A week in security (April 26 – May 2)

Last week on Malwarebytes Labs, we looked at which age range is most likely to be targeted by online predators, talked to Malwarebytes CISO John Donovan on our Lock and Code podcast, and explored the latest deepfake happenings. We also dug into a supply chain attack, discussed threats from a...

[Security Nation] Marina Ciavatta and int eighty Put the Fun into Hacking With Hacking Esports and Dual Core Music

!\Security Nation\ Marina Ciavatta and int eighty Put the Fun into Hacking With Hacking Esports and Dual Core Musichttps://blog.rapid7.com/content/images/2021/04/securitynationlogo-65.jpg In this episode of Security Nation, we are joined by Marina Ciavatta and int eighty to talk about Hacking...

Fast and More Efficient Stateless SYN Scanner And Banner Grabber: PolarBearScan

polarbearscan is an attempt to do faster and more efficient banner grabbing and port scanning. It combines two different ideas which hopefully will make it somewhat worthy of your attention and time. The first of these ideas is to use stateless SYN scanning using cryptographically protected cooki...

Previewing Black Hat 2016, Ivan Krstic's on Apple, Kaminsky's Keynote, And More

Mike Mimoso, Tom Spring, and Chris Brook preview Black Hat 2016, including Ivan Krstic’s talk on Apple/iOS security, Dan Kaminsky’s keynote, IoT, PAC malware, and more. Download: ThreatpostBlackHat2016Preview.mp3 Music by Chris Gonsalves...

Dan Kaminsky on VENOM

Dennis Fisher talks with Dan Kaminsky about the VENOM bug, the value of virtual machine escapes, why everyone wants to make every bug the worst one of all time or just a bunch of hype and what the Avengers have to do with vulnerability disclosure. Download: digitalunderground202.mp3 Music by Chri...

SuSE 11 Security Update : Mozilla (SAT Patch Number 1304)

Mozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities CA which...

Ubuntu Update for linux-ti-omap4 USN-1228-1

Ubuntu Update for Linux kernel vulnerabilities USN-1228-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12281.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux-ti-omap4 USN-1228-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.n...

RedHat Update for gnutls RHSA-2010:0166-01

Check for the Version of gnutls OpenVAS Vulnerability Test RedHat Update for gnutls RHSA-2010:0166-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Weatherford, Kaminsky: Top 2010 Security Issues

Mark Weatherford, CISO for California, and Dan Kaminsky, finder of last year’s DNS flaw, offer five security predictions for 2010. Read the full article. CSO...

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass

Exploit for unknown platform in category remote exploits ====================================================================================== Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability...

SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6541)

The Mozilla NSS security framework was updated to version 3.12.3.1. - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger AIM, allows remote SSL...

openSUSE 10 Security Update : libfreebl3 (libfreebl3-6494)

The Mozilla NSS and dependend libraries were updated to fix various issues. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Insta...

SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1199)

The Mozilla NSS security framework was updated to version 3.12.3.1. - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services NSS before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger AIM, allows remote SSL...

RHEL 3 : seamonkey (RHSA-2009:1432)

Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client,...

Stable Update: Security fixes

Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below. CVE-2009- 2935 Unauthorized memory read from Javascript A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing securi...

Ubuntu: Security Advisory (USN-810-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Security Advisory RHSA-2009:1207

The remote host is missing updates to Netscape Portable Runtime NSPR and Network Security Services NSS announced in advisory RHSA-2009:1207. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7...

DNS BailiWicked Host Attack

This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed Jul 2008. This exploit caches a single malicious host entry into the target nameserver by sending random hostname queries to the target DNS server coupled with spoofed replies to those...

Ubuntu 8.04 LTS / 8.10 / 9.04 : nspr update (USN-810-2)

USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service via...

Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service via application crash or execute arbitrary code as the user invoking the program. CVE-2009-2404 Moxie...