Lucene search
+L

9591 matches found

ThreatPost
ThreatPost
added 2012/05/31 4:3 p.m.15 views

DHS Says No Evidence That Flame Targets Industrial Systems, But Urges Caution

In and advisory, the Department of Homeland Security’s Industrial control System ICS CERT said that it doesn’t believe the Flame malware targets industrial control systems ICS or SCADA systems, but the group advised critical infrastructure owners to be on alert. The advisory, issued Wednesday,...

0.8AI score
Exploits0
ThreatPost
ThreatPost
added 2012/05/30 6:28 p.m.8 views

Moxie Marlinspike on TACK, Convergence and Trust Agility

Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better...

1.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/05/24 2:46 p.m.9 views

DNSChanger Lingers: 330k Systems Still Infected, 77,000 In The U.S.

The FBI said that there are still more than 330,000 computers believed to be infected with the DNSChanger malware, with just weeks to go before a court order to cut off their ability to communicate with the rest of the Internet. Fully 77,000 are located in the U.S., according to data provided to...

7.1AI score
Exploits0References10
ThreatPost
ThreatPost
added 2012/05/24 2:8 a.m.17 views

Researchers Unveil New Way to Trust Certificates

Two independent researchers are proposing an extension for TLS to provide greater trust in certificate authorities, which have become a weak link in the entire public key infrastructure after some big breaches involving fraudulent SSL certificates. TACK, short for Trust Assertions for Certificate...

0.9AI score
Exploits0References1
The Hacker News
The Hacker News
added 2012/05/12 3:8 p.m.10 views

Pentagon boosts contractor cybersecurity program

Pentagon boosts contractor cybersecurity program The US Defense Department invited all of its eligible contractors on Friday to join a previously restricted information-sharing pact aimed at guarding sensitive Pentagon program data stored on private computer networks. The Pentagon predicts that a...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2012/05/11 7:13 p.m.8 views

Anonymous: We Are Not Terrorists but Fearless Freedom Fighters

Anonymous: We Are Not Terrorists but Fearless Freedom Fighters Black Ops 2 trailer that was released recently, portrays the Anonymous organization as the enemy of the United States, which has pissed them off greatly. Anonymous has responded to Activision's marketing campaign for Call of Duty: Bla...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2012/05/11 4:19 p.m.12 views

CERT Warns On Critical Hole In SCADA Software By Italian Firm Progea

The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors. DHS’s Industrial Control Systems Cyb...

0.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/05/08 8:58 p.m.11 views

CERT Warns Of Cyber Threats To Gas Pipelines

The Department of Homeland Security said it is investigating a string of cyber intrusions targeting companies that operate national gas pipelines in the U.S. The DHS’s Industrial Control System Computer Emergency Readiness Team ICS-CERT disclosed in its April, 2012 newsletter that it is...

0.4AI score
Exploits0References6
exploitpack
exploitpack
added 2012/05/07 12:0 a.m.18 views

Fortinet FortiWeb Web Application Firewall - Policy Bypass

Fortinet FortiWeb Web Application Firewall - Policy Bypass BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWe...

Exploits0
Exploit DB
Exploit DB
added 2012/05/07 12:0 a.m.66 views

Fortinet FortiWeb Web Application Firewall - Policy Bypass

BINAR10 Report on Fortinet Fortiweb Findings 02/05/2012 - Fortinet FortiWeb Web Application Firewall Policy Bypass - ============================================================ 1 Affected Product Fabricant: Fortinet Product name: FortiWeb Version: Latest update to Tue, 2 May 2012 Type: Web...

7.4AI score
Exploits0
ThreatPost
ThreatPost
added 2012/05/04 3:25 p.m.57 views

FEMA: State, Local Officials Not Prepared to Respond to Cyberattack

A report by the Federal Emergency Management Agency FEMA finds that state and local government officials in the U.S. are pessimistic about their ability to respond to a cyberattacks. The National Preparedness Report NPR was commissioned by the Obama Administration. It found that, although the...

7.5CVSS0.2AI score0.99998EPSS
Exploits42References3
ThreatPost
ThreatPost
added 2012/05/01 8:55 p.m.10 views

Iran: We Have Discovered 'Hidden Agenda' Of Oil Ministry Attack

The Iranian government has discovered what it describes as a ‘hidden agenda’ behind a recent malware attack on the country’s Oil Ministry, according to a report published by the FARS News Agency. The statement, from Deputy Oil Minister Hamdollah Mohammadnejad, confirmed earlier reports that the...

1.1AI score
Exploits0References4
n0where
n0where
added 2012/04/28 3:12 a.m.101 views

VoIP VLAN Hopper

VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, Nortel, and Alcatel-Lucent environments. This requires two important steps ...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2012/04/26 4:56 p.m.11 views

Iran Preparing For Cyberwar Against U.S

Iran Preparing For Cyberwar Against U.S Security professionals in both the U.S. government and in private industry have long feared the prospect of a cyberwar with China or Russia, two states capable of launching destructive attacks on the computer networks that control critical assets such as th...

6.9AI score
Exploits0
CISA
CISA
added 2012/04/24 12:0 a.m.14 views

RuggedCom Rugged Operating System Vulnerability

RuggedCom Rugged Operating System ROS, used in RuggedCom network infrastructure devices, contains a hard-coded user account with a predictable password. This user account cannot be manually disabled. An attacker who successfully guesses the password may be able to gain complete administrative...

7.2AI score
Exploits0References2
Atlassian
Atlassian
added 2012/04/19 4:35 a.m.20 views

admin/fixcwdmemberships.jsp lacks an XSRF token to run the repair action.

admin/fixcwdmemberships.jsp does not require a csrf token to run the repair action. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 4:31 a.m.21 views

admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'

admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 4:31 a.m.18 views

admin/fixCaseInNotifications.jsp lacks an XSRF token to start 'notifications fix'

admin/fixCaseInNotifications.jsp does not require a csrf to start 'notifications fix'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 1:22 a.m.18 views

admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"

admin/createMissingPersonalInfo.jsp doesn't require a csrf token to trigger "build Personal Information objects". When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

2.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/19 1:14 a.m.22 views

admin/fixCaseInSpacePermissions.jsp lacks an XSRF token to 'fix the case of your space permissions'

admin/fixCaseInSpacePermissions.jsp does not require a csrf token to 'fix the case of your space permissions'. When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

1.8AI score
Exploits0Affected Software1
Rows per page
Query Builder