[SECURITY] Fedora 34 Update: yara-4.1.0-1.fc34

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 34 Update: python-yara-4.1.0-1.fc34

Python binding for the YARA pattern matching tool. YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each...

SUSE-SU-2021:1497-1 Security update for sca-patterns-sle11

This update for sca-patterns-sle11 fixes the following issues: - New regular patterns 1 for version 1.3.1 Special Register Buffer Data Sampling aka CrossTalk CVE-2020-0543 bsc1154824...

SUSE: Security Advisory (SUSE-SU-2018:2384-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2344-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2353-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2345-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

CVE-2021-21626

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match...

Introducing the 2020 Vulnerability Intelligence Report: 50 CVEs that Made Headlines in 2020

2020 was a tumultuous year for vulnerability risk management. Defenders had to contend with a growing volume of high-priority security threats, many of them in internet-facing technologies deployed to enable and secure a suddenly remote workforce. New communications from the U.S. National Securit...

Halogen - Automatically Create YARA Rules From Malicious Documents

Halogen is a tool to automate the creation of yara rules against image files embedded within a malicious document. Halogen help python3 halogen.py -h usage: halogen.py -h -f FILE -d DIR -n NAME --png-idat --jpg-sos Halogen: Automatically create yara rules based on images embedded in office...

Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a directory traversal vulnerability (CVE-2021-20354)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

UDdup - Urls De-Duplication Tool For Better Recon

The tool gets a list of URLs, and removes "duplicate" pages in the sense of URL patterns that are probably repetitive and points to the same web template. For example: https://www.example.com/product/123 https://www.example.com/product/456 https://www.example.com/product/123?isprod=false...

Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

A playbook for modernizing security operations

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post from our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Dave Kennedy, Founder and...

Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to an XML External Entity (XXE) Injection Vulnerability (CVE-2020-4949)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...

CentOS 8 : librsvg2 (CESA-2020:4709)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4709 advisory. - librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 Note that Nessus has not tested for this issue but has instead relied on...

Lawmakers Take Aim at Insidious Digital ‘Dark Patterns’

A new California law prohibits efforts to trick consumers into handing over data or money. A bill in Washington state copies the language...

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive securit...