CVE-2020-8353

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration EHBC feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT...

Design/Logic Flaw

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration EHBC feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT...

Velociraptor - Endpoint Visibility and Collection Tool

Velociraptor is a tool for collecting host based state information using Velocidex Query Language VQL queries. To learn more about Velociraptor, read the documentation on: https://www.velocidex.com/docs/ Quick start If you want to see what Velociraptor is all about simply: 1. Download the binary...

DEBIAN-CVE-2020-17376

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

PYSEC-2020-243

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

Design/Logic Flaw

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

PYSEC-2020-243

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...

CVE-2020-17376

CVE-2020-17376 : In OpenStack Nova, a vulnerability in Guest.migrate (virt/libvirt/guest.py) allows a user to access destination-host devices that share paths with source-host devices after performing a soft reboot of an instance that has previously undergone live migration. Affected are OpenStac...

Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach

The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...

Linux: Install iptables

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

OSSEC-HIDS syscheck Message Denial of Service Vulnerability

OSSEC-HIDS is an open source intrusion detection tool. OSSEC-HIDS log analysis component processing syscheck formatted messages has a security vulnerability that allows remote attackers to exploit the vulnerability to submit a special request that can be used for denial-of-service attacks...

UBUNTU-CVE-2012-3462

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context...

Microsoft Edge Chakra Scripting Engine CVE-2019-1427 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Skadi - Collect, Process, And Hunt With Host Based Data From MacOS, Windows, And Linux

pronounced “SKAH-Dee”: similar to Scotty but with a d sound is a giantess and goddess of hunting in Norse mythology Purpose Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows,...

Thoughts on OSSEC Con 2019

Last week I attended my first OSSEC conference. I first blogged about OSSEC in 2007, and wrote other posts about it in the following years. OSSEC is a host-based intrusion detection and log analysis system with correlation and active response features. It is cross-platform, such that I can run it...

Microsoft Windows Firewall: Private: Outbound connections

This setting determines the behavior for outbound connections that do not match an outbound firewall rule. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Windows Firewall: Private: Inbound connections

This setting determines the behavior for inbound connections that do not match an inbound firewall rule. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Top-5 stupid security mistakes in web apps

In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddies as well as by fully automated scanners and internal security checks. Let’s go! 1...

MyBB < 1.8.8 Multiple Vulnerabilities

Binary data 9777.prm...

WordPress < 4.4.2 Multiple Vulnerabilities

According to its self-reported version number, the WordPress application running on the remote web server is prior to 4.4.2. It is, therefore, affected by the following vulnerabilities : - A cross-site redirection vulnerability exists due to a failure by the application to validate certain input...