43 matches found
#CbChats: Rick McElroy Talks About the Mental Health Side of Cybersecurity
Rick McElroy, security strategist for Carbon Black, has more than 17 years of information security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. He has performed services for the U.S. Department of Defense, and has held...
Cb Defense’s ‘Streaming Ransomware Prevention’ Stops Bad Rabbit in Its Tracks
On October 24, a large-scale ransomware campaign spread across Europe, in campaigns closely mimicking the NotPetya attacks from earlier this year. Bad Rabbit appeared to infect machines via a drive-by-download that prompted the user to download a fake Adobe Flash installer. No exploits were used...
ricklane.com XSS vulnerability
Open Bug Bounty ID: OBB-303424 Description| Value ---|--- Affected Website:| ricklane.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Webinar with Rick Orloff, ex CISO of eBay
Join us at 11 am PDT on Wednesday, September 27 for a live frank conversation with Rick Orloff, CSO of Code42 and former CISO of eBay. UPDATE: The recorded webinar is available as a podcast: Rick shared his insights about the changing role of security with new realities of DevOps world, new...
Debian DSA-3974-1 : tomcat8 - security update
Two issues were discovered in the Tomcat servlet and JSP engine. - CVE-2017-7674 Rick Riemer discovered that the Cross-Origin Resource Sharing filter did not add a Vary header indicating possible different responses, which could lead to cache poisoning. - CVE-2017-7675 stretch only Markus...
Flag - Moderately Critical - Access Bypass - SA-CONTRIB-2016-050
Flag enables users to mark content with any number of admin-defined flags, such as 'bookmarks' or 'spam'. Flag Bookmark is a submodule within Flag, which provides a 'bookmarks' flag, and default views to list bookmarked content. The provided view that lists each user's bookmarked content as a tab...
Microsoft Windows 7 (x64) - afd.sys Dangling Pointer Privilege Escalation (MS14-040)
Microsoft Windows 7 x64 - afd.sys Dangling Pointer Privilege Escalation MS14-040 Exploit Title: MS14-040 - AFD.SYS Dangling Pointer Date: 2016-03-03 Exploit Author: Rick Larabee Vendor Homepage: www.microsoft.com Version: Windows 7, 64 bit Tested on: Win7 x64 afd.sys - 6.1.7601.17514 ntdll.dll -...
Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Exploit Title: MS14-040 - AFD.SYS Dangling Pointer Date: 2016-03-03 Exploit Author: Rick Larabee Vendor Homepage: www.microsoft.com Version: Windows 7, 64 bit Tested on: Win7 x64 afd.sys - 6.1.7601.17514 ntdll.dll - 6.1.7601.17514 CVE : CVE-2014-1767 Category: Local Privilege Escalation Reference...
Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)
Exploit Title: MS14-040 - AFD.SYS Dangling Pointer Date: 2016-02-05 Exploit Author: Rick Larabee Vendor Homepage: www.microsoft.com Version: Windows 7, 32 bit Tested on: Win7 x32 afd.sys - 6.1.7600.16385 ntdll.dll - 6.1.7600.16385 CVE : CVE-2014-1767 Category: Local Privilege Escalation Reference...
Coalfire Contributes to New Book on Cybersecurity
Today marks the launch of a new book published by the New York Stock Exchange and Palo Alto Networks called, "Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers." Im proud to have worked with my predecessor, the late Rick Dakin, to contribute a chapter to th...
Funeral Services for Rick Dakin
The funeral for Rick Dakin will be held on Tuesday, June 30 at 10 a.m. at the Gatehouse Lionsgate, located at 1055 South 112th Street, Hwy 287, Lafayette, CO 80026. Arrangements are being made through the Crist Mortuary in Boulder, Colorado. An online memorial page and guestbook will be set up...
In Memory of Our Friend, Rick Dakin
We are deeply saddened to announce that our founder and CEO Rick Dakin passed away suddenly over the weekend...
SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)
The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. The module doesn't sufficiently sanitize field labels when exposing them through the Token API thereby exposing a Cross Site Scripting XSS vulnerability. This...
SA-CONTRIB-2014-100 - Bad Behavior - Information Disclosure
This module enables you to to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts. Information Disclosure The module doesn't sufficiently sanitize log data, allowing...
SA-CONTRIB-2014-101 - Ubercart - Cross Site Request Forgery
The Ubercart module provides a shopping cart and e-commerce features for Drupal. Cross Site Request Forgery CSRF The country administration links are not properly protected. A malicious user could trick a store administrator into enabling or disabling a country by getting them to visit a...
Network Tool 0.2 PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3552/info Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interface. A problem with the package has been...
SA-CONTRIB-2014-065 - Custom Meta - Cross Site Scripting (XSS)
The module allows you to define and manage custom meta tags. The module does not sufficiently sanitize user input before displaying the attribute and content values for meta tags on the administration page. This vulnerability is mitigated by the fact that an attacker must have access to an accoun...
SA-CONTRIB-2014-056 - Commerce Moneris - Information Disclosure
Commerce Moneris is a payment module that integrates the Moneris payment system with Drupal Commerce. The module stores credit card data in a commerce order object unnecessarily for the purpose of passing the credit card information to the payment gateway. The credit card information is never...
SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure
This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact...
Coalfire Expands Dallas Office and Names Kurt Hagerman Managing Director
I am pleased to announce that our Dallas office is growing by leaps and bounds. Leading the charge is Kurt Hagerman, the newly appointed managing director. Kurt will serve more than 60 clients in the Southwest region and oversee Coalfires strategic vision while building new client relationships f...