9591 matches found
DHS Says No Evidence That Flame Targets Industrial Systems, But Urges Caution
In and advisory, the Department of Homeland Security’s Industrial control System ICS CERT said that it doesn’t believe the Flame malware targets industrial control systems ICS or SCADA systems, but the group advised critical infrastructure owners to be on alert. The advisory, issued Wednesday,...
Moxie Marlinspike on TACK, Convergence and Trust Agility
Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better...
DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.
The FBI said that there are still more than 330,000 computers believed to be infected with the DNSChanger malware, with just weeks to go before a court order to cut off their ability to communicate with the rest of the Internet. Fully 77,000 are located in the U.S., according to data provided to...
Researchers Unveil New Way to Trust Certificates
Two independent researchers are proposing an extension for TLS to provide greater trust in certificate authorities, which have become a weak link in the entire public key infrastructure after some big breaches involving fraudulent SSL certificates. TACK, short for Trust Assertions for Certificate...
Pentagon boosts contractor cybersecurity program
Pentagon boosts contractor cybersecurity program The US Defense Department invited all of its eligible contractors on Friday to join a previously restricted information-sharing pact aimed at guarding sensitive Pentagon program data stored on private computer networks. The Pentagon predicts that a...
Anonymous: We Are Not Terrorists but Fearless Freedom Fighters
Anonymous: We Are Not Terrorists but Fearless Freedom Fighters Black Ops 2 trailer that was released recently, portrays the Anonymous organization as the enemy of the United States, which has pissed them off greatly. Anonymous has responded to Activision's marketing campaign for Call of Duty: Bla...
CERT Warns On Critical Hole In SCADA Software By Italian Firm Progea
The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors. DHS’s Industrial Control Systems Cyb...
CERT Warns Of Cyber Threats To Gas Pipelines
The Department of Homeland Security said it is investigating a string of cyber intrusions targeting companies that operate national gas pipelines in the U.S. The DHS’s Industrial Control System Computer Emergency Readiness Team ICS-CERT disclosed in its April, 2012 newsletter that it is...
Fortinet FortiWeb Web Application Firewall - Policy Bypass
Fortinet FortiWeb Web Application Firewall - Policy Bypass BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWe...
Fortinet FortiWeb Web Application Firewall - Policy Bypass
BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update to Tue, 2 May 2012 Type: Web...
FEMA: State, Local Officials Not Prepared to Respond to Cyberattack
A report by the Federal Emergency Management Agency FEMA finds that state and local government officials in the U.S. are pessimistic about their ability to respond to a cyberattacks. The National Preparedness Report NPR was commissioned by the Obama Administration. It found that, although the...
Iran: We Have Discovered 'Hidden Agenda' Of Oil Ministry Attack
The Iranian government has discovered what it describes as a ‘hidden agenda’ behind a recent malware attack on the country’s Oil Ministry, according to a report published by the FARS News Agency. The statement, from Deputy Oil Minister Hamdollah Mohammadnejad, confirmed earlier reports that the...
VoIP VLAN Hopper
VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. This requires two important steps ...
Iran Preparing For Cyberwar Against U.S
Iran Preparing For Cyberwar Against U.S Security professionals in both the U.S. government and in private industry have long feared the prospect of a cyberwar with China or Russia, two states capable of launching destructive attacks on the computer networks that control critical assets such as th...
RuggedCom Rugged Operating System Vulnerability
RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password. This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative...
admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.
admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'
admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'
admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"
admin/createMissingPersonalInfo.jsp doesn't require a csrf token to trigger "build Personal Information objects". When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...
admin/fixCaseInSpacePermissions.jsp lacks an XSRF token to 'fix the case of your space permissions'
admin/fixCaseInSpacePermissions.jsp does not require a csrf token to 'fix the case of your space permissions'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...