PCI/DSS - Are The Controls Relevant?
Whitepaper called PCI/DSS - Payment Card Industry / Data Security Standard - Are the controls relevant? This paper goes into detail on risk management plans, policies, standards, and practices.
View ArticleCodeMeter Weak Service Permissions
A local privilege escalation vulnerability has been identified in the codemeter.exe Windows service. When installed with the default settings, this service allows Read/Write access to any user, meaning...
View ArticleDeep Dive Into ROP Payload Analysis
This paper introduces the reader to techniques that can be used to analyze ROP payloads that are used in exploits in the wild.
View ArticleRed Hat Security Advisory 2014-1891-01
Red Hat Security Advisory 2014-1891-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch...
View ArticleRed Hat Security Advisory 2014-1892-01
Red Hat Security Advisory 2014-1892-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules...
View ArticleGentoo Linux Security Advisory 201411-07
Gentoo Linux Security Advisory 201411-7 - A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service. Versions less than or equal to 2.6.39-r1 are affected.
View ArticleGentoo Linux Security Advisory 201411-09
Gentoo Linux Security Advisory 201411-9 - Multiple vulnerabilities have been found in Ansible which may allow local privilege escalation. Versions less than 1.6.8 are affected.
View ArticleGentoo Linux Security Advisory 201411-08
Gentoo Linux Security Advisory 201411-8 - Multiple vulnerabilities have been found in Aircrack-ng, possibly resulting in local privilege escalation, remote code execution, or Denial of Service....
View ArticleRed Hat Security Advisory 2014-1893-01
Red Hat Security Advisory 2014-1893-01 - The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found...
View ArticleGentoo Linux Security Advisory 201411-10
Gentoo Linux Security Advisory 201411-10 - Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service. Versions less than 11.13.1 are affected.
View ArticleRed Hat Security Advisory 2014-1894-01
Red Hat Security Advisory 2014-1894-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious...
View ArticleUbuntu Security Notice USN-2414-1
Ubuntu Security Notice 2414-1 - Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript.
View ArticleMaligno 1.4
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is...
View ArticleAIEngine 1.0
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on...
View ArticleUbuntu Security Notice USN-2415-1
Ubuntu Security Notice 2415-1 - Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to...
View Article