HackerOne: Lack of cross-origin request blocking allows leaking of sensitive information on several endpoints

Summary: It is possible to make users leak sensitive information on several endpoints by measuring the time certain requests take to be cached. Description: If a request is made to https://hackerone.com/github/weaknesses and the user is logged in, the size of the response will be around 9kb becau...

[SECURITY] Fedora 28 Update: papi-5.6.0-5.fc28

PAPI provides a programmer interface to monitor the performance of running programs...

A Look Inside: Bug Bounties and Pen Testing

As more organizations turn to bug bounty programs, versus penetration testing, to weed out vulnerabilities in their products we ask Christie Terrill, partner at Bishop Fox, what she sees as the pros and cons of either approach. Threatpost’s Lindsey O’Donnell also asks Terrill what kind of compani...

[SECURITY] Fedora 28 Update: community-mysql-5.7.22-1.fc28

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Boutique Shops Offering Rewards Points Pop Up on the Dark Web

Cybercriminal interest in stolen data is not solely limited to financial or personally identifiable information. The exploitation of rewards-points programs, especially those associated with travel, is also on the radar screen for the bad guys. To cater to this interest, a series of boutique stor...

Hacktivists, Tech Giants Protest Georgia’s ‘Hack-Back’ Bill

As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to “hack back” with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group...

Microsoft Windows 10: Debug programs

This policy setting determines which users can attach to or open any process, even those they do not own. Developers who are debugging their own applications do not need to be assigned this user right. Developers who are debugging new system components need this user right. This user right provid...

mysql: Client programs unspecified vulnerability (CPU Apr 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

FreeBSD : MySQL -- multiple vulnerabilities (57aec168-453e-11e8-8777-b499baebfeaf)

Oracle reports : MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges - A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. - A...

UBUNTU-CVE-2018-2773

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2018-08379)

Oracle MySQL is an open source relational database management system from Oracle. The database system is characterized by high performance, low cost, good reliability, etc. MySQL Server is one of the server components. An unspecified vulnerability exists in the Client programs component of Oracle...

UBUNTU-CVE-2018-2761

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2018-08400)

Oracle MySQL is an open source relational database management system from Oracle. The database system is characterized by high performance, low cost, good reliability, etc. MySQL Server is one of the server components. An unspecified vulnerability exists in the Client programs component of Oracle...

Arm your users with knowledge to spot phishing attacks – for free!

Attendees to the Black Hat 2017 security conference said their No. 1 security concern and most time-consuming activity was phishing and social engineering attacks. That’s no surprise with the increase in Business Email Compromise BEC attacks and with most ransomware being delivered by email. But...

MySQL -- multiple vulnerabilities

Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...

[SECURITY] Fedora 26 Update: mariadb-10.1.32-1.fc26

MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client...

[SECURITY] Fedora 26 Update: ImageMagick-6.9.9.38-1.fc26

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

Microsoft Windows Kernel Elevation of Privilege Vulnerability (KB4100480)

This host is missing a critical security update according to Microsoft KB4100480 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Not All Privileges are Assigned to Caller error during upgrade/install

Challenge When upgrading, the installer encounters the following error message which prevents it from proceeding: "Not all privileges or groups referenced are assigned to the caller" Affected Application Installers Veeam Backup & Replication Veeam Backup Enterprise Manager Veeam ONE Veeam Recover...

CyberByte steals Malwarebytes’ intellectual property

At Malwarebytes, we frequently examine apps for detection as Potentially Unwanted Programs PUPs. These are programs that exhibit a wide variety of bad behaviors, but aren't actually outright malware. Unfortunately, there are many supposed antivirus programs that fit this category. Following user...