분류 전체보기 썸네일형 리스트형 From Windows to Droids: An insight in to multi vector attack mechanisms in RATs From Windows to Droids: An insight in to multi vector attack mechanisms in RATs FireEye recently observed a targeted attack on an US based financial institution via spear phishing email. The payload used in this campaign is a tool called WinSpy, which is sold by the author as a spying and monitoring tool. The features in this tool resemble that of many other off-the-shelf RATs (Remote Administra.. 더보기 애플 ios 보안 백서 VANCOUVER – A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes.A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of kernel exploit mitigations native to iOS. The Early Random PRNG is important to securing the mitigatio.. 더보기 신규 아파치 서버릴리즈 소식 New Apache web server releaseQuoting Diary:The Apache folks have released version 2.4.9 of their ubiquitous web server. This one fixes a couple of security vulnerabilities along with some other bug fixes, one in mod_log_conifg having to do with issues with truncated cookies and one in mod_dav that was a potential denial of service. Expect most of the Linux distros to apply the appropriate fixes .. 더보기 말레이시아 항공기실종을 악용한 scam 주의 he Websense® ThreatSeeker® Intelligence Cloud has observed Facebook-themed scams using news of the missing Malaysia Airlines MH370 flight as a lure. Legitimate news sources report that on March 8, 2014, the plane went missing over the South China Sea. The lure websites have been configured to appear like a legitimate Facebook page; complete with sharing button, suitable graphics, and relevant li.. 더보기 Scans for FCKEditor File Manager FCKEditor (now known as CKEditor [1]) is a popular full featured GUI editor many web sites use. For example, you frequently find it with blog systems like WordPress or as part of commenting/forum systems. As an additional feature, a filemanager can be added to allow users to upload images or other files. Sadly, while a very nice and functional plugin, this features if frequently not well secured.. 더보기 R-Company 製 Unzipper におけるディレクトリトラバーサルの脆弱性 JVN#38227002 R-Company 製 Unzipper におけるディレクトリトラバーサルの脆弱性 R-Company が提供する Unzipper には、ディレクトリトラバーサルの脆弱性が存在します。 Unzipper version 1.0.1 およびそれ以前 R-Company が提供する Unzipper には、ファイル名の処理に問題があり、ディレクトリトラバーサル (CWE-22) の脆弱性が存在します。遠隔の第三者によって、アプリの権限でアクセス可能なディレクトリにおいて、ファイルを作成されたり既存のファイルを上書きされたりする可能性があります。アップデートする 開発者が提供する情報をもとに、最新版へアップデートしてください。ベンダステータスステータス 最終更新日ベンダの告知ページR-Company該当製品あり2014/03/17R-Company の告知ページ2.. 더보기 JVN#16263849 Android 版アプリ「出前館」における SSL サーバ証明書の検証不備の脆弱性 JVN # 16263849 Android 용 어플리 「아웃 포토」의 SSL 서버 증명서의 검증 미비 취약점 Android 용 어플리 「아웃 관」에는 SSL 서버 증명서의 검증 미비 취약점이 존재합니다.Android 용 어플리 「아웃 포토」ver.2.1.0 및 이전Android 용 어플리 「아웃 관」에는 SSL 서버 증명서의 검증 미비 취약점이 존재합니다.중간자 공격 (man-in-the-middle attack)에 의한 암호화 통신의 도청 등이 수행 될 수 있습니다.업데이트 개발자가 제공하는 정보를 바탕으로 최신 버전으로 업데이트하십시오.공급 업체링크夢の街創造委員会株式会社아웃 포토 - Google Play의 Android 애플리케이션2014.03.17의 취약성 분석 결과평가 척도공격 성립 조건평가 값공격.. 더보기 Ubuntu Releases Security Update Ubuntu has released security updates to address a vulnerability in the Mutt E-mail Client for Ubuntu 13.10, 12.10, 12.04 LTS, and 10.04 LTS. This vulnerability may allow an attacker to take control of a system via a crafted email.Users and administrators are encouraged to review Ubuntu Security Notice USN-2147-1 and apply the appropriate update. 더보기 Agent.btz: a source of inspiration? The past few days has seen an extensive discussion within the IT security industry about a cyberespionage campaign called Turla, aka Snake and Uroburos, which, according to G-DATA experts, may have been created by Russian special services.One of the main conclusions also pointed out by research from BAE SYSTEMS, is a connection between the authors of Turla and those of another malicious program,.. 더보기 Analysis of, Malware from the MtGox leak archive A few days ago the personal blog and Reddit account of MTgox CEO, Mark Karpeles, were hacked. Attackers used them to post a file, MtGox2014Leak.zip, which they claim contains valuable database dumps and specialized software for remote access to MtGox data. But this application is actually malware created to search and steal Bitcoin wallet files from their victims. It seems that the whole leak wa.. 더보기 이전 1 ··· 418 419 420 421 422 423 다음