DevOps – The art of management

Software companies closing the gap between themselves by approaching their projects from a productive angle which does not compromise with its security and reliability. Moreover, every software developing companies are behaving similar as possible, this is to mimic the productivity of successful of enterprises. This added pressure leads to miscommunication, conflict of ideas, and lack […]

WannaCry Ransomware Attack

WannaCry Ransomware attack Ransomware is a new type of encryption-based malicious software attack that will locks up the system files in your computer and will encrypts in such a way that users cannot access files. The malware encrypts files using AES and RSA encryption ciphers which means hackers can decrypt files using unique decryption key. […]

Mysql Remote Root Code Execution

Remote Root Code Execution / Databse Privilege Escalation: Severity: Critical CVE-2016-6662 CVE-2016-6663 Privilege Escalation vulnerability is reported. Using this vulnerability, an attacker could execute code with root privileges. Using the REPAIR TABLE SQL statement, which have the lowest privileged users with SELECT/CREATE/INSERT grants, can create a simlink to the database directory( that is /var/lib/mysql). After […]

Dirty COW – Vulnerability Fix

Dirty COW [ CVE-2016-5195 ] COW -> Copy – On – Write Dirty COW is actually an old vulnerability , which has driven back after 10 long years. The issue was first identified by Linus Torvalds and found some difficulties to patch the issue. The vulnerability is also called privilege-escalation vulnerability. In which the normal […]

Wget CVE-2016-4971: Arbitrary File Upload

CVE-2016-4971 [Arbitrary File Upload / Potential Remote Code Execution] Severity: High below 1.8 version. All versions of Wget before the patched version of 1.18 are affected. 1. GNU wget before 1.18 when supplied with a malicious URL (to a malicious or compromised web server) can be tricked into saving an arbitrary remote file supplied by […]

OpenSSL Vulnerabilities fix – CVE-2016-2108

OPENSSL VULNERABILITIES – CVE-2016-2108 & CVE-2016-2107 On 3rd May 2016, OpenSSL released patches for two high severity bugs (CVE-2016-2108 & CVE-2016-2107), and 4 low severity ones.  CVE-2016-2107 is an OpenSSL bug which allows a man-in-the-middle (MITM) attacker to use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the […]

DROWN Vulnerability Fix

General Information regarding DROWN vulnerability Fix On March 1, we have another OpenSSL vulnerability reported: DROWN. Please follow the document to know more about DROWN and DROWN Vulnerability Fix Name: DROWN( Decrypting RSA using Obsolete and Weakened eNcryption.) Type: Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800). Affected services: DROWN is a serious vulnerability that affects HTTPS and other services that […]

glibc version check with ansible

Considering the recent glibc vulnerability, getting details regarding glibc versions can be a bit difficult when you are managing large server clusters with multiple OS versions. Configuration management tools like ansible becomes a real boon in here. For anyone who is not familiar with ansible, take a looks at the ansible intro page for details […]

Critical glibc vulnerability CVE-2015-7547

What’s the glibc getaddrinfo vulnerability? Red Hat has updated details on the vulnerability. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user […]

Begin typing your search term above and press enter to search. Press ESC to cancel.

Enjoy this blog? Please spread the word :)

Follow by Email
Visit Us
Follow Me