Stakeholders Argue Against Restrictive Wassennaar Proposal

The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate. Several stakeholders implicated in the proposal added their voices to that chamber on Friday morning, urging the government to revise...

Low: Red Hat Enhancement Advisory: elfutils bug fix and enhancement update

Updated elfutils packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages have been...

[SECURITY] Fedora 22 Update: libssh-0.7.1-1.fc22

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Cyber UL Could Become Reality Under Leadership of Hacker Mudge

UPDATE–One of the longstanding problems in security–and the software industry in general–is the lack of any universally acknowledged authority on quality and reliability. But the industry moved one step closer to making such a clearinghouse a reality this week when Peiter Zatko, a longtime...

[SECURITY] Fedora 21 Update: postgresql-9.3.9-1.fc21

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

OPM Warned About Vulnerabilities, Governance Weaknesses

It’s hardly a surprise that the U.S. Office of Personnel Management OPM was targeted by nation-state hackers, given the sensitivity of the personal information the office stored. It’s also no shocker that OPM has been successfully infiltrated more than once given the state of its information...

Cisco Edge 340 Privilege Escalation Vulnerability

A vulnerability in the system configuration of Cisco Edge 340 could allow an authenticated, local attacker to run arbitrary programs with elevated privileges. The vulnerability is due to insufficient access control protections. An attacker could exploit this vulnerability by logging in to the...

[SECURITY] Fedora 22 Update: postgresql-9.4.2-1.fc22

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

Court's Ruling a 'Clear Signal' About Mass Surveillance Programs, Experts Say

The ruling last week by the Second Circuit Court of Appeals that the NSA’s years-long bulk collection of phone metadata is illegal is a “clear signal” that courts are moving in the direction of striking down some mass surveillance programs, experts say. The decision, issued Thursday, is among the...

Threat Intelligence Sharing Still Seen as a Challenge

SAN FRANCISCO–The discussion about information sharing has been going on in the security community since before there was a security community, but the tone and shape of the conversation have changed recently thanks to an executive order from the Obama administration and the relentless drumbeat o...

Microsoft Bounty Programs Expansion – Azure and Project Spartan

Update 2/22/17: Removed Guest-to-Host DoS non-distributed, from a single guest from Hyper-V escape bounty list. I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updati...

CVE-2015-2114

CVE-2015-2114 affects HP Support Solution Framework on Windows prior to 11.51.0049, where a vulnerability could allow a remote attacker to have the system download and execute an arbitrary program on a client machine via unspecified vectors. The NVD description states remote code execution with a...

ShellShock attack lab-vulnerability warning-the black bar safety net

A, experimental description 2 0 1 4 year 9 month 2 4 day Bash discovered a serious vulnerability shellshock, the vulnerability can be used in many systems, and both can be remote can also be in the local trigger. In this experiment, students need to personally reproduce the attack to understand t...

Microsoft HSC URL Remote Code Execution (MS04-015) - Ver2 (CVE-2004-0199)

A vulnerability exists in the way Microsoft Help and Support Center HSC validates URLs with the scheme hcp://. There is a vulnerability in the way the Microsoft Help and Support Center processes URL strings. The vulnerability could be exploited to download and execute malicious programs on a...

Microsoft HSC URL Remote Code Execution (MS04-015) - Ver2 (CVE-2004-0199)

A vulnerability exists in the way Microsoft Help and Support Center HSC validates URLs with the scheme hcp://. There is a vulnerability in the way the Microsoft Help and Support Center processes URL strings. The vulnerability could be exploited to download and execute malicious programs on a...

Authentication flaw

IBM General Parallel File System GPFS 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 in certain cipherList configurations allows remote attackers to bypass authentication and execute arbitrary programs as root via unspecified vectors...

[SECURITY] Fedora 22 Update: ImageMagick-6.8.8.10-9.fc22

ImageMagick is an image display and manipulation tool for the X Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF, and Photo CD image formats. It can resize, rotate, sharpen, color reduce, or add special effects to an image, and when finished you can either save the completed wor...

Adobe Starts Vulnerability Disclosure Program on HackerOne

Update: Adobe is the latest tech vendor to begin a vulnerability disclosure program, but it seems they’re limping in at the outset. The program launched this week on the HackerOne platform, but there are no cash incentives being offered and certain Adobe products are not in scope for researchers...

Security vulnerability is the essence of myth of the battle to compile code-bug warning-the black bar safety net

0x00 Preface Currently more popular but also more efficient mining of vulnerabilities is Fuzzing, of course, this also needs to take the time to write Fuzzing programs. However, not every things are necessary to write Fuzzing programs,not every thing can go to Fuzzing, so still have to continue t...

unzip -- heap based buffer overflow in iconv patch

Ubuntu Security Notice USN-2502-1 reports: unzip could be made to run programs if it opened a specially crafted file...