18 matches found
Beers with Talos: Year in Review episode
Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. The team also provide insights into some of the topics of the report, including the top-targeted vulnerabilities...
CVE-2024-12392 Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic
A Server-Side Request Forgery SSRF vulnerability exists in binary-husky/gptacademic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...
Security Bulletin: IBM XIV Storage System Gen3 (CVE-2011-4619, CVE-2011-4576, CVE-2011-3210, CVE-2012-4829)
Abstract Certain network-based attacks can cause the administration interface server to reboot CVE-2011-4619 and CVE-2011-3210. Control data may be leaked from pad regions of cipher blocks CVE-2011-4576. Also Release 11.2 adds the ability for the client to install their own X509v3 certificate...
Four Key Findings from the 2022 Cyberthreat Defense Report
For the ninth year, Imperva is proud to sponsor CyberEdge Group’s annual Cyberthreat Defense Report. In this report, CyberEdge Group delivers a detailed accounting of how IT security professionals perceive cyberthreats today and reveals actionable insights into how they plan to defend their...
Cyber-Attacks: How to Stop a Multibillion-Dollar Problem
By Ed Cabrera, Chief Cybersecurity Officer for Trend Micro and Martin Bally, Vice President & Chief Security Officer for Diebold Nixdorf ? Where there’s money, there has always been crime. Traditional bank robbery and physical assaults on ATMs are still a challenge, and now a new breed of...
Attack The Machines: The lucrative business of ATM malware
Trend Micro and Europol’s European Cybercrime Centre EC3 today released a publicly available report on the ATM malware landscape. This builds on the 2016 report that was privately released to financial institutions and law enforcement agencies globally. The report digs into the depth and breadth ...
BSA-2017-322
Security Advisory ID : BSA-2017-322 Component : JAVA SE AWT Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with...
Cisco 871 Integrated Services Router - Cross-Site Request Forgery Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attack...
LANDesk Management Gateway 4.x Multiple Security Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38119/info LANDesk Management Gateway is prone to a cross-site request-forgery vulnerability and a cross-site scripting vulnerability. An attacker can exploit the cross-site request forgery issue to alter the settings on...
Cisco 871 Integrated Services Router - Cross-Site Request Forgery Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attack...
Who Needs a Botnet when you have a 4 Gbps DDoS Cannon?
In recent months the DDoS world has shifted from complex small scale Botnet attacks to much larger network based DDoS attacks, perpetrated largely by hijacked web servers. How many of these hijacked servers are out there remains to be seen. However, Incapsula recently got a very good idea of just...
NSA Director Alexander: US Building Cyberattack Teams
More rhetoric is coming out of Washington regarding the use of malware as an auxiliary weapon to bombs and bullets. National Security Agency leader Gen. Keith Alexander told a House Armed Services Committee yesterday that his new Cyber Command will be ready to retaliate should the United States...
LANDesk Management Gateway 4.x - Multiple Vulnerabilities
LANDesk Management Gateway 4.x - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/38119/info LANDesk Management Gateway is prone to a cross-site request-forgery vulnerability and a cross-site scripting vulnerability. An attacker can exploit the cross-site request forgery issue t...
LANDesk Management Gateway 4.x - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/38119/info LANDesk Management Gateway is prone to a cross-site request-forgery vulnerability and a cross-site scripting vulnerability. An attacker can exploit the cross-site request forgery issue to alter the settings on affected devices. This may lead to...
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1)
Cisco 871 Integrated Services Router - Cross-Site Request Forgery 1 source: https://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. Successful exploits can run arbitrary commands on affected devices. This may le...
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1)
source: https://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attacks. The 871 Integrated Services...
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2)
Cisco 871 Integrated Services Router - Cross-Site Request Forgery 2 source: https://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. Successful exploits can run arbitrary commands on affected devices. This may le...
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2)
source: https://www.securityfocus.com/bid/31218/info The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability. Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attacks. The 871 Integrated Services...