CVE-2019-6439

CVE-2019-6439 affects wolfSSL (benchmarks) with a heap-based buffer overflow in examples/benchmark/tls_bench.c in wolfSSL

Best practices for securely using Microsoft 365—the CIS Microsoft 365 Foundations Benchmark now available

This post was cowritten by Jonathan Trull, Chief Security Advisor, Cybersecurity Solutions Group, and Sean Sweeney, Chief Security Advisor, Cybersecurity Solutions Group. Were excited to announce the availability of the Center for Internet Securitys CIS Microsoft 365 Foundations Benchmarkdevelope...

The Docker Bench For Security - A Script That Checks For Dozens Of Common Best-Practices Around Deploying Docker Containers In Production

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding...

Mail.ru: benchmark metrics available at 5.61.239.154

Benchmark data for 3rd party product was available from outside. Benchmarking was performed using generated data in isolated testing evironment, so no actual data or production information was leaked...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.10), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +26 more potentially affected by CVE-2015-7521 via org.apache.hive:hive-exec (>=1.1.0 <=1.2.1)

org.apache.hive:hive-exec MAVEN version =1.1.0, =3.18.0.9, =0.1.5, =0.1.5, =6.5.0, =6.5.0, =6.5.0, =6.5.0, =0.14.0, =0.14.0, =0.15.0, =0.15.0, =0.15.1 and more Source cves: CVE-2015-7521 Source advisory: OSV:GHSA-83R3-C79W-F6WC...

Microsoft Windows: MS Security Guide: Enable Structured Exception Handling Overwrite Protection

If this setting is enabled, SEHOP is enforced. If this setting is disabled or not configured, SEHOP is not enforced for 32-bit processes. C Microsoft Corporation 2015. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Microsoft Windows: Service: Remote Desktop Configuration

The service SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.109270";...

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS an...

Rp++ - Tool That Aims To Find ROP Sequences In PE/Elf/Mach-O X86/X64 Binaries

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O doesn't support the FAT binaries x86/x64 binaries. It is open-source, documented with Doxygen well, I'm trying to.. and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion 10.7.3. Moreover, it ...

UPDATE: Prowler 2.0 Beta

PenTestIT RSS Feed My older post about Prowler was about a good NINE months ago. Since then, a lot has changed and hence, this post is about the recently released update made to the AWS CIS Benchmark tool – Prowler 2.0 Beta! This new beta version has lots of improvements which you shall read abou...

ImageMagick 'BenchmarkOpenCLDevices' Function Denial of Service Vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A security vulnerability exists in the 'BenchmarkOpenCLDevices' function in the MagickCore/opencl.c file in ImageMagic...

Best practices for securely moving workloads to Microsoft Azure

Azure is Microsofts cloud computing environment. It offers customers three primary service delivery models including infrastructure as a service IaaS, platform as a service PaaS, and software as a service SaaS. Adopting cloud technologies requires a shared responsibility model for security, with...

UserSpice 4.3 - Blind SQL Injection

!/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP User Management Framework is that it has been...

Intel Warns Users Not to Install Its 'Faulty' Meltdown and Spectre Patches

Don't install Intel's patches for Spectre and Meltdown chip vulnerabilities. Intel on Monday warned that you should stop deploying its current versions of Spectre/Meltdown patches, which Linux creator Linus Torvalds calls 'complete and utter garbage.' Spectre and Meltdown are security...

PHP Melody 2.7.3 - Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly...

UPDATE: Prowler 1.3!

PenTestIT RSS Feed My older post about Prowler can be found here. This post is about an update made to the AWS CIS Benchmark Tool - Prowler 1.3! What is Prowler? Prowler is a tool for AWS security assessment, auditing and hardening. It follows guidelines of the CIS Amazon Web Services Foundations...

Prowler - Tool for AWS Security Assessment, Auditing And Hardening

Tool based on AWS-CLI commands for AWS account security assessment and hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 Features It covers hardening and security best practices for all AWS regions related to: Identity and Access Management 24 checks Logging...

AWS CIS Benchmark Tool: Prowler

Tool based on AWS-CLI commands for AWS account hardening, following guidelines of the CIS Amazon Web Services Foundations Benchmark 1.1 . It covers hardening and security best practices for all regions related to: Identity and Access Management 24 checks Logging 8 checks Monitoring 15 checks...

[SECURITY] Fedora 24 Update: capnproto-0.5.3.1-1.fc24

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protoco l Buffers. Th...

morty - Privacy aware web content sanitizer proxy as a service

Web content sanitizer proxy as a service. Morty rewrites web pages to exclude malicious HTML tags and attributes. It also replaces external resource references to prevent third party information leaks. The main goal of morty is to provide a result proxy for searx , but it can be used as a...