NSA Appoints Rob Joyce as Cyber Director

Subscribe to Newsletters

Webinar Archives

White Papers

From MFA to Zero Trust

Two-Factor Evaluation Guide

Seven recommendations for a Successful SD-WAN Strategy

ROI Study: Economic Validation Report of the Anomali Threat Intelligence Platform

Threat Intelligence Solutions: A SANS Review of Anomali ThreatStream

More White Papers

Video

All Videos

Cartoon

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2020: The Year in SecurityDownload this Tech Digest for a look at the biggest security stories that – so far – have shaped a very strange and stressful year.

Back Issues | Must Reads

Flash Poll

All Polls

Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15

An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct …

CVE-2021-3162
PUBLISHED: 2021-01-15

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.

CVE-2021-21242
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a…

CVE-2021-21245
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u…

CVE-2021-21246
PUBLISHED: 2021-01-15

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar…

The post NSA Appoints Rob Joyce as Cyber Director appeared first on Malware Devil.

https://malwaredevil.com/2021/01/15/nsa-appoints-rob-joyce-as-cyber-director-3/?utm_source=rss&utm_medium=rss&utm_campaign=nsa-appoints-rob-joyce-as-cyber-director-3