151 matches found
RUSTSEC-2022-0084 libp2p Lack of resource management DoS
libp2p allows a potential attacker to cause victim p2p node to run out of memory The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service DoS vector Users should upgrade or reference the DoS mitigation...
CVE-2022-26517
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT LSN pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkern...
CbioPortal Denial of Service Vulnerability
CbioPortal is used to provide visualization, analysis, and download of large-scale cancer genomics datasets. a denial-of-service vulnerability exists in CbioPortal in versions 3.6.21 and earlier, which stems from the insecure handling of regular expressions in /ProteinArraySignificanceTest.json,...
Networkit - A Growing Open-Source Toolkit For Large-Scale Network Analysis
NetworKit is an open-source tool suite for high-performance network analysis. Its aim is to provide tools for the analysis of large networks in the size range from thousands to billions of edges. For this purpose, it implements efficient graph algorithms, many of them parallel to utilize multicor...
New Ransomware Gangs — Haron and BlackMatter — Emerge on Cybercrime Forums
Two new ransomware-as-service RaaS programs have appeared on the threat radar this month, with one group professing to be a successor to DarkSide and REvil, the two infamous ransomware syndicates that went off the grid following major attacks on Colonial Pipeline and Kaseya over the past few...
Unauthorized Access Vulnerability in Apache Spark
Apache Spark is a fast, general-purpose compute engine designed for large-scale data processing. An unauthorized access vulnerability exists in Apache Spark, which can be exploited by an attacker to gain unauthorized access to sensitive information and perform unauthorized operations...
Command Execution Vulnerability in Built-in Reports of RenTianXin Network Security Management System
hereinafter referred to as RenTianHang was founded in May 2000, business covers network security, information security, public security, network resource security, industrial Internet security and many other areas, has become the most comprehensive technology of large-scale cyberspace security...
Huawei USG9500 资源管理错误漏洞
Huawei USG9500 is a firewall appliance for large-scale environments from China's Huawei. The device provides up to T-class processing performance and 99.999\% reliability, and integrates multiple security features such as NAT, VPN, IPS, virtualization, and service awareness to help enterprises...
Over 80% companies re-structured their cybersecurity infrastructure in 2020
By Uzair Amir Over 80 percent of enterprises have transformed their approach to cybersecurity. This change has been led by large-scale enterprises. This is a post from HackRead.com Read the original post: Over 80% companies re-structured their cybersecurity infrastructure in 2020...
New Imperva Framework: Accelerating the development of large scale solutions with “Stepping”
Handling large amounts of data at scale is a common task in the high-tech industry nowadays. To address this challenge many frameworks have been developed and made publicly available such as distributed messaging queues, distributed databases, lightweight protocols and caching servers, among...
Women in Security: Security Technical Project Manager
We continue to see large-scale online security attacks affecting corporations and public institutions. These attacks are becoming more and more sophisticated, making it harder to protect yourself. The constant evolution of attacks requires innovative solutions that only Akamai can provide...
LAVA - Large-scale Automated Vulnerability Addition
Evaluating and improving bug-finding tools is currently difficult due to a shortage of ground truth corpora i.e., software that has known bugs with triggering inputs. LAVA attempts to solve this problem by automatically injecting bugs into software. Every LAVA bug is accompanied by an input that...
CORStest - A Simple CORS Misconfiguration Scanner
A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...
Akamai Prolexic - Mitigating Large Scale DDoS Attacks in 0 seconds
Large scale multi-vector DDOS attack thwarted in 0 Seconds A recent large attack levied against one of our global online gaming customers highlights the value of Akamai Prolexic's 0 Second SLA. As attacks ramp up more quickly than ever before, Akamai's SOCC demonstrates every day how having a...
Default credentials
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed...
Scanners-Box
This is a collection of open-source scanning tools and wordlists for web application security testing. The repository, Scanners-Box, is a collection of tools from various contributors, including lijiejie, ringzero, and others. The tools are categorized into subdomains, database vulnerability...
Khan Academy: Account takeover by changing email
The endpoint /signup/email allows users to change their email before they confirm their account email. This endpoint is not protected from CSRF. Thus, any account that is not yet "confirmed" is vulnerable to account takeover using the following steps: 1. Attacker obtains new email address not...
2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on What’s Next: Pt. 2
Our first 2019 predictions post from the RSA Conference Advisory Board was not all sunshine and roses — cautious optimism was tabled by the acknowledged distance we must still travel as an industry — and our second set of predictions does not belie that theme. This trepidation does not mean we’re...
Malice - VirusTotal Wanna Be (Now With 100% More Hipster)
Malice's mission is to be a free open source version of VirusTotal that anyone can use at any scale from an independent researcher to a fortune 500 company. Try It Out DEMO: demo.malice.io username : malice password : ecilam Requirements Hardware 16GB disk space 4GB RAM Software Docker Getting...
Podcast: Beware These Top Security Threats in 2019
While 2018 was a whirlwind of serious threats, newly-evolving malware and high-profile data breaches, 2019 has already started with a bang. Between two newly disclosed data breaches and a hack of hundreds of German politicians‘ personal information exploding to the forefront last week, the securi...