Posted by omarbv on Dec 15
Hello,
Maybe you are interested in take a look to the talks given in the last
RootedCON edition, now are avalaible in Youtube 🙂
https://www.youtube.com/playlist?list=PLUOjNfYgonUvwqY2EOzeJlHgZEsQc_Hvh
Br,
—
RootedCON – www.rootedcon.es
@omarbv
When ‘several thousand’ payment terminals across the country stopped working last week, it would be easy to jump to the conclusion that some malicious malware was on the loose, but the truth had nothing to do with cybercriminals, Brian Krebs of Krebs on Security explains.
The post Hypercom payment terminals bricked… but not by malware appeared first on We Live Security.
Posted by Eric Windisch on Dec 15
Docker 1.3.3 has been released to address several vulnerabilities and is immediately available for all supported
platforms: https://docs.docker.com/installation/ <https://docs.docker.com/installation/>
This release addresses vulnerabilities which could be exploited by a malicious Dockerfile, image, or registry to
compromise a Docker host, modify images, or spoof official repository images. Note that today we also saw the release
of…
Posted by A. W. on Dec 15
[+] Humhub insecure password validation and reset design
[+] Discovered by: Jos Wetzels
[+] Affects: Humhub <= 0.10.0-rc.1
Humhub [1] versions 0.10.0-rc.1 and prior suffer from several design
flaws, which have now been resolved in cooperation with the vendor
[2], in the implementation of its password reset and validation
functionality.
1. Insecure password validation
The validatePassword() function located in…
The FBI has issued a warning to American businesses, encouraging them to be on high alert for Iranian hacking groups targeting energy and defense firms as well as educational institutions.
The post FBI warns hacker groups are targeting US energy firms appeared first on We Live Security.
Google proposes that browser vendors begin issuing address bar warnings to users that HTTP connections provide no data security protection.
A worm exploiting the Bash vulnerability in QNAP network attached storage devices has been discovered. The attack opens a backdoor and for now is carrying out a click-fraud scam against JuiceADV.
There are stack buffer overflows in two components of a Honeywell point-of-sale software package that can allow attackers to run arbitrary code on vulnerable systems. The vulnerabilities lie in the HWOPOSScale.ocx and HWOPOSSCANNER.ocx components of Honeywell’s OLE for Retail Point-of-Sale package, which is designed to help integrate PoS hardware with Windows PoS systems. Versions of the Honeywell […]
