Metasploit: MongoDB nativeHelper.apply Remote Code Execution
### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# web site for more information on licensing and terms of...
View ArticleMetasploit: HP System Management Anonymous Access Code Execution
### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# web site for more information on licensing and terms of...
View ArticleNGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection...
High Risk Vulnerability in Virtual Access Monitor2 April 2013Ken Wolstencroft of NCC Group has discovered a High risk vulnerability in Virtual Access MonitorImpact: Multiple SQL Injection...
View ArticleJReport 12 Offers In-Memory Visual Analysis and Support for Cloud Storage and...
ROCKVILLE, MD--(Marketwired - Apr 2, 2013) - Jinfonet Software, the leading provider in Java reporting, announces at JReport Summit 2013 the release of JReport 12. This release features Visual...
View ArticleDataguise Enhances DG for Hadoop With Selective Encryption to Enable Secure,...
Complete Hadoop Security Solution, DG for Hadoop v4.3, Is First to Provide Selective Encryption in Addition to Masking and Adds Contextual Based Search and Enhanced Reporting for Apache HadoopFREMONT,...
View ArticleNew Technology Blocks Smartphone Spying -- has Fortress-Like Operating System
A new mobile phone technology is first smartphone with a strengthened operating system that blocks spying and secures communications.WASHINGTON, April 2, 2013 /PRNewswire-iReach/ -- A new mobile phone...
View ArticleJamcracker Releases Third Annual Report on Cloud Adoption Trends
Report from leading Cloud Services Brokerage (CSB) enablement company sheds new light on how organizations are leveraging CSBs to unify cloud delivery for employees, customers and partnersSANTA CLARA,...
View ArticleAdvisory: PonyOS Security Issues
Advisory: PonyOS Security IssuesJohn Cartwright <johnc () grok org uk>Introduction------------Like countless others, I was pretty excited about PonyOS yesterday(April 1st 2013) and decided to...
View ArticleTrojan.APT.BaneChant: In-Memory Trojan That Observes for Multiple Mouse Clicks
SummaryLast December, our senior malware researcher (Mr. Abhishek Singh) posted an article about a Trojan which could detect mouse clicks to evade sandbox analysis. Interestingly, we have found another...
View ArticleThe Threat Landscape in Belarus: Highest Concentration of Malware Hosting...
I recently wrote an article examining the concentrations of malware hosting servers located in different regions of the world. As seen in Figure 1, Belarus and China, had the highest concentrations of...
View ArticleGoogle AD Sync Tool - Exposure of Sensitive Information Vulnerability
Sense of Security - Security Advisory - SOS-13-001Release Date. 03-Apr-2013Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync (GADS) Tool Platform....
View ArticleA Honeypot that Fights Back
A Russian researcher built an aggressive honeypot to test the ability to hack back at attackers.Alexey Sintsov, a security researcher and co-founder of DefCon Russia, ran an experimental homegrown...
View ArticleWHMCS grouppay plugin SQL Injection
#################################Tile: WHMCS grouppay plugin SQL Injection <= 1.5Author: HJauditing Employee TimE-mail: Tim@HJauditing.comWeb: http://hjauditing.com/Plugin:...
View ArticleSEC Consult SA-20130403-0 :: Multiple vulnerabilities in Sophos Web...
SEC Consult Vulnerability Lab Security Advisory < 20130403-0 >======================================================================= title: Multiple vulnerabilities...
View ArticleHackersh 0.1 Release Announcement
I am pleased to announce the Official 0.1 launch of Hackersh ("Hacker Shell") - a shell (command interpreter) written in Python with built-in security commands, and out of the box wrappers for various...
View ArticleCVE-2013-1912 : haproxy may crash on TCP content inspection rules
Yves Lafon from the W3C reported some random crashes of haproxy with anadvanced configuration, that we finally considered was a security issueas it could remotely be triggered.--- summary...
View ArticleAdvanced Cyber Attacks Occur up to Once Every Three Minutes
FireEye Advanced Threat Report Details Evolving Tactics and Threat Infiltration of Attacks Targeting EnterprisesMILPITAS, CA--(Marketwired - Apr 3, 2013) - FireEye®, Inc., the leader in stopping...
View ArticleSecurity Professionals Embrace Not-So-Secure Mobile Work Habits
Ping Identity’s ‘Impact of Mobile’ Survey Highlights Broad Acceptance of Work Anytime/Anywhere Culture and Some Surprising Security PracticesDENVER--(BUSINESS WIRE)--Security professionals have...
View ArticleDataguise Presents 10 Best Practices for Securing Sensitive Data in Hadoop
Guidance Aimed at Protecting Hadoop Deployments Against Data Exposure RisksFREMONT, CA--(Marketwired - Apr 3, 2013) - Dataguise (http://www.dataguise.com), a leading innovator of data security...
View ArticleBrowser document.cookie DoS vulnerability
Chromium 25.0.1364.160 (debian testing), Iceweasel/Firefox 19 andprobably many other browsers allow javascript to set broken cookievalues, leading to possible permanent "400 Bad Request" responses....
View Article