Robert Schwass*// Last week I was asked twice in one day if I knew what XML External Entity (XXE) Vulnerabilities were. Maybe they are making a comeback in mainstream security buzz or sales jargon, I have no idea. (Often buzz-words propagated by the media or sales engineers become the driving factor for many of the […]
Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.
Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of this post(November 2nd, 2016) Microsoft have not responded with any updates other than to say there are no updates. The full timeline of this disclosure […]
Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” finding reported by Nessus, particularly any web servers that it lists because there are often blatant security issues hidden in there. This is as […]
Carrie Roberts // I learned some new stuff that will make me pay attention to “Asterisk Detection” Nessus informational findings in the future . . . On an external network scan, Nessus reported two hosts running Asterisk SIP services as an informational finding. When entering the IP address in a browser, only a blank page was […]
