4109 matches found
openstack-neutron: iptables not active after update
A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an...
openstack-neutron: iptables not active after update
A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an...
openstack-neutron: iptables not active after update
A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an...
openstack-neutron: iptables not active after update
A race-condition flaw was discovered in openstack-neutron where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an...
Certificate Based Authentication : Troubleshooting Tips
This document specifically addresses some common troubleshooting tips and guidelines that would help in tackling certain issues related with the Certificate based authenticationCBA. Please ensure that the initial configuration is set as per the article: https://support.citrix.com/article/CTX22047...
New Bill Seeks Basic IoT Security Standards
Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government's purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras. The legislation, which also seeks to remedy some widely-perceive...
Ubuntu 16.04 LTS : OpenJDK 8 regression (USN-3366-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3366-2 advisory. USN-3366-1 fixed vulnerabilities in OpenJDK 8. Unfortunately, that update introduced a regression that caused some valid JAR files to fail validation. This update...
Clustering and Dimensionality Reduction: Understanding the âMagicâ Behind Machine Learning
These days we hear about machine learning and artificial intelligence AI in all aspects of life. We see machines that learn and imitate the human brain in order to automate human processes. There are autonomous cars that learn the road conditions to drive, personal assistants we can converse with...
Access Restriction Bypass
Moodle is vulnerable to access restriction bypass. If an authenticated attacker is a member of more than one group, Moodle allows the user to post to all groups even if the user does not have that capability. This is because it fails to enforce the moodle/site:accessallgroups capability requireme...
USN-3366-1: OpenJDK 8 vulnerabilities
It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...
USN-3366-1 openjdk-8 vulnerabilities
It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...
Privilege Escalation
Moodle is vulnerable to privilege escalation attacks. The attacks exist because the permission check for teacher are not properly handled, allowing any authenticated users with teacher role without accessallgroups capability to post any arbitrary groups...
Concrete CMS: Stored XSS in Name field in User Groups/Group Details form
Intro "The Crayons of Madagascar" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. 32c9daf352645d4fafedb7b956e7f2de4e153ab3 Summary There is Stored XSS vulnerability in User Groups-Group Details Name field. This vulnerability might be used ...
Automated posting on Vkontakte public pages using VK API and Python
Vk.com Vkontakte is the most popular social network Russia and Ex-USSR with 430+ million users. Originally it was a Facebook clone. But now, after 10 years of development, these two services are quite different from each other. Traditional advantages of vk.com - huge amount of free music and vide...
AWS Auditing & Hardening Tool: Zeus
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user. Identity and Access...
Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques
Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers. Cyber espionage groups and financial threat actors continue to adopt the latest cutting-edge application whitelisting bypass techniques and introduce innovative...
[SECURITY] Fedora 26 Update: systemd-233-6.fc26
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
This Week in Security News
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below youâll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...
Fortinet FortiOS 5.2.x / 5.3.x / 5.4.x < 5.4.5 Multiple XSS (FG-IR-17-127)
The version of Fortinet FortiOS running on the remote device is 5.2.x, 5.3.x, or 5.4.x prior to 5.4.4. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities : - A cross-site scripting XSS vulnerability exists when saving configuration revisions due to improper validation...
Todayâs File Security is So â80s, Part 3: Dynamic Peer Groups â 3 Examples from Customer Data
In the first two parts of this series, we discussed why permissions management, the traditional approach to file security, no longer works and introduced a new approach to file security that leverages machine learning to build dynamic peer groups based on how users actually access files. In this...