CVE-2017-18107

The data confirms a CSRF vulnerability in Atlassian Crowd’s Crowd Demo application prior to version 3.1.1. The issue allows remote attackers to add/modify/delete users and groups by crafting unauthorized requests, due to insufficient request validation in the web application. The Demo app is not ...

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...

EulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-2464)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...

Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)

Attackers have a dirty little secret that is being used to conduct big intrusions. We’ll explain how they're "unpatching" an exploit and then provide new Outlook hardening guidance that is not available elsewhere. Specifically, this blog post covers field-tested automated registry processing for...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

How to Reset Password in Veeam Backup for AWS

Related User Guide Page Veeam Backup for AWS User Guide: Accessing Web UI from Workstation Challenge You may need to reset a password in Veeam Backup for AWS. Solution Make sure that the machine you are using for troubleshooting is in the list of allowed IP addresses in the Security Groups of you...

[SECURITY] Fedora 31 Update: systemd-243.4-1.fc31

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

CVE-2012-1155

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to...

CVE-2012-1155

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+, 1.9 to 1.9.16+ are affected...

Code injection

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to...

CVE-2012-1155

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to...

Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks

The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability. While the company didn’t specify what kinds of potential attacks...

EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)

According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

CVE-2019-11996

Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a...

Facebook Privacy Breach: 100 Developers Improperly Accessed Data

UPDATE Facebook said that 100 third-party app developers have improperly accessed the names and profile pictures of members in various Facebook groups – data that was restricted in 2018 by the platform after its Cambridge Analytica privacy snafu. Facebook said that the developers – including 11 i...

Facebook Reveals New Data Leak Incident Affecting Groups' Members

Facebook today revealed yet another security incident admitting that roughly 100 app developers may have improperly accessed its users' data in certain Facebook groups, including their names and profile pictures. In a blog post published Tuesday, Facebook said the app developers that unauthorized...

kernel: SCTP socket buffer memory leak leading to denial of service

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack...

kernel: SCTP socket buffer memory leak leading to denial of service

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo By Jessica Saavedra-Morales · October 20, 2019 Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandGrab, the most prolific...

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Crescendo

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Crescendo By Jessica Saavedra-Morales · October 20, 2019 Episode 4: Crescendo This is the final installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandGrab, the most prolific...