취약점 정보1 썸네일형 리스트형 Google Service Interruption Due To BGP Failure This morning people on twitter reported that they were unable to reach Google services.Businessinsider followed up with a story in which they mentioned that the Google service interruption primarily involved European and Indian users.In this blog we’ll take a quick look at what exactly happened by looking at our BGP data. The first clue comes from David Roy on twitter who noticed traffic was re.. 더보기 Mozilla Releases Masche Memory Scanning Tool Mozilla operates thousands of servers to build products and run services for our users. Keeping these servers secure is the primary concern of the Operations Security team, and the reason why we have built Mozilla InvestiGator (MIG), a cross-platform endpoint security system.MIG can inspect the file system and network information of thousands of hosts in parallel, which greatly helps increase vi.. 더보기 Maldoc VBA Sandbox/Virtualization Detection As could be expected, we witness an arms race when observing the evolution of VBA malicious documents. First the VBA code was trivially simple (download and execute), then obfuscation was added (strings and code), and now we see more attempts to evade detection.I analyzed a maldoc sample (.xls 77f3949c2130b268bb18061bcb483d16) that tries to detect sandboxes and virtualization (and aborts if foun.. 더보기 Telerik Analytics Monitor Library allows DLL hijacking OverviewTelerik Analytics Monitor Library is a third-party application analytics service that collects detailed application metrics for vendors. Some versions of the Telerik library allow DLL hijacking, allowing an attacker to load malicious code in the context of the Telerik-based application.DescriptionCWE-114: Process ControlTelerik Analytics Monitor Library is supplied as a third-party DLL t.. 더보기 SSL/TLS implementations accept export-grade RSA keys (FREAK attack) OverviewSome implementations of SSL/TLS accept export-grade (512-bit or smaller) RSA keys even when not specifically requesting export grade ciphers. An attacker able to act as a Man-in-The-Middle (MiTM) could factor weak temporary RSA keys, obtain session keys, and decrypt SSL/TLS trafflc. This issue has been dubbed the "FREAK" (Factoring Attack on RSA-EXPORT Keys) attack.DescriptionCWE-757: Se.. 더보기 Explaining the PostgreSQL pass-the-hash vulnerability Explaining the PostgreSQL pass-the-hash vulnerabilityWhile we were working on the hashcat trac ticket #490 Support for postgres challenge-response authentication we instantly realized that this scheme is vulnerable to a pass-the-hash attack (PTH). As all infosec people know finding an unknown exploitable vulnerability is something that hooks us pretty hard. So we started to investigate that vuln.. 더보기 ‘FREAK’ SSL 취약점 주의 권고 □ 개요프랑스 국립 연구소(INRIA) 및 MS社에서는 SSL을 통해 강제로 취약한 RSA로 다운 그레이드 시킬 수 있는 취약점을 발견함 ※ CVE-2015-0204 : OpenSSL s3_clnt.c의 ssl3_get_key exchange 함수에서 발생하는 취약점으로 공격자가 MITM(Man In The Middle Attack)을 통해 512비트 RSA로 다운 그레이드시켜 정보를 유출시킬 수 있는 취약점 □ 해당 시스템영향을 받는 시스템Openssl 0.9.8 대 0.9.8zd 이전 버전Openssl 1.0.0 대 1.0.0p 이전 버전Openssl 1.0.1 대 1.0.1k 이전 버전 □ 해결 방안(서버 운영자) 해당 취약점에 영향 받는 버전 사용자는 OpenSSL 1.0.2 버전으로 업그레이드 .. 더보기 Samba vulnerability (CVE-2015-0240) Samba is the most commonly used Windows interoperability suite of programs, used by Linux and Unix systems. It uses the SMB/CIFS protocol to provide a secure, stable, and fast file and print services. It can also seamlessly integrate with Active Directory environments and can function as a domain controller as well as a domain member (legacy NT4-style domain controller is supported, but the Acti.. 더보기 Microsoft Security Bulletin MS15-011 JASBUG NCCIC/ICS-CERT is issuing this alert to provide notice of a Microsoft Windows critical security update described in Microsoft’s Security Bulletin MS15-011a. This serious vulnerability impacts control system owners using a domain-configured system. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected Windows system.This security update is rated .. 더보기 MS15-011 & MS15-014: Hardening Group Policy Today we are releasing MS15-011 & MS15-014 which harden group policy and address network access vulnerabilities that can be used to achieve remote code execution (RCE) in domain networks. The MS15-014 update addresses an issue in Group Policy update which can be used to disable client-side global SMB Signing requirements, bypassing an existing security feature built into the product.MS15-011 add.. 더보기 이전 1 ··· 25 26 27 28 29 30 31 ··· 62 다음