So the big panic in the past week or so has been about this GHOST vulnerability in glibc which under certain circumstances can allow remote code execution (serious business!). So we’ve had Heartbleed, POODLE and Shellshock and now we have awfully cute GHOST. What is it? The CVE for GHOST is – CVE-2015-0235, the technical […]
Archives for January 2015
OAT – Oracle Auditing Tools For Database Security
Oracle Auditing Tools is a tool kit that could be used to audit security within Oracle database servers. OAT uses CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll in Windows or the system call in libc on Un*x. Having access to this function makes it possible to execute anything on […]
Flash Zero Day Being Exploited In The Wild
This is not the first Flash Zero Day and it certainly won’t be the last, thanks to the Sandbox implemented in Chrome since 2011 – users of the browser are fairly safe. Those using IE are in danger (as usual) and certain versions of Firefox. It has been rolled into the popular Angler Exploit Kit, […]
Gitrob – Scan Github For Sensitive Files
Developers generally like to share their code, and many of them do so by open sourcing it on GitHub, a social code hosting and collaboration service. Many companies also use GitHub as a convenient place to host both private and public code repositories by creating GitHub organizations where employees can be joined. Sometimes employees might […]
OpenVAS 7 Released – Open Source Vulnerability Scanner
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 35,000 in total (as of April 2014). The OpenVAS Manager is the central […]