68 matches found
CVE-2014-4998
test/tcdatabase.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process...
CVE-2014-4998
The CVE-2014-4998 issue affects the lean-ruport Ruby gem (version 0.3.8). The vulnerability arises from test/tc_database.rb placing the MySQL password on the mysqldump command line, allowing a local attacker to obtain sensitive information by listing the process. Connected documents corroborate t...
Applying Lean to Information Risk Management
Lean Manufacturing brings significant benefits to industry, including cost reduction, quality improvement, reduced cycle time, and greater customer satisfaction See “The Machine that Changed the World”, Womak, J., Jones, D., and Roos, D., Free, Press, 1990 for the groundbreaking analysis of...
Rapid7 acquires Komand for security orchestration and automation
Today, Rapid7 announced the acquisition of Komand, an orchestration and automation solution for both security and IT teams. You can read the formal announcement here, but I wanted to share a little bit about why Im so excited about this acquisition. Komand has been bold. Theyve been unafraid to...
DevOps, Automation, Security and Compliance
Phew, the title of this post alone sounds like it could be quite a lot to deal with! So what is DevOps? DevOps is simply the blending of infrastructure operations processes and software development to enable faster changes to business applications/technology. These processes share a lot of ideolo...
Siemens SIMATIC Communication Processor Vulnerability (Update C)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Communication Processor Vulnerability: Authentication Bypass Issues 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-15-335-03...
lean-ruport Gem for Ruby /test/tc_database.rb Process Table Local Plaintext MySQL Password Disclosure
lean-ruport Gem for Ruby contains a flaw in /test/tcdatabase.rb that is due to the application exposing MySQL password information in plaintext in the process table. This may allow a local attacker to gain access to MySQL password information...
Hackers will not be deterred by UK cyber defences !
Military "cyber weaponry" will become commonplace this century, but it will be unlikely to deter attacks by "hacktivists" and criminal gangs, and could easily be used for state-sponsored cyber attacks instead, the Organisation for Economic Co-operation and Development warns. The British authors o...