Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
Cisco Meeting Server Client Authentication Bypass Vulnerability [cisco-sa-20161012-msc]
Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability [cisco-sa-20161012-waas]
Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability [cisco-sa-20161012-ucm]
Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability [cisco-sa-20161012-prime]
If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info.
It’s Down!
Yes, Blockchain.info, the world’s most popular Bitcoin wallet and Block Explorer service, has been down from last few hours, and it’s believed that a possible cyber attack has disrupted the site.
<!– adsense –>
The site is down at the time of writing, and the web server
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
When performing an object name lookup it’s possible exercise the worst case look up time for the object leading to a single lookup taking multiple minutes. This can prevent a process being terminated on logout which can be used to get access to other user sessions, especially on a terminal server leading to EoP.
The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDER_TYPE_BINDER or BINDER_TYPE_WEAK_BINDER, a pointer to that object (in the server process) is leaked to the client process as the cookie value. This leads to a leak of a heap address in many of the privileged binder services, including system_server.
Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities.
Mike Mimoso talks to Cigital CTO and software security pioneer Gary McGraw about the latest results pulled from the Building Security In Maturity Model (BSIMM).
In the year 2014, we came to know about the NSA’s ability to break Trillions of encrypted connections by exploiting common implementations of the Diffie-Hellman key exchange algorithm – thanks to classified documents leaked by ex-NSA employee Edward Snowden.
At that time, computer scientists and senior cryptographers had presented the most plausible theory: Only a few prime numbers were
