[SECURITY] Fedora 27 Update: nikto-2.1.6-1.fc27

Nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be...

CloudPets May Be Out of Business, But Security Concerns Remain

More than a year after CloudPets connected teddy bears were found to have exposed 2.2 million voice recordings between parents and their children in a significant data breach, Amazon, Target and Walmart have pulled the toys from their online markets. But it’s the installed base of the connected...

Red Hat DHCP client NetworkManager integration script command injection

Added: 05/18/2018 CVE: CVE-2018-1111 BID: 104195 Background The DHCP client on Red Hat Enterprise Linux includes a script which provides integration with the NetworkManager subsystem. Problem A command injection vulnerability in the NetworkManager integration script could allow arbitrary command...

Red Hat DHCP client NetworkManager integration script command injection

Added: 05/18/2018 CVE: CVE-2018-1111 BID: 104195 Background The DHCP client on Red Hat Enterprise Linux includes a script which provides integration with the NetworkManager subsystem. Problem A command injection vulnerability in the NetworkManager integration script could allow arbitrary command...

openSUSE Security Update : salt (openSUSE-2018-388)

This update for salt fixes the following issues : - Regression Permission problem: salt-ssh minion boostrap doesn't work anymore. bsc1027722 - wrong use of osfamily string for Suse in the locale module and others bsc1038855 - Cannot bootstrap a host using 'Manage system completely via SSH will no...

Installing updates or third party software on the ELM

As a general rule, you should not install software on your ELM. While there are some circumstances where it will work fine, it is likely to cause software dependency problems that will block App Layering updates. App Layering is very particular about the Linux software packages and versions...

The Recent Apps in the Start Menu are Not Displayed by the Citrix Receiver

The recent apps in the start menu are not displayed by the Citrix Receiver. Only the recent apps from a local app or shortcuts from GPO’s are shown. The registry key values are saved but are not displayed. If the users have icons in the start menu from a second worker group, the keys are created ...

A week in security (April 02 – April 08)

Last week, we took a look at fake Whatsapp antics, dubious gaming extensions, and a huge Panera bread breach. There was also LockCrypt ransomware to contend with, we had a poke around Linkedin, and we published another Physician, protect thyself blog. Other news Compromised cash register systems...

TLS 1.3 is nearly here

TLS stands for "Transport Layer Security" and it's rather important. Why's that? Oh, I'm glad you asked. Here's me, yelling my password across the office to you: "PASSWORD!!!" You heard me loud and clear, right? But so did basically anyone else nearby. Now let's work in a little TLS love and...

A week in security (March 19 – March 25)

Last week, we looked at the growing problem of smartphone addiction, how link rot is continually slicing down portions of the web, and the theft of our intellectual property. We also explored the landscape of DDoS problems, and tackled a Stephen Hawking 419 scam. Other news What can only really b...

"Incorrect username or password" on Secure Mail after Exchange Server upgrade to 2016 CU8

Since the exchange server was upgraded from Exchange 2016 to Exchange server 2016 CU8, users are facing 2 issues as below. 1. Existing users are unable to sync e-mail. 2. New users are unable to logon...

Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...

Lies and More Lies

Following the release of the Spectre and Meltdown CPU attacks, the security community wondered if other researchers would find related speculative attack problems. When the following appeared, we were concerned: "Skyfall and Solace More vulnerabilities in modern computers. Following the recent...

Description of the security update for Outlook 2013: January 9, 2018

Description of the security update for Outlook 2013: January 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:3388-1)

This update for ImageMagick fixes the following issues : - CVE-2017-14989: use-after-free in RenderFreetype in MagickCore/annotate.c could lead to denial of service bsc1061254 - CVE-2017-14682: GetNextToken in MagickCore/token.c heap buffer overflow could lead to denial of service bsc1060176 -...

October 17, 2017—KB4041688 (OS Build 14393.1794)

October 17, 2017—KB4041688 OS Build 14393.1794 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed rare issue where fonts may be corrupted after the Out of Box Experience is complete...

Unbreakable Enterprise kernel security update

2.6.39-400.297.12 - xsigo: backport Fix race in freeing aged Forwarding tables Pradeep Gopanapalli Orabug: 24823234 - ocfs2: fix deadlock issue when taking inode lock at vfs entry points Eric Ren Orabug: 25671723 - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock Eric Ren...

Tails 3.2 - Live System to Preserve Your Privacy and Anonymity

Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. It is a complete operating system designed to be used fr...

iOS 11 MDM-enrolled Device Issues with XenMobile in Cluster Mode

MDM commands may try to deploy multiple times on an MDM-enrolled iOS 11 device and may fail to complete successfully. An admin attempting to push MDM policies to an iOS 11 device, deploy applications, or carry out security actions such as Lock or Wipe may not be able to successfully to do. The us...

Girls Who Code: That's a Wrap!

The Summer Immersion Program for Girls Who Code at Akamai wrapped up this past week. The girls finished their final projects and presented them at a graduation ceremony attended by friends and family as well as supporters and mentors from Akamai. The girls were divided into five teams for their...