CVE-2019-15609

The kill-port-process package version 2.2.0 is vulnerable to a Command Injection vulnerability...

CVE-2019-15609

The kill-port-process package version 2.2.0 is vulnerable to a Command Injection vulnerability...

CVE-2019-15609

CVE-2019-15609 affects the Node.js module kill-port-process: any version

Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face...

Rethinking cyber scenarios—learning (and training) as you defend

In two recent posts I discussed with Circadence the increasing importance of gamification for cybersecurity learning and how to get started as a practitioner while being supported by an enterprise learning officer or security team lead. In this third and final post in the series, Keenan and I...

DEBIAN-CVE-2011-3585

Multiple race conditions in the 1 mount.cifs and 2 umount.cifs programs in Samba 3.6 allow local users to cause a denial of service mounting outage via a SIGKILL signal during a time window when the /etc/mtab file exists...

tree-kill code injection vulnerability (CNVD-2020-03698)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

tree-kill code injection vulnerability (CNVD-2019-46973)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

Command injection

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2019-15599

The vulnerability CVE-2019-15599 affects the Windows component of the Node package tree-kill, where the input to the kill() function is not properly sanitized and is concatenated into an exec() call. This leads to remote code execution if an attacker provides controlled input. Public advisories c...

14 Ways to Evade Botnet Malware Attacks On Your Computers

Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score. Every manner of sensitive information, such as confidential employee records, customers' financial data, protected medical documents, and government...

Command Injection

Overview Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems...

Rethinking cyber learning—consider gamification

As promised, I’m back with a follow-up to my recent post, Rethinking how we learn security, on how we need modernize the learning experience for cybersecurity professionals by gamifying training to make learning fun. Some of you may have attended the recent Microsoft Ignite events in Orlando and...

CVE-2019-19051

A flaw was found in the way the Linux kernel's WiMAX i2400 driver handled memory release in certain error codes path in the RF kill switch control function. A local attacker able to control the device could use this flaw to crash the system. Mitigation As the i2400m module will be auto-loaded whe...

CVE-2012-6136

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

Code injection

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes...

From Thousands of Security Alerts to a Handful of Insights

Understanding an attacker’s workflow and how Attack Analytics hunts them down In recent years we’ve seen a significant increase in the number and complexity of cyber-attacks. The accessibility of public tools and their automation capabilities, as well as distributed and anonymization features tha...