Boeing 787 Generator Control Unit Integer Overflow Vulnerability

The Boeing 787 is a new medium-sized, twin-engine, wide-body, medium- to long-range transport aircraft developed by Boeing, also known as the Dreamliner. The Boeing 787 airliner has an integer overflow vulnerability in the implementation of the Generator Control Unit GCU, where after 248 days of...

New Utility Decrypts Files Lost to TeslaCrypt Ransomware

Crypto-ransomware variants have enterprises on edge because of the threat of irreversibly damaged files. Some organizations, including most recently the Tewksbury, Ma., police department have gone as far as to pay hundreds of dollars in ransom for the recovery key. Some technology companies are...

Best Practices for Microsoft Data Deduplication

Purpose This article documents Best Practices, Limitations, and Considerations relating to the use of storage that has Microsoft Windows Deduplication enabled when storing backup files created and managed by Veeam Backup & Replication. Considerations and Recommendations CRITICAL Veeam strongly...

Bypass of file blacklist - ownCloud

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud versions, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could leverage this bypass by uploading a .htaccess and execute...

Bypass of file blacklist on Microsoft Windows Platform - ownCloud

A blacklist bypass vulnerability including UTF-8 encoding in file paths in the mentioned ownCloud Server versions, when running on a Microsoft Windows Platform, allows authenticated remote attackers to bypass the file blacklist and upload files such as the .htaccess files. An attacker could...

CVE-2015-2153

The rpkirtrpduprint function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service out-of-bounds read or write and crash via a crafted header length in an RPKI-RTR Protocol Data Unit PDU...

China Finally Admits It Has Army of Hackers

China finally admits it has special cyber warfare units — and a lot of them. From years China has been suspected by U.S. and many other countries for carrying out several high-profile cyber attacks, but every time the country strongly denied the claims. However, for the first time the country has...

Cisco ASA VPN Failover Command Injection Vulnerability (cisco-sa-20141008-asa)

A vulnerability in the VPN code of Cisco ASA Software could allow an authenticated, remote attacker to submit configuration commands to the standby unit via the failover interface. As result, an attacker could be able to take full control of both the active and standby failover units. Copyright C...

[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-5.fc20

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability

Cisco TelePresence is a telepresence conferencing solution developed by Cisco. A denial of service vulnerability exists in the Cisco TelePresence Multipoint Control Unit, which allows an attacker to exploit the vulnerability by submitting a special TCP message that crashes the application due to...

[SECURITY] Fedora 21 Update: rubygem-actionpack-4.1.5-2.fc21

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

BMW security vulnerability details: the ancient Bole to identify a good horse, today there are hackers escapement BMW-vulnerability warning-the black bar safety net

ADAC whole German automobile club want to in-depth understanding of embedded mobile network modem of the car to the manufacturer to send data. C't German computer technology magazine for the ADAC introduced a security expert. The expert in-depth analysis of the BMW ConnectedDrive system the data...

chicken -- buffer overrun in substring-index[-ci]

chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

FBI Director: 'High Confidence' in North Korea Attribution

When the FBI publicly announced that the North Korean regime was responsible for an embarrassing compromise of corporate networks at Sony Pictures Entertainment, security experts remained skeptical. FBI Director James Comey doubled down on the assertion yesterday at the Fordham University...

Header injection in NativeMailerHandler

Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...

Header injection in NativeMailerHandler

Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...

Cisco IronPort Email Security Appliance Denial of Service Vulnerability

The Cisco IronPort Email Security Appliance is an architectural multi-tier email security management tool. A denial of service vulnerability exists in the Cisco IronPort Email Security Appliance that could be exploited by an attacker to cause excessive CPU usage and launch a denial of service...

DOJ Launches Cyber Unit, Claims Privacy is Mission Critical

WASHINGTON D.C. – Leslie Caldwell, assistant attorney general in the criminal division of the Department of Justice announced on Thursday the creation of a new team within its Computer Crime and Intellectual Property Section CCIPS during a talk at a Georgetown Law conference titled, “Cybercrime...

UBUNTU-CVE-2014-9030

The dommuupdate function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMUMACHPHYSUPDATE...

Migrate Backups from NFS/SMB Data Domain Repository to DDBoost-based Repository

Purpose This article documents how to migrate existing restore points from an existing NFS or SMB repository to an integrated DDBoost-based repository. Use case: During initial deployment of Veeam Backup & Replication, the Data Domain storage appliance was added as an SMB share repository, and th...