71 matches found
CVE-2020-27616
CVE-2020-27616 : In QEMU 4.2.1, ati_2d_blt in hw/display/ati_2d.c can trigger an outside-limits calculation, allowing a guest to crash the QEMU process. Connected advisories (Astra Linux, openSUSE/SUSE) reference this exact issue and list it among other QEMU fixes, but no explicit remediation or ...
Black Hat USA, DEF CON 28 Go Virtual
Cybersecurity conferences Black Hat USA and DEF CON 28 will not be held in person this year due to the coronavirus pandemic. The conferences will both instead be transformed into completely virtualized events. Both back-to-back annual conferences were set to take place in Las Vegas this year; Bla...
No, a Border Wall Won't Stop Coronavirus
Donald Trump's latest pitch for the wall ignores basic science—and might only make things worse...
CVE-2020-7595
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation...
CVE-2020-7595
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation...
Lessons learned from the Microsoft SOC Part 2b: Career paths and readiness
The “Lessons learned from the Microsoft SOC” blog series is designed to share our approach and experience with security operations center SOC operations, so you can use what we learned to improve your SOC. The learnings in the series come primarily from Microsoft’s corporate IT security operation...
Authentication flaw
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass account takeover exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a...
It Started as an Online Gaming Prank. Then It Turned Deadly
A $1.50 wager on a "Call of Duty" match led to a fake 911 call reporting a violent hostage situation in Wichita. Here’s how it all went horribly awry...
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
Exploit Title: Beyond Remote 2.2.5.3 - Denial of Service PoC Author: Erenay Gencay Discovey Date: 2018-09-24 Vendor notified : 2018-09-24 Software Link: https://beyond-remote-client-and-server.jaleco.com/ Tested Version: 2.2.5.3 Tested on OS: Windows XP Professional sp3 ENG Steps to Reproduce: Ru...
[slackware-security] Slackware 14.2 kernel
New kernel packages are available for Slackware 14.2 to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.157/: Upgraded. This kernel removes the unnecessary vmacacheflushall code which could have led to a use-after-free situation and...
Examining & Evaluating Security Before a “Pressure Event” is Critical…Especially on a Hot Summer Day
There are countless parallels between cyber and physical security. I often use physical security to explain cyber to the uninitiated. The thick walls, soundproofed vents, locks and codes and even the key on the door to Robert Hanssen’s SCIF are mirrored by the malware detectors, firewalls next-ge...
Kansas Man Killed In ‘SWATting’ Attack
A 28-year-old Kansas man was shot and killed by police officers on the evening of Dec. 28 after someone fraudulently reported a hostage situation ongoing at his home. The false report was the latest in a dangerous hoax known as "swatting," wherein the perpetrator falsely reports a dangerous...
Canadian Man Gets 9 Months Detention for Serial Swattings, Bomb Threats
A 19-year-old Canadian man was found guilty of making almost three dozen fraudulent calls to emergency services across North America in 2013 and 2014. The false alarms, two of which targeted this author -- involved phoning in phony bomb threats and multiple attempts at "swatting" -- a dangerous...
Equifax Data Breach: Steps You should Take to Protect Yourself
Equifax has suffered one of the largest data breaches in history that has left highly sensitive data of as many as 143 million people—that's nearly half of the US population—in the hands of hackers. Based on the company's investigation, some unknown hackers managed to exploit a security flaw on t...
shacklocks.co.uk XSS vulnerability
Vulnerable URL: http://www.shacklocks.co.uk/situations/situation-detail.php?situationid=1"...
McAfee Email Gateway - Application Protections Bypass
MEG is vulnerable to file attachments containing the null character. The scanning mechanism fails to identify the file name properly. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Nuclear, Angler Exploit Kit Activity Has Disappeared
Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few. Researchers who stud...
Adobe Flash Player is really into a hopeless situation-vulnerability and early warning-the black bar safety net
! Adobe Flash Player can be smoothly applied to a variety of platforms, but it is also because its application is broad and its own vulnerability, causing it to always be hackers of all ages, this time is no exception. For a long time, hackers always like to use some of the underground network to...
PhpVibe 3.1 Cross Site Scripting / SQL Injection Vulnerabilities
PhpVibe version 3.1 suffers from cross site scripting and remote error-based blind SQL injection vulnerabilities. Exploit Title: PhpVibe 3.1 - Multiples Vulnerabilites Product: PhpVibe Official site: http://phprevolution.com/ Risk Level: High Exploit Author: Esac Demo : http://playviralvideos.com...
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
Defense giant Northrop Grumman is hiring software engineers to help it carry out “offensive cyberspace operations,” according to a recent job posting. The job posting, for a “Cyber Software Engineer 2” appeared on the Website Clearancejobs.com and described a position on a Northrop R&D project to...