Google Patches 11 Critical Android Bugs in June Update

Google patched 57 vulnerabilities Monday affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote cod...

Five Ways Imperva Attack Analytics Helps You Cut Through the Event Noise

The maddening volume of events security teams have to deal with each day is growing at an exponential pace, making it increasingly difficult to effectively analyze and process credible threats. As more organizations move to cloud-based solutions, applications now reside at multiple locations – on...

[SECURITY] Fedora 27 Update: perl-5.26.2-404.fc27

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 28 Update: nodejs-8.11.0-1.fc28

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments

More and more companies are embracing Cloud computing for the practicality, efficiency, and economy of outsourcing the housing, maintenance, and monitoring of applications and their associated infrastructure to a third-party provider. As the Cloud becomes more the norm than the exception, there i...

SubOver - A Powerful Subdomain Takeover Tool

Subover is a Hostile Subdomain Takeover tool designed in Python. From start, it has been aimed with speed and efficiency in mind. Till date, SubOver detects 36 services which is much more than any other tool out there. The tool is multithreaded and hence delivers good speed. It can easily detect...

LocalTapiola: Sitemap causing strain on your Lahitapiola.fi server

Basic report information Summary: Your sitemap isn't split into many other sitemaps which causes all of the sitemap URL's to start loading in just 1 Sitemap which in turn causes a big strain on your server. Description: It took more than 5 minutes just to load your sitemap. That is not normal...

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week...

[SECURITY] Fedora 27 Update: rb_libtorrent-1.1.5-1.fc27

rblibtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient in terms of CPU and memory usage as we...

SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks

Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits . And lots of my good fellows. The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a hu...

HackerOne: Program profile metrics endpoint contains mean time to triage, even when turned off

Description Include Impact: when a bug bounty program disables its profile metrics which shows the Response Efficiency, there still some data leaked in the response of the the following endpoint: hackerone.com/PROGRAMHANDLE/profilemetrics.json this endpoint leaks the meantimetotriage although the...

3 Reasons to Use VMware NSX with Trend Micro Deep Security

Enterprises have begun adopting network virtualization for their IT infrastructure. According to a 2016 survey conducted by Accenture, 95 percent of small, medium, and large enterprises believe “network services will be virtualized.” Meanwhile, 25 percent of those who have adopted network...

DevSecOps: Building Continuous Security Into IT and App Infrastructures

With software now at the heart of essential business processes, organizations must build security into their IT and application development pipeline to prevent breaches, avoid compliance violations, and protect digital transformation initiatives. This especially applies to organizations creating...

Why ArtsSEC decided to partner with Wallarm

by Maximiliano Soler, @maxisoler by Maximiliano Soller, CTO of ArtsSEC The greatest thing with partnerships is how well the organisations’ expertise complement each other. Our partnership with Wallarm has incredibly exceeded our expectations in their innovation and expertise in web application...

How to Secure Public Clouds while Boosting Digital Transformation

It’s happening all over the business world. Organizations of all sizes and in all industries are aggressively deploying innovative products to new online consumer channels, digitizing their core services and transitioning core business workloads to public clouds as part of digital transformation...

Q&A: Conducting Cloud-Based Vendor Risk Audits With Qualys SAQ

Third-party security assessments drastically reduce your organization’s risk of suffering a data breach. When carried out properly, these assessments identify poor InfoSec and privacy practices among your vendors, partners, contractors, and other third parties with access to your IT systems and...

HE-AAC+ Codec aacplusenc.c File Denial of Service Vulnerability

HE-AAC+ Codec aka libaacplus is a library that provides audio codecs. A security vulnerability exists in the aacplusenc.c file in HE-AAC+ Codec version 2.0.2. A remote attacker could exploit this vulnerability to cause a denial of service application crash via a specially crafted audio file...

HE-AAC+ Codec au_channel.h File Denial of Service Vulnerability

HE-AAC+ Codec aka libaacplus is a library that provides audio codecs. A security vulnerability exists in the auchannel.h file in HE-AAC+ Codec version 2.0.2. A remote attacker could exploit this vulnerability to cause a denial of service application crash via a specially crafted audio file...

CVE-2017-7605

aacplusenc.c in HE-AAC+ Codec aka libaacplus 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...

Faraday v2.4 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...