CVE-2017-12243

A vulnerability in the Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The...

computinghistory.org.uk XSS vulnerability

Open Bug Bounty ID: OBB-384987 Description| Value ---|--- Affected Website:| computinghistory.org.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

InfoSec Pros Must Fasten Their Seatbelts for Digital Transformation Ride

The IT industry has gone through multiple revolutions – client-server computing, the Internet’s rise, virtualization, mobility – but none rivals the unprecedented impact of today’s digital transformation. The implications for InfoSec professionals are broad, requiring that they adapt quickly to t...

October 26, 2017 – Morning Cyber Coffee Headlines – “Continental Congress” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! October 26, 2017 - Headlines Carbon Black in the News: Protecting elections fro...

How to create an intentional culture of security

In this day and age, companies great and small are vulnerable to potential attacks that they are exposed to every day. From insider threats to simple phishing, one is always left guessing if they know enough to handle them or are well prepared to face the risks. Educating your staff about basic...

ZTE uSmartView DLL Hijacking

Vulnerability summary The following advisory describes an DLL Hijacking found in ZTE uSmartView. ZTE uSmartView offers: “ZTE provides full series of cloud computing products including cloud terminals, cloud desktops, virtualization software, and cloud storage products and end-to-end integrated...

CVE-2017-12267

A vulnerability in the Independent Computing Architecture ICA accelerator feature for the Cisco Wide Area Application Services WAAS could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service DoS...

CrackLord - Queue and Resource System For Cracking Passwords

CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.6.1 bug fix and enhancement update

Red Hat OpenShift Container Platform releases 3.6.1 are now available with updates to packages and images that fix several bugs and add various enhancements. Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or privat...

Vulnerability Management Market Disruptors

Gartners recent vulnerability management report provides a wealth of insight into vulnerability management VM tools and advice for how to build effective VM programs. Although VM tools and capabilities have changed since the reports last iteration in 2015, interestingly one thing hasnt: Gartners...

Week 6 of Girls Who Code: Artificial Intelligence and Human Expertise at Watson Health

Week 6 of the Girls Who Code summer-immersion program at Akamai featured a field trip to IBM's Watson Health, where the girls learned about the concept of "cognitive computing," and how this technology is being used by IBM to help doctors help their patients. The girls met some of the women at IB...

Cisco Integrated Management Controller Remote Code Execution Vulnerability

According to its self-reported version, the Cisco Unified Computing System Management Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

According to its self-reported version, the Cisco Unified Computing System Management Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...

Security vulnerabilities fixed in Firefox ESR 52.3 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...

CyberSecurity Report: Threat Landscape Gets More Sophisticated

Destruction of service. Get acquainted with this newly-minted term, and with its acronym — DeOS. It’s a particularly disturbing type of cyber attack InfoSec teams may face regularly in the not too distant future. That’s one of the main findings featured in the Cisco 2017 Midyear Cybersecurity...

August 7, 2017 – Morning Cyber Coffee Headlines – “Teddy Roosevelt” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 5, 2017 - Headlines Ransomware can cost firms over $700,000; cloud...

DEBIAN-CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator Qemu 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service crash via vectors related to a VNC client updating its display after a VGA operation...

A week in security (July 17 – July 23)

Over the last week, we have covered Play Protect, android’s new security system and how the Dutch police ran Hansa Market after the take down of Alpha Bay, both major players on the Dark Web. We also provided some tips on how to stay cyber safe this summer. We also saw how the Terror exploit kit...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

An update for openstack-nova is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Qemu: VNC: memory corruption due to unchecked resolution limit

An out-of-bounds memory access issue was found in Quick Emulator QEMU in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vncrefreshserversurface'. A user inside a guest could use this flaw to crash the QEMU process...