702 matches found
August 17, 2017 – Morning Cyber Coffee Headlines – “Davy Crockett” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 17, 2017 - Headlines Students offer hope for narrowing of skills gap in...
Top Reasons for Graduate Students to Attend UNITED
The countdown is on to Rapid7s annual UNITED Summit in Boston on September 13-14. Rapid7 has partnered with top universities all over the globe to provide students with industry-leading security solutions as part of their coursework, equipping them with hands-on knowledge as they head into the...
CVE-2017-9858
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks such as a brute force attack as one now knows exactly which users exist and which do no...
CVE-2017-9858
CVE-2017-9858 affects SMA Solar Technology inverters (Sunny Boy TLST-21, TL-21; Sunny Tripower TL-10, TL-30). By sending crafted packets to the inverter and observing responses, an attacker can determine which user accounts are active or inactive, enabling brute-force planning. The vendor notes t...
Academia's Role in Security Skills Gap Examined
LAS VEGAS—For a long time, there’s been a chorus from employers about the lacked of skilled security professionals to fill available openings. And while it would not be an illogical leap to think universities are adequately preparing tomorrow’s security admins and CISOs, quite the opposite may be...
Legal Robot: Missing link to 2FA recovery code
While going live with additional 2FA options, a security researcher discovered that while we provide a TOTP fallback and Recovery code fallback for users that have enabled U2F, we neglected to do this for TOTP-only users. All users that have enabled TOTP or U2F 2FA should have been able to access...
Unbreakable Enterprise kernel security update
2.6.39-400.297.4 - mm: larger stack guard gap, between vmas Hugh Dickins Orabug: 26326145 CVE-2017-1000364...
Oracle Linux 6 : kernel (ELSA-2017-1723)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-1723 advisory. - mm enlarge stack guard gap Larry Woodman 1452729 1452730 CVE-2017-1000364 CVE-2017-1000366 - fs nfsd: stricter decoding of write-like NFSv2/v3 ops J. Bruce...
glibc security update
2.5-123.0.2.el511.3 - Mitigation for CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations...
Oracle Linux 7 : kernel (ELSA-2017-1615)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1615 advisory. - mm enlarge stack guard gap Larry Woodman 1452732 1452733 CVE-2017-1000364 - fs nfsd: stricter decoding of write-like NFSv2/v3 ops 'J. Bruce Fields'...
kernel security update
kernel - 2.6.18-419.0.0.0.2 - mm support large stack guard gap between vmas orabug 26366330...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
Unbreakable Enterprise kernel security update
kernel-uek 4.1.12-94.3.7 - mm: fix new crash in unmappedareatopdown Hugh Dickins Orabug: 26326143 CVE-2017-1000364 - mm: larger stack guard gap, between vmas Hugh Dickins Orabug: 26326143 CVE-2017-1000364...
[SECURITY] [DLA 993-2] linux regression update
Package : linux Version : 3.2.89-2 Debian Bug : 865303 The security update announced as DLA-993-1 caused regressions for some applications using Java - including jsvc, LibreOffice and Scilab - due to the fix for CVE-2017-1000364. Updated packages are now available to correct this issue. For...
June 23, 2017 – Morning Cyber Coffee Headlines – “Grizzly Bear” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! June 23, 2017 - Headlines Carbon Black in the News: Top 10 Endpoint Detection a...
June 22, 2017 – Morning Cyber Coffee Headlines – “Galileo Galilei” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! June 22, 2017 - Headlines Carbon Black in the News: WannaCry Ups The Stakes For...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
glibc: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...