Aggregator

A vulnerability was found in Apple Quicktime Streaming Server 4.1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file parse_xml.cgi of the component Administration Server. The manipulation leads to information disclosure (Directory). This vulnerability is handled as CVE-2003-0052. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Armis announced the close of a $200 million Series D round of investment, increasing its total company valuation to a new high of $4.2 billion. Armis’ latest funding round was led by both top-tier investors General Catalyst and Alkeon Capital, along with existing investors Brookfield Technology Partners and Georgian. The additional capital will enable Armis to continue with its 5 year strategy to build a multi-generational cybersecurity company, fuel strong organic product innovation and global … More →

The post Armis raises $200 million to fuel growth strategy appeared first on Help Net Security.

Authors/Presenters:Kunal Bhattacharya, Shahar Man, Trupti Shiralkar, Sara Attarzadeh

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – Transforming AppSec Protecting ‘Everything as Code appeared first on Security Boulevard.

Authors/Presenters: Avi Lumel, skyGal Elbaz

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – AppSec Village – 0 0 0 0 Day Exploiting Localhost APIs From The Browser appeared first on Security Boulevard.

A Threat Actor has Allegedly Leaked Data of KickEX

A vulnerability was found in Oracle Agile PLM 9.3.3/9.3.5/9.3.6. It has been rated as very critical. Affected by this issue is some unknown functionality of the component Folders/Files / Attachments. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2020-1938. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Quicktime Streaming Server 4.1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file parse_xml.cgi of the component Administration Server. The manipulation of the argument file with the input NULL leads to information disclosure (Path). This vulnerability is known as CVE-2003-0051. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases. The police are also investigating dozens of other individuals, including the son of Luxottica founder Leonardo Maria […]

A vulnerability was found in Snort up to 1.9.0 and classified as very critical. This issue affects some unknown processing of the component Fragmented RPC Packet Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2003-0033. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

sn0int是一款功能强大的半自动化OSINT框架和包管理工具，可以帮助广大研究人员快速完成网络安全测试阶段的OSINT任务。

A vulnerability classified as very critical has been found in Protegrity Secure.Data 2.2.3.7/2.2.3.8. Affected is the function xp_pty_checkusers/xp_pty_insert/xp_pty_select in the library protegrity.dll of the component Extended Stored Procedure. The manipulation leads to memory corruption (Stored). This vulnerability is traded as CVE-2003-0030. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple tvOS up to 10.1. Affected by this vulnerability is an unknown functionality of the component FontParser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2017-2439. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

The Dutch National Police, along with partner law enforcement agencies, has disrupted the operation of the Redline and Meta infostealers and has collected information that may unmask users who paid to leverage the infamous malware. Screenshot of the Redline License Server panel (Source: Operation Magnus) About Redline and Meta Redline and Meta (aka MetaStealer) are infostealers, capable of exfiltrating a variety of sensitive information: Info about the victims’ machine/OS (Windows and macOS) Credentials, credit card … More →

The post Police hacks, disrupts Redline, Meta infostealer operations appeared first on Help Net Security.