Search

1 to 8 of 8
Sort by

Blog Entry
Shadow Brokers release password to second set of files

In August 2016, a group calling themselves The Shadow Brokers released a set of files. This blog detailed our analysis of the impact of those files on Juniper devices. At that time, the Shadow Brokers also released a second set of files that were encrypted. They recently published the...


Blog Entry
Shadow Brokers Release of Hacking Code

Juniper Networks is investigating the recent release of files reported to have been taken from the so-called Equation Group. For reference, we addressed the existence of these kinds of tools in JSA10605 . However, this is the first time possible examples of those tools have been available...


Blog Entry
HTTP Evader: Automate Firewall and IDS Evasion Tests, Analyse Browser Behavior

Vulnerability Details HTTP Evader: Automate Firewall and IDS Evasion Tests, Analyse Browser Behavior (Research) http://noxxi.de/research.html (Semantic Gap) http://noxxi.de/research/semantic-gap.html (Tool – FW Evasion Test) http://http-evader.semantic-gap.de (GitHub – Code) ...


Blog Entry
Juniper Networks Completes ScreenOS Update

Juniper Networks Completes ScreenOS Update POSTED BY BOB WORRALL, SVP CHIEF INFORMATION OFFICER ON APRIL 6, 2016 I am pleased to share that Juniper Networks has completed the process of updating ScreenOS, by implementing the same random number generation technology currently employed...


Blog Entry
glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

On February 16, 2016, Google​ Security announced a new vulnerability in the getaddrinfo() library function​ of glibc. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited...


Blog Entry
Advancing the Security of Juniper Products

Advancing the Security of Juniper Products POSTED BY BOB WORRALL, SVP CHIEF INFORMATION OFFICER ON JANUARY 8, 2016 Recently Juniper Networks announced the discovery of unauthorized code in the ScreenOS® software used in our Netscreen® products. This malicious code could allow a...


Blog Entry
Important Announcement about ScreenOS®

IMPORTANT JUNIPER SECURITY ANNOUNCEMENT CUSTOMER UPDATE: DECEMBER 20, 2015 Administrative Access (CVE-2015-7755) only affects ScreenOS 6.3.0r17 through 6.3.0r20. VPN Decryption (CVE-2015-7756) only affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. ...


Blog Entry
Hello World

Hello World We are the Juniper Networks Security Incident Response Team (SIRT) and we handle all aspects of possible security issues with Juniper products. Our team looks for them, accepts information about them, works to get bugs fixed, and publishes Juniper Security Advisories . We also...