Cloud application security: preventing security vulnerabilities-vulnerability warning-the black bar safety net

Currently, cloud-based applications are widely used, and with amazing speed growing. Since cloud-based applications can be accessed through the Internet, and anyone, anywhere can access – therefore, application security becomes particularly important. This is why the creation and management of...

Microsoft Online Services Bug Bounty Program Launches

Microsoft had always rejected the possibility of a full-scale bug bounty, relying instead on solid relationships it spent the better part of a decade fostering with researchers worldwide who submit vulnerabilities to the Microsoft Security Research Center MSRC. Yet in the past couple of years, th...

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...

Twitter Gains Team From Mitro Password Management Company

Twitter has announced that a cloud-based password management company called Mitro has joined the Twitter team, and all of Mitro’s code is now free and open source. Mitro’s offering a secure password manager that’s meant to help distributed teams share passwords for accounts and services. The...

Versatility of Zeus Framework Encourages Criminal Innovation

A new report on the Zeus trojan’s evolution shows that the malware was moved from harvesting online banking credentials to controlling botnets and launching distributed denial of service attacks attributes the evolution to the highly customized and incredibly versatile framework Zeus is today...

Google Recommends Developers Support OAuth 2.0

Google announced today that in the coming months it will be more stringent in securing users when they log in to their accounts by applying additional authorization checks. “These additional checks will ensure that only the intended user has access to their account, whether through a browser,...

Microsoft Office 365 Outlook - Persistent Vulnerability

Document Title: =============== Microsoft Office 365 Outlook - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=857 Microsoft Security Response Center MSRC ID: 14093 Microsoft Security Response Center MSRC MANAGER: JT Release Date...

Microsoft Office 365 Outlook - Persistent Vulnerability

Document Title: =============== Microsoft Office 365 Outlook - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=857 Microsoft Security Response Center MSRC ID: 14093 Microsoft Security Response Center MSRC MANAGER: JT Release Date...

Cosmoshop 'pwd.cgi'任意文件创建漏洞

Bugtraq ID:66323 CosmoShop是基于Magento的云电商系统。 攻击者可通过使用特制的请求利用该漏洞在服务器上创建任意文件。 0 Cosmoshop 目前没有详细解决方案： http://www.cosmoshop.de/...

McAfee Cloud Single Sign On目录遍历漏洞

CVE ID: CVE-2014-2536 McAfee Cloud Single Sign On是一款基于云的单点登录解决方案。 McAfee Cloud Single Sign On不正确过滤用户提交的输入，允许远程攻击者利用漏洞提交特制的目录遍历请求，读取任意文件内容。 0 McAfee Cloud Single Sign On formerly McAfee Cloud Identity Manager 4.x McAfee Cloud Single Sign On 4.0.1已经修复该漏洞，建议用户下载更新：...

Microsoft Office 365 Outlook - Persistent Vulnerability

Document Title: =============== Microsoft Office 365 Outlook - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=811 Microsoft Security Response Center MSRC ID: 14095 Release Date: ============= 2014-02-28 Vulnerability Laboratory ...

Microsoft Office 365 Outlook - Persistent Vulnerability

Document Title: =============== Microsoft Office 365 Outlook - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=811 Microsoft Security Response Center MSRC ID: 14095 Release Date: ============= 2014-02-28 Vulnerability Laboratory ...

Microsoft Office 365 Outlook Filter Bypass

Document Title: =============== Microsoft Office 365 Outlook - Filter Bypass & Persistent Editor Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=811 Microsoft Security Response Center MSRC ID: 14095 Release Date: ============= 2014-02-28...

Microsoft SharePoint 2013 - Persistent Web Vulnerability

Document Title: =============== Microsoft SharePoint 2013 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=812 Security Bulletin: MS13-067 http://technet.microsoft.com/de-de/security/bulletin/MS13-067 Microsoft Security...

Microsoft SharePoint 2013 - Persistent Web Vulnerability

Document Title: =============== Microsoft SharePoint 2013 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=812 Security Bulletin: MS13-067 http://technet.microsoft.com/de-de/security/bulletin/MS13-067 Microsoft Security...

New Jigsaw Hacking Tool Spotted in Attacks

If you’ve run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networkin...

Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities

Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: ===== 727 Common Vulnerability Scoring...

Barracuda LB / SVF / WAF / WEF Cross Site Scripting

Title: ====== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities Date: ===== 2013-07-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. VL-ID: ===== 727 Common Vulnerability Scoring...

Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities

Document Title: =============== Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=727 Note: The issue was part of the official Barracuda Networks Bug Bounty Program. Release Date: =============...

General Talks Security at Brookings Institution

General Martin Dempsey, Chairman of the Joint Chiefs of Staff, made clear yesterday in a speech to the Brookings Institution that the military, government, and private sector each has a role to play in hardening the U.S. against cyberattacks. General Dempsey also called out the maintainers of...