4423 matches found
Ed: Physical Laptop Takeover
At 6:16PM of August 11th of 2018, during H1-702, right before the sand storm beat the shit out of the rooftop party, we managed to perform a critical attack on Ed's infrastructure. F332214 Report Summary During our analysis and reconnaissance of how Ed program worked during the h1-702 event, we...
[SECURITY] Fedora 27 Update: kernel-tools-4.17.12-100.fc27
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 28 Update: kernel-tools-4.17.12-200.fc28
This package contains the tools/ directory from the kernel source and the supporting documentation...
Tamper proofing review: the iZettle card payment terminal
Tamper resistance is an increasingly important factor in smart devices. Together with secure hardware design and defensive coding, it can deliver a very secure device. One of the most common areas the average consumer will encounter tamper resistant devices is in payment terminals, or Pin Entry...
[SECURITY] Fedora 28 Update: mailman-2.1.29-1.fc28
Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from...
Node.js third-party modules: Command Injection Vulnerability in win-fork/win-spawn Packages
I would like to report a command injection vulnerability in win-fork and win-spawn packages. It allows an attacker to inject multiple commands in exec-like manner. Module module name: win-spawn version: 2.0.0 npm page: https://www.npmjs.com/package/win-spawn npm page:...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0170
An update of 'mysql' packages of Photon OS has been released...
Advanced Man in the Middle Attack Framework: Evilginx
Evilginx is an attack framework for setting up phishing pages. Instead of serving templates of sign-in pages lookalikes, Evilginx becomes a relay between the real website and the phished user . Phished user interacts with the real website, while Evilginx captures all the data being transmitted...
FreeBSD : GIMP - Heap Buffer Overflow Vulnerability (bfda2d80-0858-11e8-ad5c-0021ccb9e74d)
GNOME reports : CVE-2017-17786 Out of bounds read / heap overflow in tga importer / function bgr2rgb.part.1 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...
WTF - A Personal Information Dashboard For Your Terminal
A personal terminal-based dashboard utility, designed for displaying infrequently-needed, but very important, daily data. Quick Start Download and run the latest binary or install from source: go get -u github.com/senorprogrammer/wtf cd $GOPATH/src/github.com/senorprogrammer/wtf make install make...
Notification Emails From Veeam Backup for Microsoft 365 Are Sent in an Unexpected Language
Challenge Email notifications sent by Veeam Backup for Microsoft 365 unexpectedly contain Chinese characters. Cause The issue is caused by an encoding conflict. By default, Veeam Backup for Microsoft 365 uses UTF-16 character encoding, and the problem appears under the following circumstances: Us...
[SECURITY] Fedora 28 Update: mailman-2.1.26-4.fc28
Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from...
Scout2 - Security Auditing Tool For AWS Environments
Scout2 is a security tool that lets AWS administrators assess their environment's security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a...
[SECURITY] Fedora 28 Update: rust-1.27.1-2.fc28
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...
[SECURITY] Fedora 27 Update: rust-1.27.1-2.fc27
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...
5 ways to find and fix open source vulnerabilities
Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software OSS ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a...
LogonTracer - Investigate Malicious Windows Logon By Visualizing And Analyzing Windows Event Log
Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name or an IP address and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occur...
CVE-2018-0708
creationtimestamp| type| source ---|---|--- 2018-07-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45015 2024-10-10 11:12:45+00:00| seen| https://t.me/CyberSecurityTechnologies/156...
CVE-2018-12981
creationtimestamp| type| source ---|---|--- 2018-07-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45014...
CVE-2018-0709
creationtimestamp| type| source ---|---|--- 2018-07-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45015...