Tony Zeoli, Tony Hayes Security Vulnerabilities

CVE-2016-5067

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command...

Rapid7: Supporting the Community at BSides Boston

One of the things I love about working at Rapid7 is how deeply this company embodies the concept of giving back to the Security Community. Whether it be discussing research on adversary analytics, attack methods for breaking out of sandboxes, or simply breaking into the industry - Rapid7...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)

The remote OracleVM system is missing necessary patches to address critical security updates : Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] (CVE-2016-9644) Revert 'fix minor infoleak in get_user_ex' (Brian Maly) ...

Unbreakable Enterprise kernel security update

kernel-uek [4.1.12-61.1.33] - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} [4.1.12-61.1.32] - x86/mm: Expand the...

The Origin of Threat Hunting

2011 Article "Become a Hunter" The term "threat hunting" has been popular with marketers from security companies for about five years. Yesterday Anton Chuvakin asked about the origin of the term. I appear to have written the first article describing threat hunting in any meaningful way. It was...

DOJ Dismisses Playpen Case to Keep Tor Hack Private

Intent on keeping details private about how it hacked the Tor browser, prosecutors with the U.S. Department of Justice on Friday asked to dismiss a case involving a suspect who visited the Playpen dark web child pornography site in 2015. “The government must now choose between disclosure of...

kernel security, bug fix, and enhancement update

[3.10.0-514.10.2.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-514.10.2] [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO...

USN-3119-1: Bind vulnerability | Cloud Foundry

USN-3119-1: Bind vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Bind could be made to crash if it received specially crafted network traffic. Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing...

(RHSA-2016:2871) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

RHEL 6 : bind (RHSA-2016:2871)

An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6...

CentOS 7 : bind (CESA-2016:2615)

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the....

bind security update

CentOS Errata and Security Advisory CESA-2016:2615 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0158) (Dirty COW)

The remote OracleVM system is missing necessary patches to address critical security updates : mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] (CVE-2016-5195) HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug:...

Oracle Linux 7 : bind (ELSA-2016-2615)

From Red Hat Security Advisory 2016:2615 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,...

Debian Security Advisory DSA 3703-1 (bind9 - security update)

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

RHEL 7 : bind (RHSA-2016:2615)

An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the....

Updated bind packages fix security vulnerability

Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

(RHSA-2016:2615) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Debian DSA-3703-1 : bind9 - security update

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

RHEL 5 : bind97 (RHSA-2016:2142)

An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

Oracle Linux 5 / 6 : bind (ELSA-2016-2141)

From Red Hat Security Advisory 2016:2141 : An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which...

CentOS 5 / 6 : bind (CESA-2016:2141)

An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available.....

CentOS 5 : bind97 (CESA-2016:2142)

An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...

Debian DLA-696-1 : bind9 security update

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial of service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

Oracle Linux 5 : bind97 (ELSA-2016-2142)

From Red Hat Security Advisory 2016:2142 : An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,....

[SECURITY] [DLA 696-1] bind9 security update

Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u13 CVE ID : CVE-2016-8864 Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a...

bind97 security update

CentOS Errata and Security Advisory CESA-2016:2142 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

bind, caching security update

CentOS Errata and Security Advisory CESA-2016:2141 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

bind9 - security update

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

(RHSA-2016:2141) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2016:2142) Important: bind97 security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

[SECURITY] [DSA 3703-1] bind9 security update

Debian Security Advisory DSA-3703-1 [email protected] https://www.debian.org/security/ Florian Weimer November 01, 2016 https://www.debian.org/security/faq Package : bind9 CVE ID : CVE-2016-8864 Debian Bug :...

bind9 - security update

Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...

Bind vulnerability

Releases Ubuntu 16.10 Ubuntu 16.04 ESM Ubuntu 14.04 ESM Ubuntu 12.04 Packages bind9 - Internet Domain Name Server Details Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause...

White House Hires First Federal CISO

The White House announced yesterday it has hired retired Brigadier General Gregory J. Touhill, right, to serve as the first federal chief information security officer. Touhill will be responsible for setting policies, strategies and practices across federal agencies. According to a White House...

Fallout Over OPM Breach Report Begins

Wednesday’s bombshell report on the U.S. Office of Personnel Management breaches that exposed sensitive data belonging to more than 22 million people has sparked a cavalcade of finger pointing, politicking and squabbling over who knew what first. The scathing report by Republicans on the U.S....

Threat Outbreak Alert RuleID24477: Email Messages Distributing Malicious Software on August 23, 2016

Medium Alert ID: 48565 First Published: 2016 August 23 17:42 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID24477) may contain the following...

Threat Outbreak Alert RuleID24476: Email Messages Distributing Malicious Software on August 21, 2016

Medium Alert ID: 48540 First Published: 2016 August 22 15:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID24476) may contain the following...

(RHSA-2016:1634) Important: CFME 5.6.1 security, bug fix, and enhancement update

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack...

Speed Tony CMS App_Site/SiteSearch. the aspx file Title parameter SQL injection vulnerability

No description provided by...

Tony the Truck and his Friends - Customized SSL, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Tony the Truck and his Friends published at the 'play' market has multiple...

Citrix XenApp and XenDesktop Hardening Guidance

A Joint Whitepaper from Mandiant and Citrix Throughout the course of Mandiant’s Red Team and Incident Response engagements, we frequently identify a wide array of misconfigured technology solutions, including Citrix XenApp and XenDesktop. We often see attackers leveraging stolen credentials from...

Threat Outbreak Alert RuleID8337KVR: Email Messages Distributing Malicious Software on August 18, 2016

Medium Alert ID: 43959 First Published: 2016 March 9 15:48 GMT Last Updated: 2016 August 18 16:46 GMT Version: 34 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat...

BlackBerry Enterprise Service 12 (BES12) Self-Service XSS / SQL Injection

...

Mark Zuckerberg Plans to Build Iron Man's JARVIS like Artificially Intelligent Assistant

What's the coolest part of the Iron Man movies? The hyper-intelligent Artificial Intelligence that helps Tony Stark by doing data analysis, charging his armor, presenting information at crucial times and doing other business operations. That's right — we are talking about J.A.R.V.I.S., Iron Man's.....

HP SiteScope DNS Tool Command Injection

...

HP SiteScope DNS Tool Command Injection Exploit

This Metasploit module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions (tested in 11.26 and 11.30). The vulnerability exists in the DNS Tool allowing an attacker to execute arbitrary commands in the context of the service. By default, HP SiteScope...

HP SiteScope DNS Tool Command Injection

This module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions (tested in 11.26 and 11.30). The vulnerability exists in the DNS Tool allowing an attacker to execute arbitrary commands in the context of the service. By default, HP SiteScope installs and....

Oracle: Security Advisory (ELSA-2009-0326)

The remote host is missing an update for...

Oracle: Security Advisory (ELSA-2013-0496)

The remote host is missing an update for...