16 matches found
FreeBSD : wordpress -- multiple issues (5df757ef-a564-11ec-85fa-a0369f7f7be0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5df757ef-a564-11ec-85fa-a0369f7f7be0 advisory. - wordpress developers reports: This security and maintenance release features 1 bug fix in addition to...
wordpress -- multiple issues
wordpress developers reports: This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. The security team would li...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 9 in index.js. PoC var root = require"ffmpeg-sdk"; root.execute"touch JHU"; Remediation There is no fixed version for ffmpeg-sdk. Credit: JHU System Security Lab...
Live Coronavirus Map Used to Spread Malware
Cybercriminals constantly latch on to news items that captivate the public's attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates...
Beware of 'Coronavirus Maps' – It's a malware infecting PCs to steal passwords
Cybercriminals will stop at nothing to exploit every chance to prey on internet users. Even the disastrous spread of SARS-COV-II the virus, which causes COVID-19 the disease, is becoming an opportunity for them to likewise spread malware or launch cyber attacks. Reason Labs recently released a...
Deluge of Apple Patches Fix Vulnerabilities in OS X, iOS, Safari, and More
In addition to fixing the serious crypto vulnerabilities in iMessage that surfaced yesterday, Apple also deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV’s tvOS, and watchOS. The iOS update, 9.3, is arguably the most pressing given the cryptographic issue dug...
Johns Hopkins Researchers: Crypto Flaws Endanger iMessage Integrity
When Apple released its iOS Security Guide for public consumption, it was an unprecedented look inside the security architecture behind its products. For cryptographer and professor Matthew Green and a team of four Johns Hopkins University graduate students, it was a road map to understanding not...
TrueCrypt Audit Cryptanalysis Handed Off to NCC Group
The stagnant TrueCrypt audit stirred to life in the last 24 hours with the announcement that the second phase of the audit, tasked with examining the cryptography behind the open source disk encryption software, will begin shortly. NCC Group’s Cryptography Services has been contracted to do the...
Matthew Green on the NSA and Compromising Crypto Standards
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA’s “regret” for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency’s influence on crypto standards and the hope for more secure standards in the future. Download:...
OpenSSL Receives Funding for Developers, Will Undergo Security Audit
Scarcely a month after announcing the formation of a group designed to help fund open source projects, the Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit...
Matthew Green on the NSA and Crypto Backdoors
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the paper he co-authored on the Extended Random extension for Dual EC DRBG and whether it could be considered a backdoor. Download: digitalunderground149.mp3...
NOT JUST ONE! RSA adopted Two NSA Backdoored Encryption Tools
The respected encryption and network security company RSA Security now a division of EMC, whose respect was already on stack after revelation by former NSA contractor Edward Snowden revealed that the NSA created a flawed random number generation system DualECDRBG, Dual Elliptic Curve, which the...
Matthew Green on Crypto Advances, the BREACH Attack and Whether the Longevity of the RSA Algorithm
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the crypto advances in recent years, the BREACH attack revealed at Black Hat and whether it’s time to start moving away from the RSA algorithm. Download: digitalunderground121 Subscribe to the Digital Underground podcast on...
Avi Rubin on Hacking All Sorts of Devices
Avi Rubin is the technical director of the Information Security Institute at Johns Hopkins University, and in this talk from the TEDxMidAtlantic conference in November he discusses the history of hacks on various devices, including implanted medical devices, cars and virtually anything else with ...
Advanced Physics Lab at Johns Hopkins Under Cyber Attack
From The Baltimore Sun Gus G. Sentementes The Web site for the Johns Hopkins University’s Applied Physics Laboratory, which works closely with the military and NASA on research projects, was hit with a cyber attack that officials discovered Sunday and which led them to take down the site until th...
GLSA-200808-10 : Adobe Reader: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200808-10 Adobe Reader: User-assisted execution of arbitrary code The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact : A remote attacke...