77 matches found
Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats
Organizations that suspect an active threat or breach have two options: calling an external incident response provider to manage the investigation and response or trying to handle it internally with their own resources. Cynet is now introducing a free IR offering that caters to both scenarios – a...
Amid Bug Bounty Hype, Sometimes Security is Left in the Dust
In January, the European Union kicked-off over a dozen new bug bounty programs targeting a bevy of popular open-source programs used by its members. The effort was supposed to be met with cheers. But instead, the launch sparked an unexpected backlash from the security community. The EU’s program...
Marriott hotel data breach: Sensitive data of 500 million guests stolen
By Waqas Marriott has announced that it has suffered a massive data breach after attackers hacked its guest reservation system at Starwood hotels, a group of hotels the company took over in 2016 - These hotels include Sheraton, St. Regis, Westin and W Hotels. The breach was discovered last week...
Improper access control
A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 61 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 61.0.3163.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...
CVE-2017-2343
CVE-2017-2343 affects Juniper Junos SRX Series with the Integrated User Firewall (UserFW) authentication API. The root cause is hardcoded credentials in UserFW, enabling an unauthenticated, remote attacker to potentially gain administrative access to the SRX device and compromise connected servic...
Juniper Networks Junos OS SRX Series: Hardcoded Credentials Vulnerability
Junos OS on SRX series contain hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if...
用友账户体系控制不严导致大量内部敏感数据泄露(涉及总裁个人资料/可深入)
简要描述: 泄露公司大量敏感数据 故评高 详细说明: 一日闲逛 发现一个用友的信息泄露地址: https://github.com/tianjlj/TJL/blob/b2019f75eae34ee4ed3512974b9a9a8b3cd1087f/Ltest/sendmail.py 轻松拿到某个内部员工的账号密码 成功登录企业内部邮箱 密码信息 利用一号多用 成功登录用友云盘系统 大量公司敏感数据 例如92页的员工手册...
Fortinet(FortiGate)suspected the presence of the SSH Backdoor influence 4. 0 to 5.0.7 version-bug warning-the black bar safety net
Overview 1 On 1 2 May, twitter user@esizkur published information that the Fortigate exist ssh back door, the impact of the version from 4. 0 to 5. 0. 7, and in the link given in the attached full attack using the code. According to the disclosure of information display, the attacker can use this...
At least one into the subject of mobile software vulnerabilities, some companies to grab the market does not consider security 9 0 after hacks said the hand tour“9 9% has a vulnerability” insiders suggested that the state of mobile software development of a unified standard of review-vulnerability warning-the black bar safety net
“It is a problem of the APP.” Xuhui Public Security Bureau network security detachment Bob Sergeant, record this phone the name of the software and is the“Black”of the symptoms. This is Bob the police officer and his colleagues made an experiment: they selected a certain influence of mobile phone...
Google Fixes 28 Security Flaws in Chrome 33
Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release. One of the...
Google Blocks Malicious File Downloads Automatically in Chome
Google has fixed five vulnerabilities in its Chrome browser and also has activated a feature that will block malicious file downloads automatically. The change is a major security upgrade for Chrome and will help prevent users from unwittingly downloading harmful files, an attack vector that...
Stable Channel Update
The Chrome team is excited to announce the promotion of Chrome 29 to the Stable channel for Windows, Mac, Linux and Chrome Frame. Chrome 29.0.1547.57 contains a number of fixes and improvements, including: Improved Omnibox suggestions based on the recency of sites you have visited Ability to rese...
Another Dutch CA, KPN, Stops Issuing Certificates After Finding DDoS Tool On Server
Another Dutch certificate authority, KPN, has stopped issuing digital certificates after finding attack tools on a server in its Web infrastructures. The CA said that while it doesn’t have evidence right now that it’s CA infrastructure was compromised, it is taking the actions as a precaution. Th...
Apple Hires New Security Chief
Apple has hired a software security expert to head up its growing internal security group. The company has hired David Rice, a former National Security Agency analyst and consultant on security issues, according to reports. Rice is currently the director of policy reform at the U.S. Cyber...
The Problem With Bug Counts
It’s getting to be that time of year again, when everyone starts looking for ways to do something with all of the data that they’ve accumulated during the last 12 months. That means reports and top tens and lists and rankings and controversy. And, inevitably, it also means more examples of why...
Congress Calls for Internal Security Review
After a former Congressional staffer exposed some sensitive data on a file-sharing network recently, some lawmakers are calling for the Congress to start an internal review of its own data security policies immediately. The situation, which is linked to an ethics investigation in the House of...