CVE-2012-1686

CVE-2012-1686 affects Oracle BI Enterprise Edition/BI Publisher help page components. The connected ERPScan advisory documents an XSS vulnerability in Oracle BI Help Page (example path includes vt_chrome.js) affecting Oracle BI Enterprise Edition 10.1.3.4.0. The root cause is an XSS flaw in the O...

Gathering Threat Intelligence With Open Tools

Threat intelligence is one of the go-to buzz phrases for many people in the security industry right now, and it’s thrown in so many contexts and situations, it’s quickly becoming almost meaningless. Most people understand that they need to get better information about what’s happening both on the...

Published Threat Intelligence, Not Cybersecurity Laws, Is What's Needed

For several years now, Congress has been wandering around the wilderness, trying to figure out why so much of America’s intellectual property is being sucked into a giant vortex somewhere over Asia and whether they should do something to stop it, like maybe pass a cybersecurity law. They’ve taken...

Grum Botnet Attempts Another Comeback, Fails Again

The Grum botnet, which Dutch authorities and security researchers knocked offline earlier this summer, made a second, unsuccessful attempt at a comeback over the weekend when the bot herders stood up two new command-and-control servers in Turkey. The revival was short-lived however, and both C&Cs...

Splunk 4.3.3 - Arbitrary File Read

Splunk 4.3.3 - Arbitrary File Read Exploit Title: Splunk = 4.3.3 Reading Arbitrary Files Contents Date: 09/03/2012 Exploit Author: Marcio Almeida [email protected] Vendor Homepage: http://www.splunk.com/ Software Link: http://www.splunk.com/download?r=header Version: 4.3.3 and priors...

DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting

DataWatch Monarch BI v5.1 admin section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a stored...

Anonymous hackers target Australian Intelligence and ASIO websites

Hacking group Anonymous claimed to have shut down a computer server belonging to Australia's domestic spy agency ASIO, reportedly briefly closing down access to its public web page. The Australian Security Intelligence Organization acknowledged some disruption to its website. The ASIO website was...

Titan Security Data-Sharing Project Presents Big Opportunity For Change

One of the more pernicious and as-yet incurable diseases in security is the resistance to sharing data. Organizations large and small collect all sorts of information on attacks, vulnerabilities and threats and, for the most part, it simply sits in databases and is never of any use to anyone...

Huawei and Cyber Espionage, a question of trust ?

Chinese telecoms equipment suppliers have previously been criticized for allegedly being security risks. Huawei is working with British spooks to prove that it has no backdoors in its products which would allow Chinese agents to snuffle Her Majesty's secrets. The U.S. and Australia have made clea...

DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities

DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/54733/info DataWatch Monarch Business Intelligence is prone to multiple input validation vulnerabilities. Successful exploits will allow an attacker to manipulate the XPat...

DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/54733/info DataWatch Monarch Business Intelligence is prone to multiple input validation vulnerabilities. Successful exploits will allow an attacker to manipulate the XPath query logic to carry out unauthorized actions on the XML documents of the...

Hack a Server - The man behind the idea

"Choose a job you love, and you will never have to work a day in your life" said Confucius. These would be the words that describe Marius Corîci the most. In 2003 he started doing business in the plumbing industry and co-founded ITS Group, a franchise for Romstal Company, the biggest plumbing...

Firms Need 'Tough Love' In Struggle Against APTs

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating...

CVE-2012-1739

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence...

Design/Logic Flaw

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence...

CVE-2012-1739

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence...

CVE-2012-1739

Technical details about CVE-2012-1739 are not publicly available in the provided connected documents. Monitor for updates from Oracle advisories and CVE records for affected products, versions, impact, and remediation.

Targeted Attacks on Small Businesses Increase in 2012

In the first six months of 2012, 36 percent of targeted attacks focused on small businesses of fewer than 250 employees, and there were an average of 58 attacks per day, according to a new research report. At the end of 2011, small businesses were on the receiving end of only 18 percent of such...

Twitter Denies Hacktivists Behind Severe Outage

Twitter officials say it was a “cascading bug” and not the handiwork of hacktivists that brought down the microblogging site today in two separate outages. “This wasn’t due to a hack or our new office or Euro 2012 or GIF avatars, as some have speculated today,” Mazen Rawashdeh, the company’s vice...

US and Israel developed Flame Malware against Iran

US and Israel developed Flame Malware against Iran Unnamed Western officials confirmed that Flame was developed by US and Israeli governments. The United States and Israel jointly developed the Flame computer virus that collected intelligence to help slow Iran's nuclear program. The massive piece...