Killer robots are here. Now what? (Lock and Code S07E07)

Big news : Lock and Code is nominated for a Webby Award! You can help us win the People's Voice Award by voting here. Vote now! This week on the Lock and Code podcast … We have to talk about killer robots. No, not the Terminator, and not some Boston Dynamics robot run amok. We have to talk instea...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

SideCopy Using Action RAT and AllaKore RAT to infiltrate Indian Organizations

The suspected Pakistan-aligned threat actor known as SideCopy has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. This involves using a ZIP archive lure pertaining to India's Defence Research and Development Organizatio...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15...

Career Navigator talk for IT Hub College

Last week I gave a "Career Navigator" talk for the students of the IT Hub College in Moscow. By the way, this college has a very interesting practical information security program. If it is relevant for you, check it out. Ive never talked so much about myself in public. It was like giving advises...

File upload vulnerability in county-level flash flood monitoring and early warning system of Suzhou Mengtu Geographic Information System Co.

Suzhou Mengtu Geographic Information System Limited Liability Company is a high-tech company specializing in the research and development of geographic information system platform and the development of industry application software. Suzhou Mengtu Geographic Information System Limited Liability...

Unauthorized Access Vulnerability in Wireless Signal Extender of Shenzhen Jixiang Tengda Technology Co.

Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. Shenzhen Jixiang Tengda Technology Co., Ltd Wireless Signal Extender has an unauthorized access vulnerability that can be exploited b...

Arbitrary File Download Vulnerability in Blue Shield Firewall of Blue Shield Information Security Technology Co.

Blue Shield Information Security Technology Co., Ltd. is the earliest professional network security enterprise engaged in the research and development, production and sales of information security products with independent intellectual property rights in China. Blue Shield Information Security...

Arbitrary File Download Vulnerability in Flying FishStar Next-Generation Firewall Security Gateway

Chengdu Flying Fish Star Technology Co., Ltd. is one of the few local enterprises in the industry with independent intellectual property rights and independent R & D capabilities, focusing on the digital communication industry, the Internet of Things industry product innovation and research and...

Agile Development Framework of Shanghai PowerSoft Information Technology Co.

Ltd. is a high-tech enterprise specializing in the research and development of development frameworks and enterprise application system development. A logic flaw vulnerability exists in the Agile Development Framework of PowerSoft Shanghai, which can be exploited by attackers to obtain sensitive...

Logic Flaw Vulnerability in NM3000 Network Element Management System

DDPV is a wholly owned subsidiary of DigitalVision Group, specializing in the research and development, production, marketing and service of coaxial broadband access technology and optical communication technology. A logic flaw vulnerability exists in the NM3000 network element management system,...

How one data scientist is pioneering techniques to detect security threats

Data science is an increasingly popular field of study that’s relevant to every industry. When Maria Puertas Calvo was a student, she never imagined that one day she would pioneer data science techniques to detect security threats. She started her Microsoft career on the Safety Platform team,...

Facebook, Microsoft Challenge Industry to Detect, Prevent ‘Deepfakes’

Facebook, Microsoft and a number of universities have joined forces to sponsor a contest promoting research and development to combat deepfakes, or videos altered through artificial intelligence AI to mislead viewers. The two tech giants—along with the Partnership on AI and academics from Cornell...

The Advanced Persistent Threat files: APT10

We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...

Carbon Black Opens New Research and Development Office in Greater Portland, Oregon

Carbon Black is proud to announce our new office opening in Hillsboro, Oregon – just outside of Portland. The office will serve as a center for research and development, with a focus on bringing new products to market. Hillsboro lies just outside of Portland, a city that experienced a 40-percent...

D-Link DNS-343 ShareCenter < 1.05 - Command Injection

Introduction The purpose of this article is to detail the research that I have recently completed regarding the D-Link DNS 343 ShareCenter. Background The D-Link ShareCenter 4-Bay Network Storage Enclosure DNS-343 connects to your network instead of to a computer so everyone on your network can...

Industrial Cobots Might Be The Next Big IoT Security Mess

Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings. The...

Sam Pfanstiel Appointed Director, Solution Architecture for Payments

Coalfire today announced Sam Pfanstiel has joined the company as the Director of Solution Architecture for Payments. Pfanstiels experience spans solution engineering and consulting as well as research and development positions...

Omeka 2.2.1 - Remote Code Execution

Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...

DoD Inspector General Calls Out Army CIO For Poor Mobile Device Security

The CIO of the U.S. Army failed to put in place a comprehensive security program capable of protecting data stored on commercial mobile devices such as iPhones and Androids, leaving sensitive information in key Army installations exposed. The Inspector General of the Department of Defense took th...