[Onapsis Security Advisory 2014-008] SAP NW Portal WD Information Disclosure
Onapsis Security Advisory 2014-008: SAP NW Portal WD Information DisclosureThis advisory can be downloaded in PDF format from http://www.onapsis.com/.By downloading this advisory from the Onapsis...
View Article[Onapsis Security Advisory 2014-005] Information disclosure in SAP Software...
Onapsis Security Advisory 2014-005: Information disclosure in SoftwareLifeclycle ManagerThis advisory can be downloaded in PDF format fromhttp://www.onapsis.com/.By downloading this advisory from the...
View Article[Onapsis Security Advisory 2014-009] SAP BASIS Missing Authorization Check
Onapsis Security Advisory 2014-009: SAP BASIS Missing Authorization CheckThis advisory can be downloaded in PDF format from http://www.onapsis.com/.By downloading this advisory from the Onapsis...
View Article[Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected...
Onapsis Security Advisory 2014-010: SAP BusinessObjects InfoViewReflected Cross Site ScriptingThis advisory can be downloaded in PDF format from http://www.onapsis.com/.By downloading this advisory...
View ArticleIf you lived here, you'd be home now - thoughts on the Internet Explorer...
Growing up around Boston, I remember seeing the famous billboards for the Charles River Park apartments: "If You Lived Here, You'd Be Home Now". These signs were placed strategically, almost...
View ArticleDetails of Apple's Fingerprint Recognition
Touch ID takes a 88x88 500ppi scan of your finger and temporarily sends that data to a secure cache located near the RAM, after the data is vectorized and forwarded to the secure enclave located on the...
View ArticleHyper-V 2012 and 2012 R2 live virtual machine memory acquisition and analysis
In my previous post I went over analyzing Hyper-V saved state files in Volatility using a tool call vm2dmp. I mentioned some limits of the tool for VM’s on 2012 and later Hyper-V host systems. Another...
View ArticleEmail “Validate Your Account Information” steals your Apple ID account details
MX Lab, http://www.mxlab.eu, started to intercept phishing emails with the subject “Validate Your Account Information” that will try to steal your Apple ID account information including your credit...
View ArticleWindows kernel exploit can bypass all security
Security firm Bromium Labs has discovered a way to use an old Windows kernel exploit to bypass popular anti-malware and other security software.The method, known as Layer on Layer (LOL) attacks, allow...
View ArticlePaper: Quantitative Analysis of Active Cyber Defenses Based on Temporal...
Active cyber defenses based on temporal platform diversityhave been proposed as a way to make systems more resistantto attacks. These defenses change the properties of the platformsin order to make...
View ArticleDoS - Intuit QuickBase
Vendor: http://quickbase.intuit.comIntuit QuickBase sells itself as a combination database and businessintelligence tool. Its performance is terrible; however, that doesn't stopsome businesses from...
View ArticleSales Drop as Corporate Data Breaches Rise According to New Study from...
Javelin Research Findings Quantify the Costs of a Data Breach and Effect on Consumer SpendingSAN FRANCISCO and NEW YORK, April 29, 2014 /PRNewswire/ -- Consumers avoid doing business with a breached...
View ArticleIssue 54 and Java loading
IntroductionOne of the quite recent (at least, not too old) and amusing things to look at when you are beginning to study security in java is the issue 54 from Security Exploitation. This issue is...
View ArticleSnapchat's expired snaps are not deleted, just hidden
Snapchat doesn't delete expired photos on Android phones – it merely tells the operating system to ignore themForensic researcher Richard Hickman has discovered that Snapchat photos on Android phones...
View ArticlePowerShell Summit. Presentation on advanced eventing techniques in...
Yesterday, I gave two presentations at the PowerShell Summit. The first presentation was on advanced eventing techniques in PowerShell and the second was on using PowerShell as a reverse engineering...
View ArticleBenchmarking Symmetric Crypto on the Apple A7
In this blog post I will present results from benchmarking the symmetric crypto primitives BLAKE2 and NORX on the Apple A7. One might ask, why target the A7 in particular, what's so special about it? I...
View ArticleF-Secure Q1 2014 Mobile Threat Report
Our Mobile Threat Report for Q1 2014 is out! Here's a couple of the things we cover in it:The vast majority of the new threats found was on Android (no surprise there), which accounted for 275 out of...
View ArticleREMnux: A Linux Distribution for Reverse-Engineering Malware
REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.REMnux...
View ArticleSkype stores all private info in plain text
A few days ago, I was working on DrOptix‘s laptop and talking on Skype. It was a casual conversation with some friends. But what happend next surprised me.After I left, he was thinking that I surely...
View ArticleSEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3...
SEC Consult Vulnerability Lab Security Advisory < 20140430-0 >======================================================================= title: SQL injection and persistent XSS...
View Article