Threat Outbreak Alert: Fake Official Documents Notification Email Messages on January 13, 2014

Medium Alert ID: 32418 First Published: 2014 January 14 15:40 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain official documents for the recipient. The text in the email message attempts to convince the recipient to open...

Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line

Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via command line Date: 11/15/2013 Author: Larry W. Cashdollar, @larry0 Download: http://rubygems.org/gems/bio-basespace-sdk Description: "BaseSpace Ruby SDK is a Ruby based Software Development Kit to be used in the development of Apps and...

Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities

Exploit for php platform in category web applications 0 ======== Introduction / Background / Impact ======== In computer forensics http://en.wikipedia.org/wiki/Computerforensics one essential requirement is that evidence data does not get modified at all or not unnoticed, at least. Therefore IT...

Bio Basespace SDK 0.1.7 API Key Exposure

The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the APIKEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table. Title: Bio Basespace SDK 0.1.7 Ruby Gem exposes API Key via...

Embedded Devices Vulnerable by Default from Manufacturer

Embedded device manufacturers have been warned for ages about the risks of making networking, telecom and critical infrastructure gear reachable online, worse yet, leaving default credentials in place for authenticating to those devices. Clearly, most are not listening. An Australian researcher...

ABB DataManager National Instruments Multiple ActiveX Controls cwui.ocx ExportStyle() Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB DataManager Data Analysis. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Carna Botnet Analysis Enumerates Vulnerable Network Devices

The Carna botnet, more formally known as the Internet Census 2012, stirred up a hornet’s nest of controversy when it was unveiled in March to a number of popular security mailing lists. An unidentified researcher had found more than 420,000 embedded devices that were accessible online with defaul...

UK Intelligence recruiting brilliant minds for eavesdropping social networks

Government eavesdropping and security agency GCHQ is developing new tools to sift through them for nuggets of useful data from Facebook, Twitter, LinkedIn, Google+, Pinterest. All of these are the source of valuable intelligence that the UK's intelligence agencies want to know about. During a vis...

[SECURITY] Fedora 17 Update: pnp4nagios-0.6.16-4.fc17

PNP is an addon to nagios which analyzes performance data provided by plugi ns and stores them automatically into RRD-databases...

Navy Hires Contractor to Data-Mine Gaming Consoles

The U.S. Navy recently hired an outside contractor, Obscure Technologies, to develop computer forensics tools capable of analyzing network traffic and stored data on gaming consoles. The contract, valued at $177,237.50, calls on Obscure Technologies to create hardware and software tools that can ...

The Security Game Needs to Change

SAN FRANCISCO–You don’t need to look too hard or talk to too many people at the RSA Conference here this week to realize that there is one subtle but persistent signal amid all of the noise: security is failing.It’s not news that things are broken. They’ve been broken for a while now, and not jus...

EMC Buys Security Firm NetWitness

UPDATE: Call it ‘dancing with the girl that brought ‘ya,’: two weeks after it disclosed a serious security breach at its RSA Security Division, tech firm EMC said it was buying NetWitness, a threat analysis firm that helped it detect the breach in the first place. EMC said on Monday that it had...

Safari < 5.0.4 Multiple Vulnerabilities

Binary data 801013.prm...

Researchers can ID anonymous Twitterers

By Robert McMillan, IDG News Service Researchers at the University of Texas at Austin have taken a close look at the way anonymous data can be analyzed and have come to some troubling conclusions infoworld.com. In a paper 33bits.org set to be delivered at an upcoming security conference, they...

Yahoo! Statistical functions cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Source: 80sec Vulnerability Description: The yahoo statistics function is widely used for site access statistics, used to make a variety of data analysis such as access to the source, The Client Access page statistics, etc., specific information can access the web site http://tongjia. yahoo. cn...

Proxy / Firewall Detection Via User-Agent

Binary data 3715.prm...

Hack technical analysis session hijacking attack combat tutorials-vulnerability warning-the black bar safety net

Introduction Typically, everyone says the invasion is for a host, after obtaining administrator privileges, it is very proud; in fact, the real invasion is the occupation of the entire internal network. For the internal network attack method more, but the more effective method of non-ARP spoofing...

Yum Updater Detection

Binary data 2646.prm...

MSN Messenger < 6.2.0205 PNG File Remote Overflow (deprecated)

Binary data 2603.prm...

UW-imapd CRAM-MD5 Authentication Bypass

Binary data 2568.prm...