News Rollups

  • 0
  • 0
  • 0
  • 0
  • 0
  • 0

Rollup: SYNful Knock - A Cisco router implant

"Router implants, from any vendor in the enterprise space, have been largely believed to be theoretical in nature and especially in use. However, recent vendor advisories indicate that these have been seen in the wild. Mandiant can confirm the existence of at least 14 such router implants spread across four different countries:  Ukraine, Philippines, Mexico, and India."

  • 0
  • 0
  • 0
  • 0
  • 0

NewsRollup: US GOV: Policy to Require Secure Connections across Federal Websites & Web Services

​The proposed HTTPS-Only Standard has now been finalized as the White House Office of Management and Budget memorandum M-15-13"A Policy to Require Secure Connections across Federal Websites and Web Services".

  • 0
  • 0
  • 0

NewsRollup: Analbleed: Multiple Vulnerabilities in Openlitespeed <= 1.3.10

Another real vulnerability, with a fake anti-marketing campaign.

  • 0

NewsRollup: VENOM: 'Floppy Disk' VM escape vulnerability affecting Xen, KVM and QEMU.

"Virtualized environment neglected operations manipulation" - CVE-2015-3456 is an out-of-bounds memory access flaw was found in the way virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the hosting process.

  • 0

"Bad Authentication Causes Kritical Risk Over Networks, Yikes MySQL!" - BACKRONYM MySQL Vulnerability

Flaw allowing opportunistic degradation of encryption to MITM MySQL traffic and strip SSL/TLS, as per CVE-2015-3152.

While this is a real issue, it's shown in an overblown nature to parody of the trend of naming vulnerabilities.

  • 0
  • 0
  • 0
  • 0
  • 0
  • 0
  • 0
  • 0

News Rollup: 'Misfortune Cookie' Broadband Router vulnerability - CVE-2014-9222

This severe vulnerability allows an attacker to remotely take over the device with administrative privileges using a vulnerability present on millions of residential gateway (SOHO router) devices from different models and makers.Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. 

  • 0
  • 0

News Rollup: Regin - Sophisticated Cyber-Espionage Spyware

Less technical Articles