Tagged: vulnerability

One More Flash Exploit in the Wild 0

One More Flash Exploit in the Wild

Fortinet has detected a new Flash exploit(MD5:db5df99de775af285e7f1b5355a6bee5) that leverage a vulnerability patched with Flash 17.0.0.188. This exploit uses the classic Flash Player vector corruption technique.

Thumbnail 0

June Apple Patch Day – Daily Security Byte EP.107

If you use Apple products — on Mac or PC — know that today is Apple Patch Day. The popular software company released six security advisories (originally five, but they had a late breaking advisory) fixing many security flaws in most of their most popular products. Watch today’s video to learn which products are affected, and what you should patch (or check the Reference section for a link to the page with all the details)

OPM Identity-Protection Phishing Campaigns 0

OPM Identity-Protection Phishing Campaigns

Original release date: June 30, 2015 US-CERT is aware of phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID. For those affected by the recent data breach, the legitimate domain used for accessing identity protection services is https://opm.csid.com

Cisco Releases Security Updates 0

Cisco Releases Security Updates

Original release date: June 25, 2015 Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected appliance. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates

Web security subtleties and exploitation of combined vulnerabilities, (Thu, Jun 25th) 0

Web security subtleties and exploitation of combined vulnerabilities, (Thu, Jun 25th)

The goal of a penetration test is to report all identified vulnerabilities to the customer. Of course, every penetration tester puts most of his effort into finding critical security vulnerabilities: SQL injection, XSS and similar, which have the most impact for the tested web application (and, indeed, it does not hurt a penetration testers ego when such a vulnerability is identified :) However, I strongly push towards reporting of every single vulnerability, no matter how harmless it might appear (and my penetration team coworkers sometimes complain about this, but lets prove them wrong). Here well take a look at how two seemingly low risk vulnerabilities can be combined into a more dangerous one.