Artifex Software Ghostscript 'pdf14_pop_transparency_group' Function Denial of Service Vulnerability

Artifex Software Ghostscript is an open source PostScript parser from Artifex Software, which displays Postscript files and prints them on non-Postscript printers. Artifex Software Ghostscript 9.20 version of the PDF Transparency module of the base/gdevp14.c file 'pdf14poptransparencygroup'...

Real World Crypto 2018 (RWC 2018) brain dump

The 2018 edition of Real World Crypto RWC was in Zurich you can find the conference full program here.. I live in Switzerland so I was extremely happy about it. RWC is basically the best conference I ever attended and it will probably be so for a while. I almost risked to skip it due to flu but I...

Vulchain Scanner: 5 basic principles

New Year holidays in Russia lasts 10 days this year! Isn't it an excellent opportunity to start a new project? So, I decided to make my own active network vulnerability scanner - Vulchain. Why? Well, first of all, it's fun. You can make the architecture from scratch, see the difficulties invisibl...

certstreamcatcher - Catching phishing by observing certificate transparency logs

Catching phishing by observing certificate transparency logs. This tool is based on regex with effective standards for detecting phishing sites in real time using certstream. Installation $ cd /opt/ $ git clone https://github.com/6IX7ine/certstreamcatcher.git $ cd certstreamcatcher $ npm install...

Bucket Stream - Find interesting Amazon S3 Buckets by watching certificate transparency logs

Find interestingAmazon S3 Buckets by watching certificate transparency logs. This tool simply listens to various certificate transparency logs via certstream and attempts to find public S3 buckets from permutations of the certificates domain name. Some quick tips if you use S3 buckets: 1. Randomi...

New White House Announcement on the Vulnerability Equities Process

The White House has released a new version of the Vulnerabilities Equities Process VEP. This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it to eavesdrop on or attack other systems. You...

White House Releases VEP Disclosure Rules

The U.S. government took steps toward offering more transparency into the Vulnerabilities Equities Process. On Wednesday it released of the “Vulnerabilities Equities Policy and Process” PDF charter that outlines how the government will disclose cyber security flaws and when it will keep them...

Pursuing The Right to be Left Alone

The three pillars of privacy, defined in “The Right to Privacy” 4 Harvard L.R. 193 Dec 15, 1890, are 1 the right to know what information is gathered about you, 2 the right to know how it will be used, and 3 the right to be left alone. The European Union has incorporated these principles into the...

SSL/TLS: Expect Certificate Transparency (Expect-CT) Detection

Checks if the remote web server has Expect-CT enabled. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a "comprehensive transparency initiative," to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launch...

Cloud Client Side File Encryption: Cryptomator

Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors...

transparency-partnership.net Open Redirect vulnerability

Vulnerable URL: https://www.transparency-partnership.net/sites/all/modules/contributed/pubdlcnt/pubdlcnt.php?file=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 1151321 VI...

Fixing HPKP with Pin Revocation

Last year, almost exactly to the day, I declared HPKP effectively dead. I believed then—and I still do—that HPKP is too complex and too dangerous to be worth the effort. The biggest problem lies in the fact that there is no sufficient margin of safety; pinning failures are always catastrophic...

Design/Logic Flaw

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs...

CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs...

Common Sense Clarity on GDPR

Having recently returned from the first phase of Carbon Black’s official General Data Protection Regulation GDPR Data Security and Privacy tour, where I participated in the data privacy and security enablement of numerous European global businesses, I’ve collected many valuable insights on the...

Legislation to Strengthen IoT Marketplace Transparency

Senator Ed Markey D-MA is poised to introduce legislation to develop a voluntary cybersecurity standards program for the Internet of Things IoT. The legislation, called the Cyber Shield Act, would enable IoT products that comply with the standards to display a label indicating a strong level of...

NSA Advocates Data Sharing Framework

NEW YORK–The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys...

Apple Receives First National Security Letter

Apple revealed this week that it received a National Security Letter during the last six months of 2016. The news, which came as part of the company’s latest biannual transparency report, marks the first NSL Apple has reported receiving. The iPhone manufacturer released the report via a portal on...

PATCH Act Calls for VEP Review Board

The U.S. government took the first steps toward codifying the Vulnerabilities Equities Process into law yesterday through the introduction of the Protecting Our Ability to Counter Hacking PATCH Act of 2017. The VEP is the internal process by which the government decides which software...