Clik here to view.
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing...
Onapsis Security Advisory 2014-033: SAP Business Warehouse MissingAuthorization Check1. Impact on Business=====================By exploiting this vulnerability an authenticated attacker will be ableto...
View ArticleClik here to view.
[Onapsis Security Advisory 2014-031] SAP Business Objects Information...
Onapsis Security Advisory 2014-031: SAP Business Objects InformationDisclosure via CORBA1. Impact on Business=====================By exploiting this vulnerability a remote unauthenticated attacker...
View ArticleClik here to view.
[Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site...
Onapsis Security Advisory 2014-027: SAP HANA Multiple Reflected CrossSite Scripting Vulnerabilities1. Impact on Business=====================By exploiting this vulnerability a remote unauthenticated...
View ArticleClik here to view.
[Onapsis Security Advisory 2014-028] SAP HANA Web-based Development...
Onapsis Security Advisory 2014-028: SAP HANA Web-based DevelopmentWorkbench Code Injection1. Impact on Business=====================By exploiting this vulnerability a remote unauthenticated attacker...
View ArticleClik here to view.
[Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service...
Onapsis Security Advisory 2014-020: SAP Business Objects Denial ofService via CORBA1. Impact on Business=====================By exploiting this vulnerability a remote unauthenticated attacker wouldbe...
View ArticleClik here to view.
[Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross...
Onapsis Security Advisory 2014-032: SAP BusinessObjects Persistent CrossSite Scripting1. Impact on Business=====================By exploiting this vulnerability a remote unauthenticated attacker...
View ArticleClik here to view.
[Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure
Onapsis Security Advisory 2014-020: SAP Business Objects InformationDisclosure1. Impact on Business=====================A malicious user can discover information relating to valid usersusing a...
View ArticleClik here to view.
Twitter Sues DOJ to Open Up Data Request Disclosures
Twitter has escalated the battle against the US government's data disclosure policies, and has sued the US Department of Justice (DOJ). Unlike other high-profile tech firms which explicitly agree to...
View ArticleClik here to view.
Cuckoo Sandbox Evasion PoC available
In the beginning of this week we discovered a security flaw in the famous malware analysis framework „Cuckoo Sandbox“. We disclosed this bug to the developers on the 7th of October 2014. Not even three...
View ArticleClik here to view.
Sednit espionage group now using custom exploit kit
For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted...
View ArticleClik here to view.
Timestomp MFT Shenanigans
I was working a case a while back and I came across some malware that had time stomping capabilities. There have been numerous posts written on how to use the MFT as a means to determine if time...
View ArticleClik here to view.
Tsunami SYN Flood Attack – A New Trend in DDoS Attacks?
Over the past week Radware’s Emergency Response Team (ERT) detected a new type of SYN flood which is believed to be specially designed to overcome most of today’s security defenses with a TCP-based...
View ArticleClik here to view.
FBI Pays Visit to Researcher Who Revealed Yahoo Hack
Jonathan Hall was trying to help the internet. Earlier this week, the 29-year-old hacker and security consultant revealed that someone had broken into machines running inside several widely used...
View ArticleClik here to view.
SPHINCS: practical stateless hash-based signatures
SPHINCS-256 is a high-security post-quantum stateless hash-based signature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41 KB, public keys are 1...
View ArticleClik here to view.
Multiple Vulnerabilities in Cisco ASA Software
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilitiesmore...
View ArticleClik here to view.
The Horror of a 'Secure Golden Key'
This week, the Washington Post's editorial board, in a widely circulated call for “compromise” on encryption, proposed that while our data should be off-limits to hackers and other bad actors, “perhaps...
View ArticleClik here to view.
The malware of the future may come bearing real gifts
“What,” asked the speaker. “if Notepad behaved just like you would expect it to, but only for the first hour or so that you used it? What if it began to do different things after that?”According to...
View ArticleClik here to view.
Metasploit: F5 iControl Remote Root Command Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: Wordpress InfusionSoft Plugin Upload Vulnerability
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: Rejetto HttpFileServer Remote Command Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View Article