Clik here to view.
Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC
VSLA Security Advisory FIRE-SCADA-DOS-2013-001:Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC.LEVEL: EXTREMEIn our tests authorized by the customer, we can stop the entire...
View ArticleClik here to view.
PARSING NAGIOS LOG FILES WITH FLUENTD
Recently I’ve been experimenting with EFK to see how we can extract value from our machine logs. We also use Nagios to monitor various services and processes within our infrastructure.more...
View ArticleClik here to view.
Targeted Attacks on French Company Exploit Multiple Word Vulnerabilities
Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities...
View ArticleClik here to view.
.pif files, Polish spam from Orange, and Tiny Banker (Tinba)
Tonight I was looking at my Twitter feed and saw @SCMagazine talking about ZBerp. It was actually a tweet back to a story from July 11th where Danielle Walker wrote ZBerp Evolves: Spreads through...
View ArticleClik here to view.
Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation
A vulnerability within VBoxGuest module allows an attacker toinject memory they control into an arbitrary location theydefine. This can be used by an attacker to overwriteHalDispatchTable+0x4 and...
View ArticleClik here to view.
oracle.com XSS vulnerability
On 15 of July 2014 security researcher E1337 reported XSS (Cross-Site Scripting) vulnerability on oracle.com (that has 13 vulnerabilities in total reported by security researchers).more...
View ArticleClik here to view.
Fraudulent ICANN Domain Name Certificates
It has been brought to ICANN's attention that some online entities have attempted to sell fraudulent "certificates", which they claim are required to protect generic top-level domain names. The...
View ArticleClik here to view.
Finding and Analyzing Document Files with IEF
Digital forensics has evolved from the examination of computers, storage and documents to the analysis of data from the Internet, smartphones and networks. This evolution has greatly expanded the scope...
View ArticleClik here to view.
Review of Competitive Intelligence Tasks
Today we'd like to speak about certain practical aspects of confidential data gathering in terms of tasks of the online contest Competitive Intelligence, which was held during May 15, 16 and 17.more...
View ArticleClik here to view.
Hungry, Hungry Botnets: A look at Torpig
Every 60 seconds 47,000 applications are downloaded off the internet! Evidently, most of us don’t think twice about downloading a song, widget, app, image or even malware. Downloading is so second...
View ArticleClik here to view.
About Two Recently Patched IBM DB2 LUW Vulnerabilities
IBM recently released patches for three security vulnerabilities affecting various versions of DB2 for Linux, Unix and Windows. This post will explore some more technical details of two of these...
View ArticleClik here to view.
Bypassing Antivirus with crypter and CFF Explorer
Bypassing antivirus is always a cat and mouse game, and we’re always trying to stay ahead. I recently had a conversation with Justin Elze (@justinelze) on twitter about his version of WCE getting...
View ArticleClik here to view.
SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco...
SEC Consult Vulnerability Lab Security Advisory < 20140716-0 >======================================================================= title: Multiple SSRF vulnerabilities...
View ArticleClik here to view.
SEC Consult SA-20140716-1 :: Remote Code Execution via CSRF in OpenVPN Access...
SEC Consult Vulnerability Lab Security Advisory < 20140716-1 >======================================================================= title: Remote Code Execution via CSRF...
View ArticleClik here to view.
SEC Consult SA-20140716-2 :: Multiple vulnerabilities in Citrix NetScaler...
SEC Consult Vulnerability Lab Security Advisory < 20140716-2 >======================================================================= title: Multiple vulnerabilities...
View ArticleClik here to view.
SEC Consult SA-20140716-3 :: Multiple critical vulnerabilities in Bitdefender...
SEC Consult Vulnerability Lab Security Advisory < 20140716-3 >======================================================================= title: Multiple critical vulnerabilities...
View ArticleClik here to view.
251 Potential NULL Pointer Dereferences in Flash Player
251 potential NULL pointer dereference issues have been identified in Flash Player 14 by pattern matching approach. The file examined is NPSWF32_14_0_0_145.dll (17,029,808 bytes).The issues are...
View ArticleClik here to view.
ALPC monitoring
Microsoft did nice work related to callback mechanism, to avoid nasty patching across kernel, and support monitoring in clean way. Currently we can use, among others, for example callbacks on loading...
View ArticleClik here to view.
Hotel safes - are they really safe?
What you should know about the use for your valuable goodsThis is the beginning of the holidays; a lot of people will travel during the next weeks and may stay in a hotel. The rooms are usually...
View ArticleClik here to view.
Security Advisory: Upgrade to OnionShare 0.4 Immediately
Yesterday Jacob Appelbaum discovered an input sanitation bug in OnionShare 0.3. It is now fixed, and you should upgrade to the latest version before using it again. You can download the latest version...
View Article