PT-2021-6571

Name of the Vulnerable Software and Affected Versions Kubernetes affected versions not specified Description A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect...

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credenti...

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...

Privacy-First Browser Brave Is Launching a Search Engine

Unlike Google, Brave Search won’t track or profile people who use it...

uafuzz

This is an offensive tool for Binary Analysis. The repository, cherrywb/uafuzz, is a directed fuzzer dedicated to Use-After-Free UAF bugs at the binary level. It aims to detect UAF bugs, which appear when a heap element is used after having been freed. The tool uses a combination of static...

Uroboros - A GNU/Linux Monitoring And Profiling Tool Focused On Single Processes

Uroboros is a GNU/Linux monitoring tool focused on single processes. While utilities like top, ps and htop provide great overall details, they often lack useful temporal representation for specific processes, such visual representation of the process data points can be used to profile, debug and...

Information DIsclosure

mautic/core is vulnerable to information disclosure. The vulnerability exists as the tracking cookies per contact is systematically incremented by their auto-incremented ID, and it is possible to retrieve information about the contact through forms by progressive profiling...

Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID

Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as...

GHSA-VFXJ-QG93-7WWC Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID

Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as...

Cisco IOS XE Software Wireless Controller for the Catalyst 9000 Family WLAN Local Profiling DoS (cisco-sa-dclass-dos-VKh9D8k3)

According to its self-reported version, Cisco IOS XE is affected by a Denial of Service vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family. This vulnerability is due to incorrect parsing of HTTP packets while performin...

Sunburst: connecting the dots in the DNS requests

On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting...

API Discovery and Profiling -- Visibility to Protection

APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings. Protecting internet-facing APIs -- an emerging practice over the past few years -- is the...

API Discovery and Profiling -- Visibility to Protection

APIs have become a dominant mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, while exposing back-end data and logic to create new and innovative offerings...

The vulnerability of the WLAN Local Profiling function in the Cisco IOS XE operating system of Cisco Catalyst 9000 Series network devices allows a hacker to induce a service failure.

The vulnerability of the WLAN Local Profiling function in the Cisco IOS XE operating system and Cisco Catalyst 9000 Series network devices is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Researchers track malware developers through fingerprints

By Sudais Asif Researchers have developed a new technique using which they can identify the profile of a malware developer. This is a post from HackRead.com Read the original post: Researchers track malware developers through fingerprints...

CVE-2020-3428

A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect parsing of...

CVE-2020-3428 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability

A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect parsing of...

CVE-2020-3428

The CVE-2020-3428 issue affects Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family, specifically the WLAN Local Profiling feature. The root cause is incorrect parsing of HTTP packets during HTTP-based endpoint device classifications, which can be exploited by an unauthenticate...

Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability

A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to incorrect parsing of...

PT-2020-4164 · Cisco · Cisco Ios Xe Wireless Controller +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family affected versions not specified Description: A vulnerability in the WLAN Local Profiling feature could allow an unauthenticated, adjacent attacker to cause a denial ...