TippingPoint Threat Intelligence and Zero-Day Coverage – Week of December 11, 2017

If you read my weekly blog or follow me on Twitter, you know that I’m a huge sports fan. Unfortunately, when you don’t live in the town of your favorite team, you can be subject to blackout rules. So, my husband and I decided to purchase NFL Sunday Ticket from DirecTV. Fast forward to a couple of...

Synaptics Says Claims of a Keylogger in HP Laptops are False

Synaptics said reports that claim hundreds of HP laptops contain a secret keylogger made by the company are inaccurate. In a statement released Wednesday, the company said its software was being mischaracterized as a keylogger. It also said it would remove the debugging component from production...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of November 13, 2017

The dreaded white, blank screen in Microsoft Word is taunting me, with its blinking cursor asking for words to be written. Just when I thought I wouldn’t get any inspiration for this week’s blog, inspiration came to me from beyond through our late CTO Raimund Genes. Earlier this week, the third...

SUSE-SU-2017:2950-1 Security update for jq

This update for jq fixes the following issues: Security issues fixed: - CVE-2016-4074: The jvdumpterm function in jq allowed remote attackers to cause a denial of service stack consumption and application crash via a crafted JSON file. bsc1014176 Non-security issues fixed: - Update tests...

Target Credential Status by Authentication Protocol - Failure for Provided Credentials

Nessus failed to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the remote...

openSUSE Security Update : jq (openSUSE-2017-1190)

This update for jq fixes the following minor security issue : - CVE-2016-4074: stack exhaustion could affect availability when parsing untrusted imput bsc1014176 The following tracked packaging changes are included : - Update tests dependencies to increase test coverage bsc1017157 This update was...

OPENSUSE-SU-2017:2834-1 Security update for jq

This update for jq fixes the following minor security issue: CVE-2016-4074: stack exhaustion could affect availability when parsing untrusted imput bsc1014176 The following tracked packaging changes are included: Update tests dependencies to increase test coverage bsc1017157 This update was...

OPENSUSE-SU-2017:2833-1 Security update for jq

This update for jq fixes the following minor security issue: CVE-2016-4074: stack exhaustion could affect availability when parsing untrusted imput bsc1014176 The following tracked packaging changes are included: Update tests dependencies to increase test coverage bsc1017157 This update was...

rushbrookrathbone.co.uk XSS vulnerability

Vulnerable URL: http://www.rushbrookrathbone.co.uk/coverage-in-london-detail.php?id=13'"91=4c5bde74a8f110656874902f07378009&hash2;=3 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 11130635 VIP website status:| N...

insurecargo.com XSS vulnerability

Open Bug Bounty ID: OBB-249958 Description| Value ---|--- Affected Website:| insurecargo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 22, 2017

For those of you who follow the National Football League NFL, do you remember Super Bowl 47? I wasn’t exactly thrilled about the teams that played since I’m not a 49ers or Ravens fan. What was interesting about the game is that it was halted for over half an hour in the third quarter because of a...

Cisco Coverage for Adylkuzz, Uiwix, and EternalRocks

When the WannaCry attack was launched a little over a week ago, it was one of the first large scale attacks leveraging the data that was leaked by the Shadow Brokers. At the time the real concern was how quickly we would begin to see other threats leverage the same vulnerabilities. Over the past...

Vulnerability Quadrants

Hi everyone! Today I would like talk about software vulnerabilities. How to find really interesting vulnerabilities in the overall CVE flow. And how to do it automatically. First of all, let's talk why we may ever need to analyze software vulnerabilities? How people usually do their Vulnerability...

Analyzing Cyber Insurance Policies

There's a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract: In this research paper, we seek to answer fundamental questions concerning the current state of the cyber insurance market. Specifically, by collecting over 100 full insurance policies...

Mobile Application Security Training Platform: Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

OWASP Security Shepherd - Web And Mobile Application Security Training Platform

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...

PHP study notes and security vulnerabilities-vulnerability warning-the black bar safety net

System variables $POST // get the post data is a dictionary $GET // get get data, is a dictionary The error control operator PHP supports one error control operator:@the. When it is placed in a PHP expression, the expression may produce any error information is ignored. Variable default value Whe...

Dynamic Instrumentation Tool Platform: DynamoRIO

Dynamic Instrumentation Tool Platform DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling...

Apple Patents Technology to remotely disable your iPhone Camera at Concerts

Here's something you'll not like at all: Apple has been awarded a patent for technology that would prevent you from snapping pictures and shooting videos with your iPhone or iPad at places or events, like concerts or museums, where it might be prohibited or inappropriate. The patent, granted on...

lightningmaps.org XSS vulnerability

Vulnerable URL: http://www.lightningmaps.org/extra/coverage?lang=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 27398 VIP website status:| Yes Check lightningmaps.org SSL...