SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2025:02307-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02307-1 advisory. The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following...

Veritas NetBackup DiscoveryService Service XML External Entity Injection Vulnerability

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...

Veritas NetBackup pbx_exchange denial of service vulnerability

Veritas NetBackup is a storage service from Veritas that is used to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 8.2 and prior versions contain a denial-of-service vulnerability that could be exploited by an attacker with local access to send a construct...

RLSA-2021:5142 Moderate: idm:DL1 security update

Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets...

Gamifying machine learning for stronger security and AI models

To stay ahead of adversaries, who show no restraint in adopting tools and techniques that can help them attain their goals, Microsoft continues to harness AI and machine learning to solve security challenges. One area we’ve been experimenting on is autonomous systems. In a simulated enterprise...

Gamifying machine learning for stronger security and AI models

To stay ahead of adversaries, who show no restraint in adopting tools and techniques that can help them attain their goals, Microsoft continues to harness AI and machine learning to solve security challenges. One area we’ve been experimenting on is autonomous systems. In a simulated enterprise...

Cerberus Helpdesk Workers File User Credentials Disclosure

Cerberus Helpdesk on Version 4.2.3 Stable Build 925 and 5.4.4 and potentially below, contain an unsecured file which contains configuration details including all user’s usernames and password hashes. Recent assessments: h00die at March 25, 2020 12:30am UTC reported: Found this software in an...

CVE-2020-0618

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka ‘Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability’. Recent assessments: wvu-r7 at February 18, 2020 6:51pm UTC reported: Although the...

Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil

Attackers often make their lives easier by relying on pre-existing operating system and third party applications in an enterprise environment. Leveraging these applications assists them with blending in with normal network activity and removes the need to develop or bring their own malware. This...

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...

Apache Syncope特制Commons JEXL表达式远程代码执行漏洞

CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞，允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...

Chrome Adds Ability to Force Ephemeral Mode

Google has made a subtle change to the admin console in its Chrome browser, which is used in enterprise environments to help set policies for employee use, which will allow administrators to force users to browse in ephemeral mode. The change won’t have any effect on typical individual users who...

Java: A Fix it for when you cannot let go

There is much to say about the use of Java in both consumer and enterprise environments. Like any other platforms, it has both devoted supporters and fervent critics. But for most, Java is a requirement, a means to an end. In the past few years, Java as a platform has been the target of numerous...

Redline: Answering Your Questions

Those of you who attended the "Tools of Engagement: Redline™ - We've Got the Tool, If You've Got the Time" webinar last month by David Ross and myself will recall that we ran short on time while answering all of your questions. The webinar covered the latest updates to Redline, Mandiant's free to...

[SECURITY] Fedora 13 Update: cyrus-imapd-2.3.16-5.fc13

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

Update Protection against Symantec AppStream Client LaunchObj ActiveX Control Program Execution

A remote code execution vulnerability was reported in Symantec AppStream Client. The AppStream Client is part of a Software Virtualization Solution SVS which allows streaming of virtual applications to users in an enterprise environment using the AppStream Server. The vulnerability is due to...