Cyber Security Training Courses – CISA, CISM, CISSP Certifications

Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber...

Cyber Security Training Courses – CISA, CISM, CISSP Certifications

Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber...

CVE-2018-10869

It was discovered that redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. Mitigation If SELinux is enabled it further restricts the set of files that can be downloaded...

CVE-2018-10870

It has been discovered that redhat-certification does not properly sanitize paths in rhcertStore.py:saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution. Mitigation If SELinux is enabled it further restricts the set of files an...

PT-2018-10152 · Red Hat · Redhat-Certification

Name of the Vulnerable Software and Affected Versions: redhat-certification affected versions not specified Description: The issue allows a remote attacker to download any file accessible by the user running httpd through the /download page, due to improper restriction of files by...

pki-core security, bug fix, and enhancement update

10.5.1-13.1 - Rebuild due to build system database problem 10.5.1-13 - - RHEL 7.5: - - Bugzilla Bug 1553068 - Using a Netmask produces an odd entry in a certifcate rhel-7.5.z ftweedal - Bugzilla Bug 1585945 - CMC CRMF requests result in InvalidKeyFormatException when signing algorithm is ECC...

CVE-2018-10868

It has been discovered that redhat-certification does not properly limit the number of recursive definitions of entities in XML documents while parsing the status of a host. A remote attacker could use this vulnerability to consume all the memory of the server and cause a Denial of Service...

CVE-2018-10864

An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service...

CVE-2018-10867

It has been discovered that redhat-certification does not restrict file access in the /update/results page. A remote attacker could use this vulnerability to remove any file accessible by the user which is running httpd. Mitigation If SELinux is enabled, it will restrict the number of files...

CVE-2018-10866

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GnuPG vulnerabilities (USN-3675-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3675-1 advisory. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when...

USN-3675-1: GnuPG vulnerabilities

Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the...

ifs-certification.com XSS vulnerability

Open Bug Bounty ID: OBB-623741 Description| Value ---|--- Affected Website:| ifs-certification.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Low: gnupg2

Issue Overview: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys: GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that...

Updated gnupg2 packages fix security vulnerability

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234...

MGASA-2018-0254 Updated gnupg2 packages fix security vulnerability

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. CVE-2018-9234...

AWS Certified Cloud Practitioner: A Valuable Certification for Professionals in Non-Technical Roles

Within the past year, AWS unveiled what is arguably one of the best programs they have ever offered to non-technical professionals in the AWS Partner Network APN: the AWS Certified Cloud Practitioner certification. The program, which is especially valuable for those in sales or marketing roles,...

Mobile Menace Monday: re-emergence of a fake Android AV

Back in early 2013, a new mobile antivirus AV company called Armor for Android emerged into the mobile security software industry that had everyone perplexed. It seemed eerily like malware known as a Fake AV, and some even gave it that label. As a younger mobile researcher, I was one of those who...

Researchers Hacked Amazon’s Alexa to Spy On Users, Again

A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices – and automatically transcribe every word said. Checkmarx researchers told Threatpost that they created a proof-of-concept Alexa Skill that abuses...

CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...