11 matches found
curl: libcurl 8.20.0 ignores HTTP Digest domain protection space and preemptively leaks Digest auth outside the declared scope
Summary: libcurl 8.20.0 ignores the server-declared HTTP Digest domain protection space for origin authentication and reuses stored Digest state too broadly on the same easy handle. After a successful Digest-authenticated request, a later request on the same easy handle can receive a preemptive...
Astra Linux – Vulnerability in sendmail
Sendmail in version 8.17.2 allows for SMTP smuggling in certain configurations. Remote attackers can utilize a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Sendmail supports...
Is Protective DNS Blocking the Wild West?
We perform a passive measurement study investigating how a Protective DNS service might perform in a Research & Education Network serving hundreds of member institutions. Utilizing freely-available DNS blocklists consisting of domain names deemed to be threats, we test hundreds of millions of...
Fortinet FortiOS和Fortinet FortiProxy 安全特征问题漏洞
Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...
FBI warns of imposter ads in search results
The FBI has issued a public notice which includes advice to block adverts. Why? Lets take a look. The bogus advert tightrope Its no secret that rogue ads have been a particular plague on the Internet for as far back as we can remember. From irritating pop ups and spinning "Youve won a prize"...
Flask-AppBuilder Open Redirect vulnerability
Impact If using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability Patches Install Flask-AppBuilder 3.2.2 or above...
Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365
This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for...
How to Test and Improve Your Domain's Email Security?
No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also...
ThreatList: DMARC Adoption Nonexistent at 80% of Orgs
About 80 percent of company web domains don’t have standard email authentication protections in place. That’s according to 250ok’s Global DMARC Adoption 2019 report, which analyzed 25,700 domains in the education, e-commerce, legal, financial services, SaaS and nonprofit sectors, as well as the...
Edge DNS Secondary Implementation: Order or Operations for NS Zone & Registrar Records
Akamai's Edge DNS service provides cloud-based, authoritative domain services to thousands of organizations. Edge DNS is the most widely deployed cloud DNS service pushed to the edge of the Internet. Every organization must protect their domain name. Akamai originally built Fast DNS now Edge DNS ...
Google Chrome帧同源策略绕过漏洞
Bugraq ID: 37067 Google Chrome Frame是一款浏览器插件,可使用户的浏览器外观依然是IE的菜单和界面,但实际是Google Chrome浏览器内核浏览网页。 Google Chrome Frame存在安全漏洞允许攻击者绕过同源策略并执行特权操作。 Google Chrome Frame 4.0.223.9 Google Chrome Frame 4.0.245.1 Official Build 31970已经修复此漏洞,建议用户下载使用: http://www.google.com/chromeframe 建立如下HTML文档并进行测试: iframe...