Laura Faria: Empathy on the front lines

What does it take to lead through chaos and keep organizations safe in the digital age? This week, Amy sat down with Laura Faria, an incident commander at Cisco Talos Incident Response, to explore a career built on empathy, collaboration, and a passion for cybersecurity. Laura opens up about her...

EUVD-2006-4527

Malware in sbrugna...

EUVD-2017-11791

Malware in sbrugna...

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...

Geomys, a blueprint for a sustainable open source maintenance firm

In 2022, I left Google in search of a sustainable approach to open source maintenance. A year later, I was a full-time independent professional open source maintainer. Today I’m announcing the natural progression of that experiment: Geomys,1 a small firm of professional maintainers with a portfol...

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input e.g. by redirecting...

Oracle Linux 7 : qemu (ELSA-2018-4262)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4262 advisory. - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28762625 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug:...

SUSE-SU-2023:0373-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 4.3.4 SUSE Liberty Linux 9 support as client SUSE Linux Enterprise Micro support as client Indications for systems requiring reboot or with a scheduled reboot Notification messages via email Grafana update...

SUSE-SU-2022:3761-1 Security update for release-notes-susemanager, release-notes-susemanager-proxy

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 Containerized proxy and RBS are now fully supported HTTP API is now fully supported Ubuntu 22.04 is now supported as a client Cobbl...

[SECURITY] Fedora 35 Update: squid-5.7-1.fc35

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

SUSE-SU-2022:2146-1 Security update for release-notes-susemanager, release-notes-susemanager-proxy

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to 4.2.7 Salt has been upgraded to 3004 version Enabled salt bundle as optional Debian 11 client support has been added Alertmanager has been upgraded to...

MGASA-2021-0298 Updated java-openjdk packages fix security vulnerabilities

For java-1.8.0 Security fixes - JDK-8227467: Better class method invocations - JDK-8244473: Contextualize registration for JNDI - JDK-8244543: Enhanced handling of abstract classes - JDK-8249906, CVE-2021-2163: Enhance opening JARs - JDK-8250568, CVE-2021-2161: Less ambiguous processing -...

10 best practices for MSPs to secure their clients and themselves from ransomware

Lock-downs and social distancing may be on, but when it comes to addressing the need for IT support—whether by current of potential clients—it’s business as usual for MSPs. And, boy, is it a struggle. On the one hand, they keep an eye on their remote workers to ensure they’re still doing their jo...

openSUSE Security Update : znc (openSUSE-2019-571)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

[SECURITY] Fedora 29 Update: hylafax+-5.6.1-1.fc29

HylaFAXtm is a enterprise-strength fax server supporting Class 1 and 2 fax modems on UNIX systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platform...

openSUSE Security Update : znc (openSUSE-2018-819)

This update for znc fixes the following issues : - Update to version 1.7.1 - CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 - CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

Security update for znc (moderate)

This update for znc fixes the following issues: - Update to version 1.7.1 CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf bnc1101281 CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. bnc1101280 - Update to...

CVE-2017-2630

CVE-2017-2630 describes a stack buffer overflow in QEMU prior to 2.9 when processing the server response to an NBD_OPT_LIST during NBD client negotiation. A malicious NBD server could trigger the overflow, crash the QEMU NBD client, or potentially cause arbitrary code execution in the QEMU proces...

Reaching toward universal TLS SNI

The past few years have seen a dramatic increase in client support for TLS SNI a technology standard that makes HTTPS much more scaleable. While early 2014 saw fewer than 85% of HTTPS requests being sent by clients supporting TLS SNI, many Akamai customers today now see client TLS SNI usage...