Bad Rabbit Linked to ExPetr/Not Petya Attacks

A link has been confirmed between the Bad Rabbit ransomware outbreak detected yesterday in major organizations in Russia and Ukraine and this summer’s ExPetr/Not Petya attacks. Researchers at Kaspersky Lab said there are “clear ties” between the two attacks though one major piece of the puzzle is...

How To Catch a Cheater

You have observed your partner and noticed some significant changes in behavior. They are more secretive about using their phone; they are working late or on the weekend; or they are not connecting with you like they used to. Do you have a cheater in the house? How can you find out? There are som...

Threat Spotlight: Follow the Bad Rabbit

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.Update 2017-10-26 16:10 EDT: added additional information regarding the links between Nyetya and BadRabbitUpdate 2017-10-26 09:20...

httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)

A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...

actionpack Improper Authentication vulnerability

The decodecredentials method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access...

BYOD, why don’t you?

Bring Your Own Device BYOD is a policy that allows employees to bring their own devices to the workplace and use them there. At one time, this was the latest bonus to attract and keep employees happy—plus save a few bucks. Nowadays the question is more like: Is there anyone who doesn't bring his...

httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)

A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...

Moderate: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)

A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash...

postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

Apache OpenMeetings < 3.3.0 Multiple Vulnerabilities

Apache OpenMeetings is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:openmeetings";...

XenMobile BitLocker Policy for Windows 10 Desktop/Tablet

XenMobile BitLocker Policy for Windows 10 Desktop/Tablets BitLocker is a disk encryption feature that is built into Windows 10. It can be controlled via MDM policy beginning in Windows 10 1703 build. The policy CSP is available...

Android Lockscreen Patterns Less Secure Than PINs

An academic study set out to prove whether it’s better to protect your Android phone with a PIN or a swipe pattern. The answer is PIN. At least when it comes to proximity attacks, namely someone lurking about trying to guess your PIN or unlock pattern. The study PDF, published Friday by researche...

7 Predictions for Ransomware’s Evolution

During the past six months, the Carbon Black Threat Analysis Unit TAU analyzed more than 1,000 ransomware samples, categorizing them into 150 families, and found attackers are looking to make quick, easy money with unsophisticated malware, combined with sophisticated delivery methods. Our samplin...

Mass-Scale Ransomware Attacks Providing Hackers the Ability to Earn Quick Money

During the past six months, the Carbon Black Threat Analysis Unit TAU analyzed more than 1,000 ransomware samples, categorizing them into 150 families, and found the following: Attackers are looking to make quick, easy money with unsophisticated malware combined with sophisticated delivery method...

MS16-014: Description of the security update for Windows: February 9, 2016

MS16-014: Description of the security update for Windows: February 9, 2016 Summary This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted...

Design/Logic Flaw

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...

CVE-2015-0689

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...

CVE-2015-0689

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743...

CVE-2015-0689

Cisco Cloud Web Security (CWS) prior to version 3.0.1.7 is affected by CVE-2015-0689. The root cause is improper handling of HTTP methods in the connector engine, which allows remote attackers to bypass the product’s filtering protection. The impact is bypass of the intended content filtering (no...