Security CERT Global
- CVE-2021-20527IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759. ... read more
- CVE-2021-27030A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code ... read more
- CVE-2021-27028A Memory Corruption Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files. ... read more
- CVE-2021-27031A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by ... read more
- CVE-2021-27029The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review causing the application to crash leading to a ... read more
- CVE-2021-27027A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure. ... read more
- CVE-2020-28141The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that ... read more
- CVE-2021-29943 (solr)When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution ... read more
- Vulnerability Summary for the Week of April 12, 2021Original release date: April 19, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info dreamreport -- dream_report A privilege escalation vulnerability exists in Dream ... read more
- CVE-2021-20991In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. ... read more
- CVE-2021-20990In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed ... read more
- CVE-2021-21981VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest ... read more
- CVE-2021-20989Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection ... read more
- CVE-2021-20992In Fibaro Home Center 2 and Lite devices in all versions provide a web based management interface over unencrypted HTTP protocol. Communication between the user and the device can be ... read more
- CVE-2021-28437 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019)Windows Installer Information Disclosure Vulnerability ... read more
- CVE-2021-23372 (mongo-express)All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. ... read more
- CVE-2021-29440 (grav)Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the ... read more
- CVE-2021-29439 (grav_admin)The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By ... read more
- CVE-2021-29438 (nextcloud/dialogs)The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a ... read more
- CVE-2021-29435 (trestle-auth)trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in ... read more
- CVE-2021-28436 (windows_10, windows_server_2016, windows_server_2019)Windows Speech Runtime Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28347, CVE-2021-28351. ... read more
- When Your Softwares Check Engine Light Is On: Identifying Design Problems that Impact Software FailureThis blog post summarizes an effective roadmap for detecting design problems that can be used to improve software development and performance. ... read more
- CVE-2021-29399XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 ... read more
- CVE-2020-7851Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the ... read more
- CVE-2021-21070Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file ... read more
- CVE-2021-29425 (commons_io)In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..foo", the result would be the same value, thus possibly providing ... read more
- CVE-2021-29262 (solr)When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not ... read more
- CERTFR-2021-AVI-281 : Vulnérabilité dans OpenSSH (19 avril 2021)Une vulnérabilité a été découverte dans OpenSSH. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. ... read more
- CERTFR-2021-AVI-280 : Multiples vulnérabilités dans Mitel MiCollab (19 avril 2021)De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à ... read more
- CERTFR-2021-ACT-015 : Bulletin d’actualité CERTFR-2021-ACT-015 (19 avril 2021)Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas ... read more
- CERTFR-2021-AVI-285 : Vulnérabilité dans VMware NSX-T (19 avril 2021)Une vulnérabilité a été découverte dans VMware NSX-T. Elle permet à un attaquant de provoquer une élévation de privilèges. ... read more
- CERTFR-2021-AVI-284 : Multiples vulnérabilités dans le noyau Linux de SUSE (19 avril 2021)De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une ... read more
- CERTFR-2021-AVI-283 : Vulnérabilité dans Juniper Junos OS (19 avril 2021)Une vulnérabilité a été découverte dans Juniper Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance. ... read more
- CERTFR-2021-AVI-282 : Multiples vulnérabilités dans les produits Qnap (19 avril 2021)De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance. ... read more
- WordPress udsender sikkerhedsopdateringDet populære redaktionssystem for hjemmesider, Wordpress, er opdateret til en ny version. Det sker med udsendelsen af version 5.7.1, hvorved alle versioner siden WordPress 4.7 er blevet opdateret. Der er tale ... read more
- Get ready for CiSP 2.0The NCSC's online portal for threat intelligence sharing is being upgraded. ... read more
- Det kriminalpræventive råd: IT-kriminelle har for let spilEn ny rapport fra Det Kriminalpræventive Råd og Forbrugerrådet TÆNK konkluderer, at it-kriminelle har for let spil til deres forehavende. Danskernes høje tillid til hinanden udnyttes af it-kriminelle til at ... read more
- JVN: トレンドマイクロ株式会社製パスワードマネージャーにおける DLL 読み込みに関する脆弱性トレンドマイクロ株式会社製パスワードマネージャーには、DLL 読み込みに関する脆弱性が存在します。続きを読む ... read more
- Trend Micro Password Manager may insecurely load Dynamic Link LibrariesPassword Manager provided by Trend Micro Incorporated may insecurely load Dynamic Link Libraries. ... read more
- CVE-2021-24226 (accessally)In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing ... read more
- CVE-2021-24024 (fortiadc, fortiadc_manager)A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker ... read more
- ESB-2021.1311 – [RedHat] IBM Resilient SOAR: Execute arbitrary code/commands – Existing account-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1311 Security Bulletin: IBM Resilient SOAR is vulnerable to command injection (CVE-2021-20527) 19 April 2021 =========================================================================== AusCERT Security ... read more
- ESB-2021.1310 – [Debian] libebml: Denial of Service – Existing Account-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1310 libebml security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libebml Publisher: Debian Operating ... read more
- ESB-2021.1304 – [Juniper] Junos OS: EX4300: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1304 JSA11135 - 2021-04 Security Bulletin: Junos OS: EX4300: FPC crash upon receipt of specific frames on an ... read more
- ESB-2021.1309 – [Debian] python2.7: Multiple vulnerabilities-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1309 python2.7 security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python2.7 Publisher: Debian Operating ... read more
- ESB-2021.1308 – [Debian] python-bleach: Cross-site scripting – Remote with user interaction-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1308 python-bleach security update 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python-bleach Publisher: Debian Operating ... read more
- ESB-2021.1303 – [Appliance] F5 Products: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1303 iApps vulnerability CVE-2020-17507 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: BIG-IP (all modules) BIG-IQ ... read more
- ESB-2021.1305 – [SUSE] openldap2: Denial of service – Remote/unauthenticated-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1305 Security update for openldap2 19 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openldap2 Publisher: SUSE ... read more
- CVE-2021-23381Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to ... read more
- CVE-2021-23379Gravedad: NonePublicado: 18/04/2021Last revised: 18/04/2021Descripción: *** Pendiente de traducción *** This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to ... read more
MGS+ ICS Security Report August 2017
MG Strategy+ ICS Security Report August 2017: Editor Picks: News Intelligence Alerts Reports
Financial malware more than twice as prevalent as ransomware
Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate finance departments
Source: https://www.symantec.com/connect/blogs/financial-malware-more-twice-prevalent-ransomware
The Jetson’s Cyber Concerns – Future Smart Cities Cybersecurity Checklist
As cities continue to grow smarter, they will also become easier to hack. With millions (if not billions) of dollars going into research for urban domains and the Internet of Things (IoT), there will be more opportunities to utilize technology to define, access and improve smart city services and infrastructure. In these smart cities, information security plays a huge role in protecting the highest levels of confidentiality, availability and integrity for city resources and utilities.
Source: http://blog.trendmicro.com/jetsons-cyber-concerns-future-smart-cities-cybersecurity-checklist/
The Future of Ransomware
Ransomware isn’t new, but it’s increasingly popular and profitable.
Source: https://www.schneier.com/blog/archives/2017/05/the_future_of_r.html
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Increasing complexity is putting networks at risk. It’s time to shift our security approach and take some lessons from software development.
Source: https://www.darkreading.com/vulnerabilities—threats/rethinking-vulnerabilities-network-infrastructure-as-a-software-system/a/d-id/1328989
Over 8,600 Security Flaws Found in Pacemaker Systems
Security researchers from WhiteScope have uncovered over 8,600 vulnerabilities in pacemaker systems and the third-party libraries used to power various of their components.
Source: https://www.bleepingcomputer.com/news/security/over-8-600-security-flaws-found-in-pacemaker-systems/#.WTBsjfJS8zo.twitter
How the FBI relies on dark web intel firms as frontline investigators
Source: https://www.cyberscoop.com/dark-web-intelligence-fbi-investigations/
Using Physics to Protect Industrial Devices Against Hacking
Source: https://waterfall-security.com/blog/using-physics-protect-industrial-devices-hacking
Ransomware: Best Practices for Prevention and Response
Source: https://insights.sei.cmu.edu/sei_blog/2017/05/ransomware-best-practices-for-prevention-and-response.html
Machine Learning in Cybersecurity
Source: https://insights.sei.cmu.edu/sei_blog/2017/06/machine-learning-in-cybersecurity.html
Critical Asset Identification (Part 1 of 20: CERT Best Practices to Mitigate Insider Threats Series)
The first practice described in the newly released edition of the Common Sense Guide to Mitigating Insider Threats is Practice 1: Know and Protect Your Critical Assets. In this post, I discuss the importance and nature of this practice, which is a cornerstone of shaping and scoping a robust insider threat program.
Source: https://insights.sei.cmu.edu/insider-threat/2017/04/critical-asset-identification-part-1-of-20-cert-best-practices-to-mitigate-insider-threats-series.html
Jacobs to Acquire CH2M to Create Premier $15 Billion Global Solutions Provider
Source: http://invest.jacobs.com/investors/Press-Release-Details/2017/Jacobs-to-Acquire-CH2M-to-Create-Premier-15-Billion-Global-Solutions-Provider/default.aspx
Google to Achieve “Supremacy” in Quantum Computing by the End of 2017
In theory, quantum computers could be vastly superior to regular or “classical” computers in performing certain kinds of tasks, but it’s been hard to build one. Already a leader in this field, Google is now testing its most powerful quantum chip yet, a 20-qubit processor, which the company looks to more than double in power to 49 qubits by the end of 2017.
Source: http://bigthink.com/paul-ratner/google-to-achieve-supremacy-in-quantum-computing-by-the-end-of-2017
THE HIGH COST OF DARK ENDPOINTS; Do you know where all of your endpoints are and what they are running?
Source: https://blogs.absolute.com/high-cost-dark-endpoints/
THE CYBER-COMMITTED CEO; Three industry-leading practices help CISOs catalyze engagement with their CEO and board to make cybersecurity business-relevant.
Source: https://www.accenture.com/us-en/insight-cyber-committed-ceo
VULNERABILITY IN INDUSTRIAL CONTROL SOFTWARE AND QUALITY OF THE PATCH MANAGEMENT
Source: https://ics-cert.kaspersky.com/reports/2016/12/09/vulnerability-in-industrial-control-software-and-quality-of-the-patch-management/
What’s now and next in analytics, AI, and automation
Innovations in digitization, analytics, artificial intelligence, and automation are creating performance and productivity opportunities for business and the economy, even as they reshape employment and the future of work.
Source: http://www.mckinsey.com/global-themes/digital-disruption/whats-now-and-next-in-analytics-ai-and-automation
Cyber raises threat against America’s energy backbone
Source: https://www.eenews.net/stories/1060054924
UN Report Shows the Whole World Needs a Cybersecurity Upgrade
Major cyber-readiness gaps remain among nations, but nearly all countries need major improvements.
Source: https://www.inc.com/joseph-steinberg/un-report-shows-the-whole-world-needs-a-cybersecur.html
Half of all countries aware but lacking national plan on cybersecurity, UN agency reports
Only about half of all countries have a cybersecurity strategy or are in the process of developing one, the United Nations telecommunications agency today reported, urging more countries to consider national policies to protect against cybercrime. Releasing its second Global Cybersecurity Index (GCI), the International Telecommunication Union (ITU) said about 38 per cent of countries have a published cybersecurity strategy and an additional 12 per cent of governments are in the process of developing one.
Source: http://www.un.org/apps/news/story.asp?NewsID=57119#.WbL7_siGOUl
UN finds cybersecurity is a struggle worldwide
There are massive gaps in security among the 134 countries surveyed, including the world’s most powerful nations.
Source: https://www.cnet.com/news/united-nations-cybersecurity-global-index-united-states-singapore/
How Cisco is establishing itself as a cybersecurity leader
Cisco demonstrated its commitment to cybersecurity at its annual customer event. Good position, but lots of work ahead.
Source: https://www.csoonline.com/article/3205926/security/ciscolive-and-cybersecurity.html
Average time to plug SCADA holes is 150 days, says report
Source: http://www.itworldcanada.com/article/average-time-to-plug-scada-holes-is-150-days-says-report/393418
90% of Companies Get Attacked with Three-Year-Old Vulnerabilities
A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.
Source: https://www.bleepingcomputer.com/news/security/90-percent-of-companies-get-attacked-with-three-year-old-vulnerabilities/
Cybersecurity remains a growing problem
Learn the lessons or pay the price
Source: https://www2.deloitte.com/ca/en/pages/risk/articles/Deloitte-risk-series-insight-Cybersecurity.html
Tsunami of DDoS-for-Hire Platforms Coming From the East
Over the past six months, a large number of DDoS-for-hire platforms — also known as DDoS booters or DDoS stressors — have appeared in China, all sporting the same interface, and seeming to be based on the same source code.
Source: https://www.bleepingcomputer.com/news/security/tsunami-of-ddos-for-hire-platforms-coming-from-the-east/
THE BIGGEST CYBERSECURITY DISASTERS OF 2017 SO FAR
Source: https://www.wired.com/story/2017-biggest-hacks-so-far/
Major IIoT Challenges in 2017
Source: https://www.bayshorenetworks.com/blog/major-challenges-for-iiot-in-2017
Steps for Creating National CSIRTs
Source: http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=53062
How Industrial IoT Startups Will Disrupt the Incumbents
Source: https://www.bayshorenetworks.com/blog/how-industrial-iot-startups-will-disrupt-the-incumbents
Cybersecurity spend: ROI Is the wrong metric
Executives and board members should instead focus on network defender first principles.
Source: https://www.csoonline.com/article/3200270/network-security/cybersecurity-spend-roi-is-the-wrong-metric.html