Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin:...

Cross site scripting

In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader-MaxPtCnt' and which could result in OO...

Exploit for CVE-2020-6616

Broadcom c...

A week in security (August 27 – September 2)

Last week, we looked at dubious antics in mobile land, a peculiar case of spam on the official Cardi B website, and we deep dived into fileless malware. We also explored the inner workings of Hidden Bee, and gave an explainer of Regex. Other cybersecurity news: Huge data breach affects Chinese...

CVE-2018-16376

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2encodepacket in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact...

Securing Container Deployments with Qualys

With container adoption booming, security teams must protect the applications that DevOps teams create and deploy using this method of OS virtualization. The security must be comprehensive across the entire container lifecycle, and built into the DevOps pipeline in a way that is seamless and...

Cybercriminals Changing Tactics as Seen in First Half Report

Today, Trend Micro released its first half 2018 security roundup report in which we want to share the threat intelligence we discovered through the Trend Micro Smart Protection Network that allows us to identify the threats that have targeted our customer base. Below are some thoughts I’d like to...

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

Ransomware raids aimed at specific targets with big pockets. Another Struts vulnerability -- but scarier than last year’s. An Android spyware that records your phone calls. These are some of the security news that have caught our attention. New Struts Bug Should Be Patched Yesterday Apache patche...

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

A new remote code execution vulnerability in Apache Struts 2, CVE-2018-11776, was disclosed yesterday. While this vulnerability does not exist with a default configuration of Struts, it does exist in commonly seen configurations for some Struts plugins. Update August 24, 2018: A dashboard for thi...

Linux Kernel IP Vulnerability 2

On the week of July 15th, researcher Juha-Matti Tilli disclosed a vulnerability in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland NCSC-FI, CERT Coordination Center CERT/CC, and Akamai. The vulnerability, CVE-2018-5391, is a resource exhaustion attack...

Flaws in Pre-Installed Apps Expose Millions of Android Devices to Hackers

Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely? Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there's nothing you can do if any of them has a backdoor built-in—even if...

Black Hat 2018: Google Bug Hunter Urges Apple to Change its iOS Security Culture

LAS VEGAS – Prolific Google bug hunter Ian Beer ripped into Apple on Wednesday, urging the iPhone maker to change its culture when it comes to iOS security. He said the company suffers from an all-too-common affliction of patching an iOS bug, but not fixing the systemic roots that contribute to t...

ThreatList: Financial Services Firms Lag in Patching Habits

Almost half 45 percent of financial services firms in a recent survey have reported a data breach in the last two years – with many of those attacks being completely avoidable if known vulnerabilities were patched. In a Ponemon Institute survey of nearly 3,000 cybersecurity professionals at...

Linux Kernel TCP Vulnerability

On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland NCSC-FI, CERT Coordination Center CERT/CC, and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustio...

What I expect from IT Asset Inventory

The main problem of vulnerability management, in my opinion, is that it is not always clear whether we know about ALL network hosts existing in our infrastructure or not. So, not the actual process of scanning and the detection of vulnerabilities, but the lack of knowledge what we should scan...

HRSale 1.0.6 Local File Disclosure

Exploit Title: HRSALE - HR Management PHP Script - LFD Google Dork: N/A Date: 2018/1/8 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://hrsale.com Software Buy: https://www.codester.com/items/8599/hrsale-hr-management-php-script Demo:...

A Quick-Start Introduction to Database Security: An Operational Approach

The recent SingHealth data breach incident exposed around 1.5 million patients’ records. In its aftermath, the Cyber Security Agency of Singapore published a set of security measures aimed at improving the protection of Personally Identifiable Information PII data. The recommended security measur...

Spectre Will Haunt Us For a Long Time

During a recent Congressional hearing, Senators voiced concerns about the ongoing Spectre and Meltdown vulnerabilities. While the technical details were predictably glossed over, most of the hearing focused on Intel informing Chinese partners about the flaws six months before they went public...

How Cyber Insurance Changes the Conversation Around Risk

Premiums paid for cyber insurance could triple to more than $7.5 billion by 2020, according to consultancy PwC. Companies are waking up to the fact that cyber risk equals business risk. Ask FedEx’s European arm, shipping giant Maersk or any of the other major organizations knocked out of operatio...

CVE-2018-11716

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information private information such as location of enrolled devices, cleartext passwords, patching level, etc. via...