漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for bind to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to cause Denial …
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for bind to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE …
漏洞类别:CGI 漏洞等级: 漏洞信息 Drupal is a free and open-source content management framework written in PHP and distributed under the GNU General Public License. It is also used for knowledge management and business collaboration. Drupal contains a critical access bypass…
漏洞类别:CGI 漏洞等级: 漏洞信息 Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). The vulnerability exists when running an untrusted applications under a SecurityManager which do not use the appropriate facade object…
漏洞类别:Web server 漏洞等级: 漏洞信息 Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF). The vulnerability exists because of refactoring of the HTTP connectors, that was introduced as a result of a regression in the …
漏洞类别:Web server 漏洞等级: 漏洞信息 Jive Software is a provider of communication and collaboration solutions for business, including a suite of collaboration software and an intranet back-end. Jive (formerly known as Clearspace, then Jive SBS, then Jive Engage) is a co…
漏洞类别:Local 漏洞等级: 漏洞信息 VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. VMware Workstation update addresses multiple security issues A local user on the guest system can create a specially crafted JPEG2…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released Security update for sblim-sfcb which contains some security feature enhancements. Affected Products: SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY 漏洞危害 解决方案 Upgrade to the latest packages wh…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for libsamplerate to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause …
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for ntp to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to cause Denial of Service. 解决方案 Upgrade to the latest packages which c…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for ntp to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Server 12-SP2 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP2 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害…
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for tiff to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE …
漏洞类别:SUSE 漏洞等级: 漏洞信息 Suse has released security update for curl to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 SUSE Linux Enterprise Server 11-SECURITY 漏洞危害 This vulnerab…
漏洞类别:Database 漏洞等级: 漏洞信息 IBM DB2 is vulnerable to a privilege escalation due to loading libraries from insecure locations. A local user could place a malicious library in a location that a SETGID or SETUID binary would execute and gain root level access. Affec…
漏洞类别:Database 漏洞等级: 漏洞信息 When a table is renamed and a new table is created with the old name, users who had access on the old table may be able to access the new table. A user may incorrectly acquire privileges on a table if the table is created with the same…
漏洞类别:RedHat 漏洞等级: 漏洞信息 Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occ…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual…
来自Recorded Future公司的研究人员披露称最新发现一款Hidden Tear勒索软件变体Karmen,它正在在暗网以勒索软件即服务方式出售,价格仅售175美元。 Karmen勒索软件暗网出售 Karmen活跃于2016年12月份左右,当时出现在德国和美国的安全事件中。不过直到3月份它才在暗网论坛广告中现身。研究人员分析后认为Karmen衍生自开源勒索软件Hidden Tear,使用的是AES-256加密协议,加密目标是本地机器上的目标文件。 跟其它勒索软件一样,Karmen会留下指令和勒索信息让受害者支…
国家互联网应急中心发布了《2016年我国互联网网络安全态势综述》(以下简称为《综述》),综述数据显示,2016年,移动互联网恶意程序捕获数量、网站后门攻击数量以及安全漏洞收录数量较2015年有所上升,而木马和僵尸网络感染数量、拒绝服务攻击事件数量、网页仿冒和网页篡改页面数量等均有所下降。 2016年,国家互联网应急中心捕获移动互联网恶意程序数量近205万个,较2015年增长39.0%,恶意程序数量近7年来保持高速增长趋势。 按恶意行为进行分类,排名前三位的恶意行为分别是流氓行为类、恶意扣费类和资费消耗类,占比分别为…
近日臭名昭著的方程式组织工具包再次被公开,TheShadowBrokers在steemit.com博客上提供了相关消息。以下是其中Esteemaudit漏洞复现过程。 前期准备 IP 系统信息 用途 备注 192.168.146.132 Windows xp 攻击机 需安python2.6.6&pywin32 192.168.146.129 kali 2.0 用于生成攻击payload(反弹shell等)和控制反弹的shell会话 生成reverse shell 的dll 192.168.146.136 W…
2015年安腾(Anthem)和Premera这两家医疗保险公司,泄露了多达数百万份的医疗记录,这次泄露事件也使得公众开始意识到安全在医疗机构中的重要性。2016年相较于2015年,则针对医疗机构的大规模数据泄露事件明显少了不少。但令人遗憾的是,这并不说明医疗机构的安全问题已经得到了解决。事实上,在去年各行各业都遭受了不同程度的勒索软件攻击,而医疗机构则成了这种威胁的重灾区。这与近年来连接互联网的医疗设备和健身跟踪器的不断激增有关,同时也表明了医疗保健的未来将会面对更多的挑战。 勒索软件只是冰山一角 近年来勒索软件…
洲际酒店集团上周公布,该集团旗下逾1000家酒店遭遇信用卡数据泄露。 洲际酒店旗下拥有多个知名品牌,诸如假日酒店和皇冠假日酒店等。这是洲际酒店第二次发生信用卡数据泄露。今年早些时候,集团曾告知其客户,2016年8月至12月在美国12家IHG酒店的餐厅及酒吧使用的信用卡数据遭泄露。当时受影响的酒店包括旧金山洲际酒店(InterContinental San Francisco )、阿鲁巴岛假日酒店(Holiday Inn Resort – Aruba)、芝加哥华丽一英里洲际酒店(InterContinental Ch…
Shadow Brokers泄露出一份震惊世界的机密文档,其中包含了多个 Windows 远程漏洞利用工具。本文主要介绍了其中一款工具Fuzzbunch的分析与利用案例 1 整体目录介绍 解压EQGRP_Lost_in_Translation-master.zip文件(下载地址:https://github.com/x0rz/EQGRP_Lost_in_Translation)。总共包含三个目录: 1. windows目录针对Windows操作系统的利用工具和相关攻击代码; 2. swift目录中是包含入侵swif…
17日网络爆出疑似优酷上亿数据泄漏的新闻,标题为《优酷账号密码疯狂泄露!》,威胁猎人团队通过近期的黑产监控数据给大家客观的展现这次泄露出的数据在各维度情况,还原此次事件。 1. 数据最早泄露于今年一月份 1)已知的泄漏源 对于这类地下信息,新闻的时效性往往相对较慢。据我们的数据监控,这份数据至少在2017年1月份就已经在暗网的地下市场 HANSA Market 流通,可见销量在20多份,价格300美金,随后又出现过多个版本的不同卖家。 从原始数据来看,泄漏量确实在1亿条以上,数据以“明文账号+md5密码”的形式保存…
尽管Linux系统可以免受大多数恶意软件的传播感染,但也不是绝对安全的。如果你的数据中心架设有Linux服务器,尤其是网站服务器,则更应该对Rootkit木马和恶意软件严密防范,因为一些数据破坏类Rootkit非常危险,而且攻击者一旦入侵之后就可能会利用网站服务器进行恶意软件传播。如何排除这类风险隐患呢?一种方法就是使用正确的安全检查工具。 我以Ubuntu Server 16.04系统为例,向大家介绍两款针对常规Rootkit和恶意软件的有用检测工具。 针对Rookit的检测工具-chkrootkit 安装 su…