Microsoft Windows Multiple Vulnerabilities (KB4042007)

This host is missing an important security update according to Microsoft KB4042007 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

[SECURITY] Fedora 27 Update: ImageMagick-6.9.9.15-1.fc27

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

[SECURITY] Fedora 27 Update: ImageMagick-6.9.9.13-1.fc27

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

Partner Perspectives: Operationalizing Data With the Carbon Black and Splunk Integration (Part 1)

Editor's Note: this blog originally appeared on RedCanary.com Over the last 5 years I have grown very close to Splunk. The product has evolved so much over the years, but the core architecture has always been easy to deploy and understand. Splunk is known for the speed at which it can search for...

mysql: Client programs unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

[SECURITY] Fedora 25 Update: ImageMagick-6.9.9.13-1.fc25

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

Malware That Can’t Clean Its Tracks: CCleaner and Ongoing Supply-Chain Attacks

A new malware compromise identified this week was using malware officially signed and provided by its software manufacturer for public download by millions of people. It’s a move that started the week for many organizations in a state of worry. This week, the Cisco Talos research team disclosed...

Microsoft .NET Framework Remote Code Execution Vulnerability (KB4040973)

This host is missing a critical security update according to Microsoft Security Updates KB4040973. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Pharos Static Binary Analysis Framework

The Pharos static binary analysis framework is a project of the Software Engineering Institute at Carnegie Mellon University. The framework is designed to facilitate the automated analysis of binary programs. It uses the ROSE compiler infrastructure developed by Lawrence Livermore National...

[SECURITY] Fedora 25 Update: postgresql-9.5.8-1.fc25

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

Solution Corner: Malwarebytes for Android

People have become increasingly reliant on their mobile devices in recent years. Smartphones and tablets have revolutionized daily life. Unfortunately, such rapid growth has also attracted criminals, bringing Android up to par with Windows in terms of infection rates. Android threat landscape A...

How To Automate Security Analysis with the RIPS API

RIPS API RIPS exposes a powerful REST-API, an interface specifically designed for developers and their applications. It is used to provide the web interface with analysis results, to start scans through plugins, to manage users, and much more. In short, the API enables easy automation of all RIPS...

[SECURITY] Fedora 26 Update: postgresql-9.6.4-1.fc26

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...

CVE-2017-3636

Disclaimer: This data contains information about vulnerable...

Cybersecurity Wants You!

At Black Hat in Las Vegas last week, Trend Micro’s Kevin Simzer spoke about the global, dire need for cybersecurity talent. The number of open jobs in cybersecurity continues to increase dramatically. A report from Cisco stated that there were over one million unfilled positions globally in 2016...

The CIO Will Report to the CISO: The Why

Note: This article originally appeared on LinkedIn Pulse. If you disagree with me, please visit the LinkedIn post to join the comments we've gotten so far. As a community we need the open discussion to advance our collective thinking. If you agree, please like, comment and/or share the post. It’s...

Measuring Vulnerability Rediscovery

New paper: "Taking Stock: Estimating Vulnerability Rediscovery," by Trey Herr, Bruce Schneier, and Christopher Morris: Abstract: How often do multiple, independent, parties discover the same vulnerability? There are ample models of vulnerability discovery, but little academic work on this issue o...

Me on Restaurant Surveillance Technology

I attended the National Restaurant Association exposition in Chicago earlier this year, and looked at all the ways modern restaurant IT is spying on people. But there's also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Interne...

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...