535 matches found
Foxit Reader XFA record append remote code execution vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the XFA record append method, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of proper validation of user-supplied data...
The Human (Resource) Role in the Journey to GDPR Compliance
Employees are at the center of dealing with the General Data Protection Regulation GDPR, which is the new European regulation that aims to strengthen and standardize the data pricy rights of European citizens. As we’ve discussed throughout this blog series, the GDPR impacts many organizations...
Contain Attacks in Real Time with Live Response in Cb Defense
Endpoint security is broken. Yes, you’ve heard it before - traditional, signature-based antivirus AV can’t keep up with the volume of new malware and advanced attack methods being developed by cyber criminals every day. And that’s absolutely true. But a report published last year highlights an ev...
Jumping Air Gaps
Nice profile of Mordechai Guri, who researches a variety of clever ways to steal data over air-gapped computers. Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its...
chromium-browser: same origin bypass in shared worker
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page...
Design/Logic Flaw
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...
CVE-2017-6094
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...
CVE-2017-6094
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...
CVE-2017-6094
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value 48bit derived from the MAC. The algorithm used to compute the "chk" was disclosed ...
CVE-2017-6094
Genexis GAPS (Genexis B.V.) up to version 7.2 is affected. An attacker can forge valid chk values (derived from the CPE WAN MAC) to impersonate any CPE and retrieve configuration settings from the central GAPS instance, often exposing sensitive data such as VoIP credentials. Root cause: the chk a...
Genexis GAPS 7.2 Access Control
CVE-2017-6094 - Genexis GAPS Access Control Vulnerability Product: Genexis Automatic Provisioning System GAPS Vendor: Genexis B.V. CVE ID: CVE-2017-6094 Subject: Access control vulnerability Effect: Leaked configuration settings, including user credentials Author: Antoine Neuenschwander Date:...
3 Reasons to Use VMware NSX with Trend Micro Deep Security
Enterprises have begun adopting network virtualization for their IT infrastructure. According to a 2016 survey conducted by Accenture, 95 percent of small, medium, and large enterprises believe “network services will be virtualized.” Meanwhile, 25 percent of those who have adopted network...
Trend Micro Top Again for Breach Detection, Says NSS Labs
In spite of a rapidly evolving landscape, data breaches remain among the most common and damaging cyber-threats facing organizations today. As digital transformation efforts take hold, so the corporate attacks surface grows, offering more opportunities for the bad guys to take aim at highly prize...
Peace of Mind Companion App Has Logic Gaps
Anxiety Accompanying App is a mobile life application based on the mobile medical field, focusing on medical consultation accompaniment. There is a logic loophole in Anxin accompanying clinic APP, which can be exploited by an attacker to arbitrarily register users and arbitrarily reset their...
chromium-browser: url spoofing in omnibox
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name...
The vulnerability of the MantisBT error tracking system allows a hacker to execute arbitrary HTML or JavaScript code.
The vulnerability of the MantisBT error tracking system’s component exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML or JavaScript code through changes to the windowtitle element...
Vulnerability of the Java Platform software platform, which allows a perpetrator to gain access to data for reading purposes
The vulnerability of the Java Platform’s networking software components is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to data through network packets...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of Qualcomm’s Android operating system’s media codecs is related to lack of access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
IBM Opens Attack Simulation Test Center
CAMBRIDGE, Ma. – IBM cut the ribbon on its new global security headquarters Wednesday that will also serve as command center for its just announced X-Force Incident Response and Intelligence Services. The centerpiece of the new 153,000-sqft facility is the company’s Cyber Range which IBM bills as...
Samsung pay gaps can lead to a hack trade hijacking-vulnerability warning-the black bar safety net
! Spanish security researcher Salvador Mendoza found Samsung Pay a security vulnerability, this vulnerability once exploited, hackers will be able to use another device to the victims of the trade hijacking. Based on a contactless payment system, is many of the newer Samsung phones with the...