Talos DEFCON badge build instructions and use

By Patrick Mullen. We want to thank everyone who stopped by the Cisco Talos booth at DEFCON's Blue Team Village earlier this month. We handed out these badges at our area where we had Snort rules challenges, reverse-Capture the Flag and recruiters ready to answer attendees' career advice question...

FreeBSD -- Reference count overflow in mqueue filesystem 32-bit compat

Problem Description: System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. Impact: A local user can use this flaw to obtain access...

IBM API Connect Input Validation Error Vulnerability

IBM API Connect APIConnect is a suite of integrated solutions for managing the API lifecycle from IBM USA. The product supports creating, running, managing, and securing APIs, microservices, and more. An input validation error vulnerability exists in IBM API Connect. An attacker could exploit thi...

HackerTarget ToolKit v2.0 - Tools And Network Intelligence To Help Organizations With Attack Surface Discovery

Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities. Identification of an organizations vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open...

Logic Flaw Vulnerability in Widefield3

Widefield3, also known as Yokogawa PLC Programming Software, is a versatile PLC programming tool. Widefield3 suffers from a logic flaw vulnerability that can be exploited by an attacker to reconstruct the protection password of a program block or macro program...

CVE-2017-18444

cPanel before 64.0.21 allows demo accounts to execute SSH API commands SEC-248...

CVE-2019-1010299

The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vecdeque::Iter. The attack...

CVE-2018-20905

cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction SEC-429...

[SECURITY] Fedora 30 Update: python3-3.7.4-1.fc30

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

Fedora Update for python3 FEDORA-2019-9bfb4a3e4b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for python3-docs FEDORA-2019-9bfb4a3e4b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

New OTT Service Changing How New Zealanders Watch Sports

Communications service providers are looking for new ways to gain an edge in today's competitive market. In sports-crazed New Zealand, one of the country's largest telecom providers just launched an all-sports video service to attract new subscribers. Spark Sport is a new over-the-top OTT offerin...

Why Rust for safe systems programming

In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...

Why Rust for safe systems programming

In this series, we have explored the need for proactive measures to eliminate a class of vulnerabilities and walked through some examples of memory safety issues we’ve found in Microsoft code that could have been avoided with a different language. Now we’ll peek at why we think that Rust represen...

We need a safer systems programming language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a...

We need a safer systems programming language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a...

We need a safer systems programming language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a...

Efficient Go APIs with the mid-stack inliner

A common task in Go API design is returning a byte slice. In this post I will explore some old techniques and a new one that became possible in Go 1.12 with the introduction of the mid-stack inliner. Returning a fresh slice The most natural approach is to return a fresh byte slice, like...

CVE-2019-1917

A vulnerability in the REST API interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by...