DEBIAN-CVE-2014-0179
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service read block and hang via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virConnectCompareCPU or 2 virConnectBaselineCPU API method, relate...
UBUNTU-CVE-2014-0179
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service read block and hang via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the 1 virConnectCompareCPU or 2 virConnectBaselineCPU API method, relate...
Baseline CMS 1.95 Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15961/info Baseline CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the...
Mozilla Asks CAs for Details on Subordinate Certificate Controls
Mozilla has warned certificate authorities included in its root CA Certificate Program that they only have a few weeks left to comply with the company’s new policy, which requires CAs to adhere to the CA/Browser Forum Baseline Requirements and provide proof of audits of their subordinate...
IG Report Shows DHS Making Progress, But Still Has Room to Improve on Information Security
Although there are still a number of issues that need to be addressed with the Department of Homeland Security’s information security efforts, the department is improving in many areas and making strong progress toward implementing better security controls, a new report from the Inspector General...