[SECURITY] Fedora 34 Update: python-starlette-0.14.2-6.fc34

Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing high performance asyncio services. It is production-ready, and gives you the following: Seriously impressive performance. WebSocket support. GraphQL support. In-process background tasks. Startup and shutdown events...

org.apache.livy:livy-assembly (=0.7.0-incubating), org.apache.livy:livy-coverage-report (=0.7.0-incubating) +2 more potentially affected by CVE-2021-26544 via org.apache.livy:livy-server (=0.7.0-incubating)

org.apache.livy:livy-server MAVEN version =0.7.0-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.livy:livy-server and may be impacted: - org.apache.livy:livy-assembly =0.7.0-incubating - org.apache.livy:livy-coverage-report...

Threat and Vulnerability Management now supports all major platforms

We are swiftly adapting to the lasting reality of a hybrid workforce, with the number of remote workers in the US expected to nearly double over the next five years, compared to pre-pandemic times. As a result, security teams are being challenged to rethink how to secure a growing and increasingl...

Threat and Vulnerability Management now supports all major platforms

We are swiftly adapting to the lasting reality of a hybrid workforce, with the number of remote workers in the US expected to nearly double over the next five years, compared to pre-pandemic times. As a result, security teams are being challenged to rethink how to secure a growing and increasingl...

VMware Carbon Black Delivers High-Fidelity Insight at Every Step of MITRE Engenuity ATT&CK® Evaluation

For the third year in a row, VMware Carbon Black today announced its participation in MITRE Engenuity’s third annual ATT&CK® Evaluations with VMware Carbon Black Cloud. VMware Carbon Black Cloud delivered robust telemetry coverage with correlated, high-fidelity alerts at each and every step of th...

Linux Distribution Coverage Extended Across the VMware Carbon Black Cloud

In 2020, a record 56 new Linux malware families were discovered. We are now seeing this trend continue into the new year with the latest discovery of RedXOR, believed to be formulated by Chinese nation-state actors targeting RedHat Enterprise Linux RHEL. With organizations hyper-accelerating thei...

Hackers Hosed by Google Were a Counterterrorism Operation

Plus: Fox News gets sued for its election coverage again, a record ransomware attack, and more of the week’s top security news...

Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)

InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats. The Feb. 3 release of InsightVM and Nexpose version 6.6.63 includes a beta version of the Metasploit Remote Check Service, bringing Metasploit check method...

AppSec Bites: A Podcast on Balancing Speed and Thorough AppSec Coverage (Part 1)

In the world today we have all become so accustomed to high-speed delivery and the instant gratification it instills any large 2-day shipping retail monsters come to mind?. Its only natural that the demand for speed and efficiency we are experiencing in our daily lives has expanded to the...

OSV-2018-190 Heap-buffer-overflow in OT::Coverage::intersects

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10084 Crash type: Heap-buffer-overflow READ 8 Crash state: OT::Coverage::intersects OT::ContextFormat2::closure hbvoidt const OT::hbclosurecontextt::dispatch...

SUSE-SU-2021:0048-1 Security update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec

This update for python-defusedxml, python-freezegun, python-pkgconfig, python-python3-saml, python-xmlsec fixes the following issues: - Update to 0.6.0 - Increase test coverage. - Add badges to README. - Test on Python 3.7 stable and 3.8-dev - Drop support for Python 3.4 - No longer pass html...

Additional Analysis into the SUNBURST Backdoor | McAfee Blogs

ARCHIVED STORY Additional Analysis into the SUNBURST Backdoor Christiaan Beek · DEC 17, 2020 Executive Summary There has been considerable focus on the recent disclosures associated with SolarWinds, and while existing analysis on the broader campaign has resulted in detection against specific IoC...

ToothPicker - An In-Process, Coverage-Guided Fuzzer For iOS

ToothPicker is an in-process, coverage-guided fuzzer for iOS. It was developed to specifically targets iOS's Bluetooth daemon bluetoothd and to analyze various Bluetooth protocols on iOS. As it is built using FRIDA, it can be adapted to target any platform that runs FRIDA. This repository also...

Target Credential Status by Authentication Protocol - Valid Credentials Provided

Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because th...

PT-2020-15490 · Jenkins · Jenkins Coverage/Complexity Scatter Plot Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Coverage/Complexity Scatter Plot Plugin versions 1.1.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape the method information in tooltips,...

AWS Recon - Multi-threaded AWS Inventory Collection Tool With A Focus On Security-Relevant Resources And Metadata

A multi-threaded AWS inventory collection tool. The creators of this tool have a recurring need to be able to efficiently collect a large amount of AWS resource attributes and metadata to help clients understand their cloud security posture. There are a handful of tools e.g. AWS Config,...

Nautilus - A Grammar Based Feedback Fuzzer

Nautilus is a coverage guided, grammar based fuzzer. You can use it to improve your test coverage and find more bugs. By specifying the grammar of semi valid inputs, Nautilus is able to perform complex mutation and to uncover more interesting test cases. Many of the ideas behind this fuzzer are...

aflnet

It is an offensive tool for Network protocols. The repository contains a greybox fuzzer for protocol implementations, named AFLNet. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of record...

PT-2020-14187 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.12.6 Envoy versions prior to 1.13.4 Envoy versions prior to 1.14.4 Envoy versions prior to 1.15.0 Description: The issue arises when validating TLS certificates, where Envoy incorrectly allows a wildcard DNS Subject...

Unspecified Vulnerability in CloudBees Jenkins GitHub Coverage Reporter Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . GitHub Coverage Reporter Plugin is used in one...