New Era in Anti-Virus Detection Evasions

  • in Blog Posts
  • by
  • August 6, 2016
  • Comments Off on New Era in Anti-Virus Detection Evasions

In the last couple of months, we wrote about the discoveries we found in Dridex, the long-lived banking Trojan that is still quite active in-the-wild. In the blog post, TL;DR, we mentioned the Trojan has equipped with new module that could be used to evade one of the anti-virus products, Continue Reading

RSA Conference Asia Pacific & Japan 2016, and Some Thoughts

  • in Blog Posts
  • by
  • August 6, 2016
  • Comments Off on RSA Conference Asia Pacific & Japan 2016, and Some Thoughts

The RSA Conference: Asia Pacific & Japan 2016 concluded last July 22nd in the majestic Marina Bay Sands hotel here in Singapore. Traditionally, my team helps in the Fortinet exhibit booth to assist with FortiGuard-related inquiries. However this time, I was lucky to have been granted a full conference pass Continue Reading

ISPConfig 3.1 RC 1 released for testing

  • in Blog Posts
  • by
  • August 5, 2016
  • Comments Off on ISPConfig 3.1 RC 1 released for testing

What’s new in ISPConfig 3.1 ISPConfig 3.1 is the next generation of the ISPConfig hosting control panel with a completely renovated UI and a lot of new features. Here a few highlights: New responsive User Interface based on the Bootstrap framework. The interface is responsive now which makes it easy Continue Reading

Joomla! 3.6.2 Released

  • in Blog Posts
  • by
  • August 5, 2016
  • Comments Off on Joomla! 3.6.2 Released

Joomla! 3.6.2 is now available. This is a bug fix release for the 3.x series of Joomla. This release fixes some bugs in email cloaking and sessions from Joomla! 3.6.1. What’s in 3.6.2 Joomla! 3.6.2 fixes some issues found in the 3.6.1 release on Wednesday related to sessions on PHP Continue Reading

[20160801] – Core – ACL Violation

  • in Blog Posts
  • by
  • August 4, 2016
  • Comments Off on [20160801] – Core – ACL Violation

Project: Joomla! SubProject: CMS Severity: Low Versions: 1.6.0 through 3.6.0 Exploit type: ACL Violation Reported Date: 2016-April-29 Fixed Date: 2016-August-03 CVE Numbers: requested Description Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level. Affected Installs Joomla! CMS versions Continue Reading

[20160803] – Core – CSRF

  • in Blog Posts
  • by
  • August 4, 2016
  • Comments Off on [20160803] – Core – CSRF

Project: Joomla! SubProject: CMS Severity: Medium Versions: 3.6.0 Exploit type: CSRF Reported Date: 2016-July-19 Fixed Date: 2016-August-03 CVE Numbers: requested Description Add additional CSRF hardening in com_joomlaupdate. Affected Installs Joomla! CMS version 3.6.0 Solution Upgrade to version 3.6.1 Contact The JSST at the Joomla! Security Centre. Reported By: Calum Hutton Powered by WPeMatico

The Joomla! 3.6.1 Update

  • in Blog Posts
  • by
  • August 4, 2016
  • Comments Off on The Joomla! 3.6.1 Update

During the latest release of Joomla! 3.6.1 an issue emerged because of a security fix. 3.6.1 introduced a CSRF token check to the Joomla! Update component as an extra level of security to fix a Medium Level security issue. 3.6.0 down to 2.5.4 (every Joomla! release with the update component) Continue Reading

[20160802] – Core – XSS Vulnerability

  • in Blog Posts
  • by
  • August 4, 2016
  • Comments Off on [20160802] – Core – XSS Vulnerability

Project: Joomla! SubProject: CMS Severity: Low Versions: 1.6.0 through 3.6.0 Exploit type: XSS Vulnerability Reported Date: 2016-February-05 Fixed Date: 2016-August-03 CVE Number: Requested Description Inadequate escaping leads to XSS vulnerability in mail component. Affected Installs Joomla! CMS versions 1.6.0 through 3.6.0 Solution Upgrade to version 3.6.1 Contact The JSST at the Joomla! Security Continue Reading

Joomla! 3.6.1 Released

  • in Blog Posts
  • by
  • August 4, 2016
  • Comments Off on Joomla! 3.6.1 Released

Joomla! 3.6.1 is now available. This is a security release for the 3.x series of Joomla. This release fixes several low level security issues. We strongly encourage you update your sites. IMPORTANT: PLEASE READ THIS ANNOUNCEMENT ABOUT THE 3.6.1 UPDATE PROCESS What’s in 3.6.1? Version 3.6.1 also addresses several issues: Continue Reading

Q&A: Today’s Cyber Threat Landscape – 3rd Party Testing and Sandboxes

  • in Blog Posts
  • by
  • August 4, 2016
  • Comments Off on Q&A: Today’s Cyber Threat Landscape – 3rd Party Testing and Sandboxes

Sandbox technology and the ongoing effort to defend and protect against cyber threats continues. Independent testing offers organizations valuable insight into what solutions are best for their use case. Below we discuss this maturing technology and the role of testing with Fortinet’s David Finger. I saw the announcement from NSS Continue Reading

Page 110 of 135« First...102030...108109110111112...120130...Last »