Security Bulletin for WebSphere MQ

Abstract Vulnerability risk information for WebSphere MQ. Content This security bulletin for WebSphere MQ is a way for you to obtain security risk assessment information for APARs that address issues which are considered to be security vulnerabilities. The intention is to provide enough informati...

Remote Authentication GeoFeasibility Tool - GeoLogonalyzer

Users have long needed to access important resources such as virtual private networks VPNs, web applications, and mail servers from anywhere in the world at any time. While the ability to access resources from anywhere is imperative for employees, threat actors often leverage stolen credentials t...

SA165: NTP Vulnerabilities February 2018

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target fro...

DEBIAN-CVE-2017-18251

An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file...

SA163: OpenSSH Vulnerability October 2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSH are susceptible to a security vulnerability. A remote attacker with read-only access to an SFTP server can create a large number of zero-length files and deplete the target's hard disk space. AFFECTED PRODUCTS The...

SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

SUMMARY Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities aka Meltdown and Spectre attacks. A remote attacker, with the ability to execute arbitrary code...

New Book Coming in September: "Click Here to Kill Everybody"

My next book is still on track for a September 2018 publication. Norton is still the publisher. The title is now Click Here to Kill Everybody: Peril and Promise on a Hyperconnected Planet, which I generally refer to as CH2KE. The table of contents has changed since I last blogged about this, and ...

Top Five Trends IT Security Pros Need to Think About Going into 2018

It’s that time of the year when we look back at the tech trends of 2017 to provide us with a hint of things to come. Accordingly, let’s engage in our favorite end-of-year pastime: predictions about the coming year. Equipped with Imperva’s own research, interactions with our customers, and a wealt...

June 30, 2017 – Morning Cyber Coffee Headlines – “Victor Hugo” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! June 30, 2017 - Headlines Carbon Black in the News: Carbon Black Seizes The...

BeautyMakeupAPP aliyun oss credentials have information leakage vulnerability

Aliyun Object Storage Service OSS is a massive, secure and highly reliable cloud storage service provided by Aliyun. BeautyMakeup aliyun oss credentials are vulnerable to information disclosure. When using this SDK, accessKeyId and accessKeySecret, endpoint are built into the mobile app, leading ...

National Security Community App aliyun oss credentials have information leakage vulnerability

Aliyun Object Storage Service OSS is a massive, secure and highly reliable cloud storage service provided by Aliyun. National Security Community aliyun oss credentials have an information leakage vulnerability. When using this SDK, accessKeyId and accessKeySecret, endpoint are built into the mobi...

Microsoft Sues US Govt Over Unconstitutional Secret Data Requests

Microsoft is suing the Department of Justice DoJ to protest the gag order that prevents technology companies from telling their customers when their cloud data is handed over to authorities. In layman's terms, the Electronic Communications Privacy Act ECPA allows the government to issue gag order...

SA110 : Java Deserialization Vulnerabilities

SUMMARY Blue Coat products that deserialize unsafe Java objects from untrusted sources are susceptible to one or more vulnerabilities. A remote attacker can exploit these vulnerabilities to cause the target to execute arbitrary code. AFFECTED PRODUCTS Cloud Data Protection for Salesforce CDP-SFDC...