EUVD-2010-4501

Malware in sbrugna...

Drug cartel hacked cameras and phones to spy on FBI and identify witnesses

The "El Chapo" Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau's defenses against this kind of surveillance are still inadequat...

PT-2025-18987 · Undefined · Undefined

Уязвимость операционных систем Fortinet FortiOS связана с недостатками механизма аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть данные о конфигурации устройства и обойти существующие механизмы безопасности...

PT-2024-2682 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom affected versions not specified Description: The issue is related to improper authentication in some Zoom clients, which may allow a privileged user to disclose information via local access. It is also mentioned that the vulnerability is...

SolarWinds and its CISO accused of misleading investors before major cyberattack

The Securities and Exchange Commission SEC has announced charges against software company SolarWinds Corporation and its chief information security officer CISO, Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 202...

SUSE CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

CVE-2010-4533

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies...

Security feature bypass

offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies...

Access Control Deficiencies and Remote Shared Buffer Leakage Vulnerabilities in the Southern Automated Monitoring System (SAMS)

South Deformation Monitoring System SMOS is a deformation monitoring system for monitoring various structures. The SMOS suffers from an Access Control Deficiency and Remote Shared Buffer Leakage vulnerability. An attacker could exploit the vulnerabilities to obtain sensitive information...

Weak Bank Password Policies Leave 350 Million Vulnerable, Say Researchers

Should passwords that protect your financial data be less secure than the ones used to lock up selfies, cat videos and tweets swapped on social networks? In a study that looked at the password strength required to access website account for Wells Fargo, Capital One and 15 other banks, researchers...

OPM Hack Expands to Include Data of 21.5M People

UPDATE–The ever-expanding data breach at the Office of Personnel Management has now spread to include the Social Security numbers and other personal data of a total of 21.5 million people, and the toll also now includes the agency’s director, Katherine Archuleta, who resigned Friday morning...

Wiretapping storm: the Android platform https sniffing hijacking vulnerability-vulnerability warning-the black bar safety net

0x0 Preface Last year 1 0 mid-May, Tencent Security Center in the daily terminal Safety audits found that, in the Android platform used in https communication of app the vast majority of are not safe to use the google API, a direct result of https communication of sensitive information leakage ev...

NOAA, Satellite Data, Riddled with Vulnerabilities

The informational systems that the National Oceanic and Atmospheric Administration NOAA run are fraught with vulnerabilities and what the U.S. Department of Commerce deems “significant security deficiencies” that could leave it vulnerable to cyber attacks. That’s according to the findings of an...

IRS Security Deficiencies May Put Taxpayer Data At Risk

Information security failings are making it impossible for the U.S. Internal Revenue Service IRS to get its financial house in order and could be putting taxpayers’ sensitive information at risk, according to a financial audit of the agency by the Government Accountability Office GAO. Deficiencie...

CentOS Update for kernel CESA-2009:0331 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Inspector General Talks Limitations of US-CERT

DHS Inspector General Richard Skinner spoke before the House Committee on Homeland Security yesterday and detailed his office’s latest report on the progress US-CERT has made in securing cyberspace and included noting limitations with enforcement, staffing and strategic planning. Read the full...

Old Y article management system V2. 4 the latest vulnerability analysis-vulnerability warning-the black bar safety net

Keywords: the CheckStrfunction, LoseHtmlfunction, bypassing the comma, wildcards, Line breaks, alternative manual injection, cross-site Technical points: the 1, The broke the old Y the latest of the four vulnerabilities; 2, The use of regular expression“.+?& gt;”of the“.” Meaning of“matching in...

kernel security update

CentOS Errata and Security Advisory CESA-2009:0473 Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...

RedHat Security Advisory RHSA-2009:0331

The remote host is missing updates to the kernel announced in advisory RHSA-2009:0331. This update addresses the following security issues: a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol PR-SCTP implementation. This could, potentially, lead t...

Multiple DNS implementations vulnerable to cache poisoning

Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Description The Domain Name System DNS is responsible for translating host names to IP addresses and vice versa and is critical for the normal operation of internet-connected systems...