Twitter
LinkedIn
RSS

Posts Tagged ‘vulnerability’


VU#162308: Resin Pro improperly performs Unicode transformations

Vulnerability Note VU#162308 Resin Pro improperly performs Unicode transformations Original Release date: 23 Jul 2014 | Last revised: 23 Jul 2014 Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20 : Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1

Read More...

The First 1 Terabit Per Second Firewall Has Arrived

Today we announced the availability of the first firewall to cross the 1 Terabit per second threshold. That’s 1 trillion bits, or 1 with 12 zero’s after it (1,000,000,000,000). But why is it needed now and why is it important

Read More...

CPNI Releases Paper on Improving Defenses Against Targeted Attack

Original release date: July 22, 2014 The United Kingdom’s Centre for the Protection of National Infrastructure (CPNI) has released a report on its “Improving Defenses Against Targeted Attack” (iDATA) cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by nation states and state-sponsored actors. CPNI is the government authority for providing protective security advice to businesses and organizations across the UK’s national infrastructure

Read More...

VU#875548: MicroPact iComplaints cross-site scripting vulnerability

Vulnerability Note VU#875548 MicroPact iComplaints cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview MicroPact iComplaints contains a persistent cross-site scripting vulnerability.

Read More...

VU#688812: Huawei E355 contains a stored cross-site scripting vulnerability

Vulnerability Note VU#688812 Huawei E355 contains a stored cross-site scripting vulnerability Original Release date: 21 Jul 2014 | Last revised: 21 Jul 2014 Overview The Huawei E355 built-in web interface contains a stored cross-site scripting vulnerability. Description Huawei E355 wireless broadband modems include a web interface for administration and additional services. The web interface allows users to receive SMS messages using the connected cellular network

Read More...

Hungry, Hungry Botnets: A look at Torpig

Every 60 seconds 47,000 applications are downloaded off the internet! Evidently, most of us don’t think twice about downloading a song, widget, app, image or even malware. Downloading is so second nature to us that a popular phishing scheme thrives on our carefree downloading reflex. Say hello to Torpig

Read More...

Oracle July 2014 Update Pre-Notification, (Sun, Jul 13th)

Oracle has released a preview of patches to be released, seen here , on Tuesday, July 15, 2014, and includes updates to business critical systems, such as Oracle Database, WebLogic server, and Fusion.  The most concerning aspect of the majority of vulnerabilities discussed is the one phrase “may be exploited over a network without the need for a username and passwordâ€�.  The most critical update, imho, that is being released Tuesday is the Java fixes that are being released (20 security fixes!), which give the vulnerability a pristine CVSS Base Score of 10!!  Woohoo, way to go Oracle and Team Java! But please don’t take my word for all of this, go take a look for yourself, and see what the week ahead has in store

Read More...

Backup Your Mobile Device, Save Your Money

The year of 2013 was named as The Menace Year mainly because of the rampant CryptoLocker, a nefarious ransomware that encrypts user files and demands for a ransom to be paid in order to decrypt these files. And before CryptoLocker were the unfashionable scareware programs such as FakeAV, which used scare tactics in order to convince the user to purchase the full version of the software. It did not take long before this Windows-based experience was applied to the Android platform.

Read More...

VU#917348: Datum Systems satellite modem devices contain multiple vulnerabilities

Vulnerability Note VU#917348 Datum Systems satellite modem devices contain multiple vulnerabilities Original Release date: 11 Jul 2014 | Last revised: 11 Jul 2014 Overview Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities Description CWE-220 : Se nsitive Data Under FTP Root – CVE-2014-2950 The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no credentials required, which allows open access to sensitive areas of the file system. CWE-798 : Use of Hard-coded Credentials – CVE-2014-2951 The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has an undocumented admin user account with the password of admin. Impact A remote unauthenticated attacker may be able to gain full control of the device

Read More...

Microsoft Releases Security Advisory for Improperly Issued Digital Certificates

Original release date: July 10, 2014 Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Users and administrators are encouraged to review Microsoft Security Advisory 2982792 and apply the necessary updates.

Read More...