Lucene search
K

69 matches found

ThreatPost
ThreatPost
added 2019/07/09 8:4 p.m.178 views

Microsoft Patches A Pair of Zero-Days Under Active Attack

Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit; and Adobe issued a small group of updates, with surprisingly none for Acrobat Reader or Flash. Eleven of the critical bugs are for scripting...

8.5CVSS9.2AI score0.98745EPSS
Exploits7References18
Akamai Blog
Akamai Blog
added 2018/10/23 3:43 p.m.86 views

Why traditional security isn't enough

We are constantly being bombarded with questions around the security of our data, but what about security for the devices needed to connect to that data? The world is a changing place and for those inclined to be unsavoury characters, a great place to anonymously make ill-gotten gains from...

7.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/11/13 4:30 p.m.302 views

How Reputation Intelligence Improves Application Security

Reputation intelligence is information about cyber entities known for specific activity, whether malicious or benign, which can be fed to and actioned on by a web application firewall WAF. It provides an additional application security layer by effectively identifying and blocking threats from...

6.8CVSS9.4AI score0.99461EPSS
Exploits23
Wallarm Lab
Wallarm Lab
added 2017/09/05 5:19 p.m.46 views

Wallarm to sponsor OWASP AppSec USA

If you are a SecOps or DevOps professional you can not miss the application security event of the year: AppSec USA, September 19–22nd at Disney Coronado Spring Resort, Orlando, FL Use the code: UNLM50WLLRM to register to get $50 discount. You will get great information on the new security tools a...

6.7AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2017/08/16 6:44 p.m.48 views

Threat Intelligence for WAF

It’s all about security rules Stephen Hawking said, “Intelligence is the ability to adapt to change”. One could say much the same of web application firewalls and WAF security rules. With web applications now one of the most attacked components of IT infrastructures, organizations have a critical...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2017/07/25 8:25 p.m.13 views

Adobe is Finally Killing FLASH — At the End of 2020!

Finally, Adobe is Killing FLASH — the software that helped make the Internet a better place with slick graphics, animation, games and applications and bring online video to the masses, but it has been hated for years by people and developers over its buggy nature. But the end of an era for Adobe...

6.4AI score
Exploits0
0day.today
0day.today
added 2017/04/25 12:0 a.m.440 views

Microsoft Office Word Malicious Hta Execution Exploit

This Metasploit module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how an olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild...

9.3CVSS8.2AI score0.99933EPSS
Exploits29
Metasploit
Metasploit
added 2017/04/15 2:32 a.m.313 views

Microsoft Office Word Malicious Hta Execution

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a olelink object can make a https request, and execute hta code in response. This bug was originally seen being exploited in the wild starting in...

7.8CVSS10AI score0.99933EPSS
Exploits29
Microsoft Malware Protection
Microsoft Malware Protection
added 2016/12/14 6:55 p.m.455 views

Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations. These individuals are either directly in possession of the targeted information or are able to connect to networks where the information resides...

10CVSS1AI score0.94354EPSS
Exploits6
ThreatPost
ThreatPost
added 2016/11/01 5:50 p.m.11 views

Microsoft Says Russian APT Group Behind Zero-Day Attacks

Microsoft has singled out Sofacy, an APT group long thought to have ties to Russia’s military intelligence arm GRU, as the entity behind targeted attacks leveraging Windows kernel and Adobe Flash zero days in targeted attacks. The group, which Microsoft calls Strontium, is also known as APT28, Ts...

0.4AI score
Exploits0References5
myhack58
myhack58
added 2014/08/06 12:0 a.m.13 views

The IE vulnerability is a doubling of Flash Player easy to be attack-vulnerability warning-the black bar safety net

Recently, foreign security vendor Bromium released a 2 0 1 4 annual security report, in 2 0 1 3 to 2 0 1 4 during the year, IE browser vulnerabilities to the large number doubled. At the same time, the report also analyzed the cybercriminals most commonly used vulnerabilities to attack the...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2014/02/25 4:37 p.m.87 views

Microsoft EMET 5.0 Technical Preview Released

SAN FRANCISCO – Enterprises beat up by wave after wave of Java exploits and calls to disable the platform may soon have some relief in sight. Microsoft’s free Enhanced Mitigation Experience Toolkit will soon have a new feature that allows users to configure where plug-ins, especially those target...

9.3CVSS8.6AI score0.99945EPSS
Exploits33References1
ThreatPost
ThreatPost
added 2014/01/16 7:56 a.m.12 views

Model Predicts Optimal Timing of a Cyber Conflict

Security researchers from the Ford School of Public Policy at the University of Michigan have published a mathematical model they said will produce the proper timing for the delivery of offensive cyberweapons. Defenders can also make use of the model to understand attackers and when an targeted...

0.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/05/30 3:44 p.m.21 views

Researchers, Vendors Await Google Disclosure Fallout

The endless loop that is the disclosure debate got a jolt of energy yesterday when Google said it would support researchers’ disclosure of details on actively exploited critical vulnerabilities just seven days after the researcher has notified the vendor in question. Google hopes the policy...

7.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2013/01/30 7:42 p.m.13 views

Firefox Continues to Curb Out-of-Date, Flawed Third-Party Plug-ins

After pushing its “click-to-play” blacklisting function live last fall, Mozilla has announced plans to further implement the security feature in its Firefox browser. The company is planning to make it so only the most recent version of Flash is automatically run on web pages while users will have...

0.3AI score
Exploits0References4
The Hacker News
The Hacker News
added 2013/01/18 6:13 p.m.8 views

Why I decided to uninstall Microsoft Security Essentials Antivirus?

Today I decided to remove Microsoft Security Essentials Antivirus from my system because Security Essentials failed another certification test by independent testing lab, AV-Test Institute. Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2012/04/13 2:22 a.m.14 views

Mozilla Weighing Opt-In Requirement for Web Plugins

Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security...

0.4AI score
Exploits0References4
The Hacker News
The Hacker News
added 2012/02/05 7:51 a.m.8 views

Mobile Based Wireless Network MiTM Attack Illustration

Mobile Based Wireless Network MiTM Attack Illustration Bilal Bokhari from zer0byte.com Illustrated perfect example of Mobile Based Wireless Network MiTM Attack on his blog. Bilal want to share this article with our Readers at THN, Have a look : If we look at the history of computer development, t...

6.6AI score
Exploits0
securityvulns
securityvulns
added 2011/06/10 12:0 a.m.131 views

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2010/11/14 1:58 p.m.9 views

Barracuda Networks Launches Bug Bounty Program for Security Products

Barracuda Networks announced on Tuesday that it will pay over $3,100 to anyone who can hack into its security products. This bug bounty program is the first of its kind from a pure-play security vendor. “This initiative reflects our commitment to our customers and the security community at large,...

7.8AI score
Exploits0
Rows per page
Query Builder