Rockwell Automation acquires Oylo to expand offering of cybersecurity services and solutions

Oylo provides a broad range of industrial control system (ICS) cybersecurity services and solutions including assessments, turnkey implementations, managed services, and incident response.
Read More

The post Rockwell Automation acquires Oylo to expand offering of cybersecurity services and solutions appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/rockwell-automation-acquires-oylo-to-expand-offering-of-cybersecurity-services-and-solutions/?utm_source=rss&utm_medium=rss&utm_campaign=rockwell-automation-acquires-oylo-to-expand-offering-of-cybersecurity-services-and-solutions

If you connect it, protect it

Last week, we said that “Friends don’t let friends get scammed.” They don’t let themselves get scammed, either!
Read More

The post If you connect it, protect it appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/if-you-connect-it-protect-it/?utm_source=rss&utm_medium=rss&utm_campaign=if-you-connect-it-protect-it

Dating app Grindr fixed a bug allowing full takeover of any user account

The password reset token generated when resetting a Grindr account’s password could be obtained using the web browser’s dev tools as it was leaked in the page response content.
Read More

The post Dating app Grindr fixed a bug allowing full takeover of any user account appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/dating-app-grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account/?utm_source=rss&utm_medium=rss&utm_campaign=dating-app-grindr-fixed-a-bug-allowing-full-takeover-of-any-user-account

Moving to the Cloud? Don’t Forget Application Security

The cloud was already a big topic before the pandemic started and pushed organizations to adopt the cloud more quickly than originally planned.  But the pandemic has pushed many organizations to deploy and update applications sooner than expected to support the increased number of employees working from home.

The post Moving to the Cloud? Don’t Forget Application Security appeared first on K2io.

The post Moving to the Cloud? Don’t Forget Application Security appeared first on Security Boulevard.

Read More

The post Moving to the Cloud? Don’t Forget Application Security appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/moving-to-the-cloud-dont-forget-application-security/?utm_source=rss&utm_medium=rss&utm_campaign=moving-to-the-cloud-dont-forget-application-security

Google Will Alert Android Users of Security Bugs on Non-Pixel Phones

Google will begin warning users of non-Pixel Android phones of security vulnerabilities impacting device security as part of the Android Partner Vulnerability Initiative (APVI).
Read More

The post Google Will Alert Android Users of Security Bugs on Non-Pixel Phones appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/google-will-alert-android-users-of-security-bugs-on-non-pixel-phones/?utm_source=rss&utm_medium=rss&utm_campaign=google-will-alert-android-users-of-security-bugs-on-non-pixel-phones

Research Finds 450% Increase in Remote Employees Circumventing Security to Mask Online Habits or Steal Data

• 56% of companies say their remote workers actively bypassed security controls to obfuscate online activity
• 70% of the incidents included at least one attempt to circumvent a second security control to exfiltrate data without detection
• 72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them

New research shows that the shift to an almost fully remote workforce has significantly changed the behaviors of ‘trusted insiders’ in 2020. In a series of interviews with hundreds of businesses across a diverse range of industries, researchers found a 450% increase in employees circumventing security controls to intentionally mask online activities and a 230% increase in behaviors that indicate intent to steal data.

The post Research Finds 450% Increase in Remote Employees Circumventing Security to Mask Online Habits or Steal Data appeared first on Security Boulevard.

Read More

The post Research Finds 450% Increase in Remote Employees Circumventing Security to Mask Online Habits or Steal Data appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/research-finds-450-increase-in-remote-employees-circumventing-security-to-mask-online-habits-or-steal-data/?utm_source=rss&utm_medium=rss&utm_campaign=research-finds-450-increase-in-remote-employees-circumventing-security-to-mask-online-habits-or-steal-data

30 Ransomware Prevention Tips

Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. But paying the ransom doesn’t mean that your organization will get its affected data back. Let’s not forget that ransomware also continues to evolve as a threat category. Beginning in […]… Read More

The post 30 Ransomware Prevention Tips appeared first on The State of Security.

The post 30 Ransomware Prevention Tips appeared first on Security Boulevard.

Read More

The post 30 Ransomware Prevention Tips appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/30-ransomware-prevention-tips/?utm_source=rss&utm_medium=rss&utm_campaign=30-ransomware-prevention-tips

Modern Healthcare Tech Also Means Modern Security

Modernizing healthcare infrastructure also needs to include better ways to protect data Enterprises across a range of industries have digitally transformed over the years to upgrade business operations, realize higher growth potential and align better with emerging customer expectations. The healthcare industry in particular has been ahead of the curve and made dramatic changes over..

The post Modern Healthcare Tech Also Means Modern Security appeared first on Security Boulevard.

Read More

The post Modern Healthcare Tech Also Means Modern Security appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/modern-healthcare-tech-also-means-modern-security/?utm_source=rss&utm_medium=rss&utm_campaign=modern-healthcare-tech-also-means-modern-security

SMB Security: Backups Need to Include More Than Data

Mass remote work has created many challenges for cybersecurity, but while there is a lot of chatter about the rise in phishing attempts and concerns of data breaches and data privacy issues, there hasn’t been much said about the need for a solid disaster recovery plan for SMBs. Many SMBs understand the need for a..

The post SMB Security: Backups Need to Include More Than Data appeared first on Security Boulevard.

Read More

The post SMB Security: Backups Need to Include More Than Data appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/smb-security-backups-need-to-include-more-than-data/?utm_source=rss&utm_medium=rss&utm_campaign=smb-security-backups-need-to-include-more-than-data

More Hospital Ransomware Attacks, FBI’s Disinformation Warning, Android 11 Privacy Features

In episode 141 for October 5th 2020: Universal Health Services is the latest victim of a massive hospital ransomware attack, the FBI issues new warnings about false claims of hacked voter information, and the top Android 11 privacy and security features. ** Links mentioned on the show ** Large US hospital chain hobbled by Ryuk […]

The post More Hospital Ransomware Attacks, FBI’s Disinformation Warning, Android 11 Privacy Features appeared first on The Shared Security Show.

The post More Hospital Ransomware Attacks, FBI’s Disinformation Warning, Android 11 Privacy Features appeared first on Security Boulevard.

Read More

The post More Hospital Ransomware Attacks, FBI’s Disinformation Warning, Android 11 Privacy Features appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/more-hospital-ransomware-attacks-fbis-disinformation-warning-android-11-privacy-features/?utm_source=rss&utm_medium=rss&utm_campaign=more-hospital-ransomware-attacks-fbis-disinformation-warning-android-11-privacy-features

Tripwire Patch Priority Index for September 2020

Tripwire‘s September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions. Up first on the patch priority list this month is a very high priority vulnerability, which is called “Zerologon” and identified by CVE-2020-1472. It is an elevation of privilege vulnerability that exists due to a flaw in […]… Read More

The post Tripwire Patch Priority Index for September 2020 appeared first on The State of Security.

The post Tripwire Patch Priority Index for September 2020 appeared first on Security Boulevard.

Read More

The post Tripwire Patch Priority Index for September 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/tripwire-patch-priority-index-for-september-2020/?utm_source=rss&utm_medium=rss&utm_campaign=tripwire-patch-priority-index-for-september-2020

Zero Trust Architecture: What is NIST SP 800-207 all about?

“Doubt is an unpleasant condition, but certainty is an absurd one.” Whilst I claim no particular knowledge of the eighteenth-century philosopher Voltaire, the quote above (which I admit to randomly stumbling upon in a completely unrelated book) stuck in my mind as a fitting way to consider the shift from traditional, perimeter-focused ’network security’ thinking […]… Read More

The post Zero Trust Architecture: What is NIST SP 800-207 all about? appeared first on The State of Security.

The post Zero Trust Architecture: What is NIST SP 800-207 all about? appeared first on Security Boulevard.

Read More

The post Zero Trust Architecture: What is NIST SP 800-207 all about? appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/zero-trust-architecture-what-is-nist-sp-800-207-all-about/?utm_source=rss&utm_medium=rss&utm_campaign=zero-trust-architecture-what-is-nist-sp-800-207-all-about

ISC Stormcast For Monday, October 5th 2020 https://isc.sans.edu/podcastdetail.html?id=7194, (Mon, Oct 5th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, October 5th 2020 https://isc.sans.edu/podcastdetail.html?id=7194, (Mon, Oct 5th) appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/isc-stormcast-for-monday-october-5th-2020-https-isc-sans-edu-podcastdetail-htmlid7194-mon-oct-5th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-october-5th-2020-https-isc-sans-edu-podcastdetail-htmlid7194-mon-oct-5th

ESB-2020.3438 – [Appliance] HPE IP Console Switch G2: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3438
      HPE IP Console Switch G2 - Remote Stored XSS and Code Injection
                              5 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           HPE IP Console Switch G2
Publisher:         Hewlett-Packard
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Cross-site Scripting            -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-24628 CVE-2020-24627 

Original Bulletin: 
   https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04044en_us

- --------------------------BEGIN INCLUDED TEXT--------------------

SECURITY BULLETIN

Document ID: hpesbhf04044en_us

Version: 2
HPESBHF04044 rev.2 - HPE IP Console Switch G2 4x1Ex32, Remote Stored XSS and Code Injection.

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2020-09-30

Last Updated: 2020-10-02

Potential Security Impact: Remote: script injection, persistent cross site scripting

Source: Hewlett Packard Enterprise, HPE Product Security Response Team

VULNERABILITY SUMMARY

A potential security vulnerability has been identified in HPE IP Console Switch G2 4x1Ex32. The vulnerability could be remotely exploited to allow Stored XSS, code injection.
References:

    CVE-2020-24627 - Stored XSS
    CVE-2020-24628 - Remote Code Injection

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE KVM IP Console Switches G2 4x1Ex32 Prior to 2.8.3

BACKGROUND
HPE calculates CVSS using CVSS Version 3.1. If the score is provided from NIST, we will display Version 2.0, 3.0, or 3.1 as provided from NVD.

Reference
        
CVE-2020-24627

V3 Vector       
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

V3 Base Score   
9.0

V2 Vector       
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

V2 Base Score   
9.0


CVE-2020-24628

V3 Vector       
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

V3 Base Score   
9.0
        
V2 Vector       
(AV:N/AC:L/Au:S/C:C/I:C/A:C)

V2 Base Score   
9.0


Information on CVSS is documented in HPE Customer Notice: HPSN-2008-002

Hewlett Packard Enterprise acknowledges Nikita Medvedev from gazprombank.ru for reporting this issue to security-alert@hpe.com.
RESOLUTION

HPE has made the following software updates and mitigation information to resolve the vulnerability in HPE IP Console Switch G2 4x1Ex32 to resolve this issue.

    This issue is addressed in HPE IP Console Switch G2 firmware version 2.8.3 available on HPE Support Center

    https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_67a8c59f12de409a90ffc2fd7c

HISTORY

    Version:1 (rev.1) - 1 October 2020 Initial release
    Version:2 (rev.2) - 1 October 2020 corrected reporter information

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3pqR+NLKJtyKPYoAQgq7hAAiI9zX1nsY3WWfyydae5Z9/m8OPxOwEWD
t+aJYyUHlPiST4VWrvIZK+dVcjA6V8zlf5BBwQ+HuOzYt294biBStfdYka/7mDCA
IM7s3yRzAiik4hcWxU5LDunhUeo3XK2jYZQbvCZ1yI2k7X6QsQRtI9Tfr35XAqTK
Pl5hLTWeM5LbuCOz1OqW1uML80BvGQefAGcmCXepcW5L3C5PsODqSVCzdFNKq72O
r6S9B11Cq5GaE9qO2IaqYWhWlz3K00IaZGuVvJ/1U9L/+jmFbBaO8xv+AxohFGm9
gi9LO7Jd2bAYaOGmMrUE/T+L45OfU8vrrgiY9A7pGRcsdxzHrUQQZMW1shY5+lq+
LAtrl4jcpC/hNYK6v44z5+GHFKBKDuiq/AzuSrzMG4+ozXhPEYj3/ow8gpBcOghS
LSOsPXp8gT36VLyBaRjT3X+84s0YMvmjEAMYm1L6yD11FcdqfutOfyG8S+UUoRan
zzz58vaXRuKLmVId4Pk7wMCypJs4fLHP/xXMrWOr5KJA/tpSIjZCwNXkixSsJHrS
EVNZGSuXN/w7PtbdybtJwAXBNGHXzm+i+Nn9Az7GnB4k0EOdOkawWkpZPVhNiqOs
U1BF0zcATxPouwfdDc8SAcNdwoQFnaGA2VKLELn7kg5V9dwbwV/Ar8gGFduKFHFX
D9h4dUeGsbg=
=lD9B
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3438 – [Appliance] HPE IP Console Switch G2: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/esb-2020-3438-appliance-hpe-ip-console-switch-g2-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3438-appliance-hpe-ip-console-switch-g2-multiple-vulnerabilities

ESB-2020.3437 – [Debian] xen: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3437
                            xen security update
                              5 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         Debian
Operating System:  Debian GNU/Linux 10
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25604 CVE-2020-25603 CVE-2020-25602
                   CVE-2020-25601 CVE-2020-25600 CVE-2020-25599
                   CVE-2020-25597 CVE-2020-25596 CVE-2020-25595

Reference:         ESB-2020.3259
                   ESB-2020.3251

Original Bulletin: 
   https://www.debian.org/security/2020/dsa-4769

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4769-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 02, 2020                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : xen
CVE ID         : CVE-2020-25595 CVE-2020-25596 CVE-2020-25597
                 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601
                 CVE-2020-25602 CVE-2020-25603 CVE-2020-25604

Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in denial of service, guest-to-host privilege
escalation or information leaks.

For the stable distribution (buster), these problems have been fixed in
version 4.11.4+37-g3263f257ca-1.

We recommend that you upgrade your xen packages.

For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl93YAEACgkQEMKTtsN8
TjY0MBAAhNI5m2Xr0uDfEROtBWOy5om8CNYJRnOH4cm4f6Nx9uCvNUDU+AvhS3Bk
67nVTbpJe6IP7jtYHh2YuIuJIz0iCbSxPrW5wlytA/HKnrqfFITD2SgwvQx4ncZU
iiJOn/LWDwxfsAMjZk01TboPEoefzOa8PsxprTUmfpbdCfr9uctQ6VMqDJGbQuTb
YZoNBn9p38t37HgI3JN2r43LXXawR9HU30NwTnL9H2ffRu/Rqz7aA+7sCjjbgJ85
7gEHix+lBvQmEc8qd6f/JkhSu1TCxvslL6MdGcCj9kYecW7g0Rme7A+TtEfdrfnK
zpKcoSDsp3VZUGvP4pV8aQ+ByV8A4CgCKJ9wchkwWNRCgDZaB/hn1FLSIG47cvAL
qOL/2cO456ZGtCadjYeO3JIKUlQtjwZafc5NRtI52YB13ZVQBblu2u+msnKkg7VD
Ba9P7M9QwWM37DmFwjyhxvWj52I/VLHZ4jsx2giRY+QhZ/FilkO1G3esBPVVtcrk
jReijuSE4r/7q9iwPsdAj03UevSzah/3kY2ZlNolQkBQcVUgXQluWuImBO3Fvn50
grFSMJTnrxfjcj3pLFEgHw7p+CJEM2Tv1a3QnoO6iQS0EH1tAnFUk3bHIvYg1fNk
o2jnKeLe9sUhtr3GXEhu3wv3eOq7zyg0IoocCo/tAOkl9bgWyI4=
=po/H
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3pjY+NLKJtyKPYoAQjzAg//Y50luRqf+KBbw9Jzqktt/v0/CJ+cx+51
TixmEgr4VxFA9eil78oh5P8g/Af66Pq/dknU1fu5rkbKdSpA2ZOjPVOnod0i5dCm
vSYu9ApocJDQXb+AYoq2hbcuhjG2qJ4n76RZlBuJ4IGuX7zU50YrGlwTYrQkjxOo
whfm5bO4Buxzq7T7YLGUd0C9c9P5M0v9Lv08dx5PJh/p65XQ4cYjl99uyNuqb1wm
bza11oVgvKH+q5/i+6hbqnXwTaTaPVMRmFo1NIlCkQHhKTC3eTrRVwmLrbP4kUaJ
Yq4fhHh418iYdfshllJtj4UrocL3i8DnB5PTFjqRvO6wtYTDMLndCTvbpP7jwqCq
yKFT0bwOci3srOTNbjM+dfGTMcETAYC1ukg1DyFkaIk2ShGjmOFM3kagjmCDw3te
DOFaaMH2iYriVH6XFQgBbxs1hLxjWDCL2wWWMba2QQsLob4UxXZeZKCQBIQQBdac
DR/j+gBffTOTum+Hs6bWD4B45/esszBzAplJ+rYYfYbon2+8vddPuWaaU2XKsctq
0St97Aq06IqrlkJ84QXDmauBsn+q7QSS/RR912SDvL085r4iLWaeLW4/z4x4QnqK
AzXbKtuH1u38aRZAEhSrA04/C5DqKpwJ6YsovSUvsHof50JK4qWSF4KKUGlZlv4n
YO0uILG8GGE=
=El3C
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3437 – [Debian] xen: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/esb-2020-3437-debian-xen-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3437-debian-xen-multiple-vulnerabilities

ESB-2020.3436 – [Win][UNIX/Linux][Debian] snmptt: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3436
                          snmptt security update
                              5 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           snmptt
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-24361  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/10/msg00006.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running snmptt check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2393-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
October 01, 2020                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : snmptt
Version        : 1.4-1+deb9u1
CVE ID         : CVE-2020-24361

It was found that SNMP Trap Translator does not drop privileges as
configured and does not properly escape shell commands in certain
functions. A remote attacker, by sending a malicious crafted SNMP trap,
could possibly execute arbitrary shell code with the privileges of the
process or cause a Denial of Service condition.

For Debian 9 stretch, this problem has been fixed in version
1.4-1+deb9u1.

We recommend that you upgrade your snmptt packages.

For the detailed security status of snmptt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/snmptt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl93bQEACgkQhj1N8u2c
KO9knQ/9HwMgeN0a1W8Q2fwKz/G1yuBIvjYtrUE8Xeqi3rdPWGc4rTtiN8qKUSrD
wBX+gy8KjIpR/DfFztxqE3OaWhRZV4PoLJlaWFtisxGgaMWvXPBKzsH0AI8Rx0xz
6F2JtGjUyePKFEFMkTvIHEKwmTXIBMBJdDIrh8qUtcxTlKBZWk4s4wUUPTjlfo5u
d17wG2WGxH/oJP8ljkWsemf2+GZrI9iydMHq5rHeWlMtU18t9SoLLl05EX2SPCUA
cVN2wFryxOAbAf6QMiLvMb3gQPLjZi19sZCFC8r+YgwoO6GSqFAMK/owC6bwMdYE
p+Uf12Surwo5xK9b0CBr04TYFtUJnsWSh9E7uh1qGVw5pm7OSfmv/2lKSqz+z0ar
d9JKnBFhjifGYBhw8Bli6iFfi47o8YgSSChGYs221MxLywqaaL27DI3znjPjs194
tVQoV+AEZ07KHPffVzk13r/xU+gTh4muyAb42p85IKhh48wqC6whpjYIM7heosbs
kXgzHutpLGgmkPRxrj/E5ij2UN01pINMQ2jy2rTCvtfoF6yBdiuzwxOz1o5TJDhg
DRyyThBUmZQP6gk3R/mpYlKXbWQaCtHBtOAFk5XsOyJ7Lg3ecrvQTnXXgrRrF59K
AClEcUxhoA9kik7duv+u3G/AtCLVq12ouPDYqbHtERQ8rsxlQgE=
=z42s
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3piZeNLKJtyKPYoAQh/9hAArFxp5rMv0yJnQEAdusK3pF3jeObyCI0A
JMUxinMedXeOT7SNcQYhb2IJ6hPwT7Amyef62LWA3SJyDSEPVquI3lI4hufw+q2i
SWLjjPEx38sg8cWX2R3h/SyF8UBBMoM1RDXhHoSHanKyYnBgiMZaYW6B8J1KsFuf
Okacea7z3YhYQjkc4OCE6vu2yiwYZojVsqzU7AdBcmGwBHk5U5iJxnRgDb+u5P6q
TTKcjh7nUotBJQx3VM/ckBJXTOhZKBKEWLZSwQPyxGJp/po+Xpi5xfZrBinVsngM
kMiP5S3zz+KC8436Hdg09Y0Nbxp5HGJLw+MwTSgCP9I2eXxh+pu5+3TDAfJISxWz
2HFs/nijB8NQBzlQC5MMxwhzwglxKEBkYJsGMpnlP9pNCpc1p8QRsoI9litpY8rl
LW0UvQ6k10AssdEnIGQf80RSaRg97XsU/smRv40rDO+HIMMk8FNSx5gDNmQAXf+M
4uOJhapzOmUC+I466WPAbpDBiOm9pfcwiLWSknPvhaoNLs5U492awRi79rHbkfnn
JRFfiW+hkML1XMZXsoJFiUnRBvkJ2x7I0jtOjoBFeOWkv32CBP96iAbOuiBcTPTj
RdL95rhssFV5qok4nCDpLzsvhBAG8c/JFBl9jxBfaBfLO99vxyVnPkgGdZD3RxgO
hsluoSqDn8U=
=4spv
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3436 – [Win][UNIX/Linux][Debian] snmptt: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/esb-2020-3436-winunix-linuxdebian-snmptt-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3436-winunix-linuxdebian-snmptt-multiple-vulnerabilities

ESB-2020.3435 – [Debian] squid3: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3435
                          squid3 security update
                              5 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           squid3
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Denial of Service              -- Remote/Unauthenticated
                   Provide Misleading Information -- Existing Account      
                   Access Confidential Data       -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-24606 CVE-2020-15811 CVE-2020-15810
                   CVE-2020-15049  

Reference:         ESB-2020.3406
                   ESB-2020.3333
                   ESB-2020.2953

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2394-1               debian-lts@lists.debian.org
https://www.debian.org/lts/security/                     Markus Koschany
October 02, 2020                             https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : squid3
Version        : 3.5.23-5+deb9u5
CVE ID         : CVE-2020-15049 CVE-2020-15810 CVE-2020-15811
                 CVE-2020-24606

Several security vulnerabilities have been discovered in Squid, a high-
performance proxy caching server for web clients.

CVE-2020-15049

    An issue was discovered in http/ContentLengthInterpreter.cc in
    Squid. A Request Smuggling and Poisoning attack can succeed against
    the HTTP cache. The client sends an HTTP request with a Content-
    Length header containing "+ "-" or an uncommon shell whitespace
    character prefix to the length field-value.
    This update also includes several other improvements to the
    HttpHeader parsing code.

CVE-2020-15810 and CVE-2020-15811

    Due to incorrect data validation, HTTP Request Smuggling attacks may
    succeed against HTTP and HTTPS traffic. This leads to cache
    poisoning and allows any client, including browser scripts, to
    bypass local security and poison the proxy cache and any downstream
    caches with content from an arbitrary source. When configured for
    relaxed header parsing (the default), Squid relays headers
    containing whitespace characters to upstream servers. When this
    occurs as a prefix to a Content-Length header, the frame length
    specified will be ignored by Squid (allowing for a conflicting
    length to be used from another Content-Length header) but relayed
    upstream.

CVE-2020-24606

    Squid allows a trusted peer to perform Denial of Service by
    consuming all available CPU cycles during handling of a crafted
    Cache Digest response message. This only occurs when cache_peer is
    used with the cache digests feature. The problem exists because
    peerDigestHandleReply() livelocking in peer_digest.cc mishandles
    EOF.

For Debian 9 stretch, these problems have been fixed in version
3.5.23-5+deb9u5.

We recommend that you upgrade your squid3 packages.

For the detailed security status of squid3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squid3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl93VYJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRB4RAAnMkxntLAy3KNZMapnySzAZ9IzEHxWAeJagONiGY0cFu7JEj97h+m/ZBi
go2L1hSRpCtnOyr3xEWwbmGsdq6LI3YffabxWLhMxNqDMeGtRhitZB6k+pSwwRtV
jt3jc7WNFFyPee8Y0EAbG1x0kEDubU4JZ7p1W8iWb9GpX1xNMQxFxz4iwThogXke
ghWGYfamXKd/QcNnh7mpa7JA6xmCXWAFgVzUJvHWIfpZ5CazCIeos2kbbz6p2YSG
URgu3dPaOoXQmrqwNrn9SpoaIgPD8RYnYtjL2i4bGMkp+ktonEad4ebDuhFHzP6p
500PMTBFPnSvw60HdIuN9BBPMedX5B4sQUwgLAYQCWvofFpHQaLpUgVxFRNLvCMe
WDROyUFBE92wdIvixZxhLQ1dirlL6L8GtpT9X54HtCK/GqGiV5lASrDPso1VTwmz
pAkK3Pjci3+2mNrFq9FjZP61pJVmb3AoSUA0xvi6JvAchKvxcoK6GYJ8cp0JI4b4
V6JzOJKrNW2r+TYEEuiW4LRCOeyaD7dFgByN4OQqdwOP0SvdAV0IDTpClroaiJjb
JeYe+8Qcj0ZVvTPG4mAc6X9BwfL9nv44Xb/taQF+FhbItnM9dp8RN1rE8Et1J4Jn
NMjJDi1t9gvolW6SJE9w26LCVein+v4dHeS1NaGCTY49+lDH9gU=
=xL+x
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3paZeNLKJtyKPYoAQhyeg/9GjATttoN/ALa0gzYgUXpxnDHhlot4fHY
5L8emY8gqrxg3+wwKFXuceR4yg6Wm5xOkq7GOurWz2K4kAJ2ABbKSf3e0OlwH/zb
j7hl3lKiDi7qtJkAkiqQP53MWRynoHnru2qJR3ShmdmaRCV0mhWdKGIVj8Tp9mgk
Ulg2r+I0nzXf+wPUIziQ0dq4dISu3w+HMrxAQLMGV3GUVlZvNB6INohl3Jwzttr3
rWRWU17iFi5/85ojjCLCq++0G0Mwp2efHNApRbn0HY/aZ0vtF6TvnwwnHFKjtJKO
/n/VgUouCXd8Ghb/09KJfB1ay5jgMN3NmR/YNygS1nPzsKDFkYQGPGKFJKdCgAYN
KVbUZ9NCDTYmYyhLfwGNhbGveIu7KM57mXmkQLvpErvKYmO/baN2lrOkWwLG2n4X
qrVW3PPhGgQ4wuzMI5FI1cELdAkRFPQJaqD3SzsOrJ8AVYU3XCz51ym06RCbxcjK
xA3W/fxHQrKv1aR0s8sBz3Cdq/LUFJfVO8xp10Ss+bHbQZWZ51A1lhjtvJgFF5kZ
Mo138mfbXMcOlWH1s7G3Eg67zJBx5ZaJ2hLAzCN8w814kLOGeXUdBRgsnqLjADy/
F/WNv2gblwJ3eprMqpd95o369IfzvGX7PLwEI/TfI+YVXVe90sXDR1/1XVOfZqVZ
jHfLm+ur6/c=
=4zWN
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3435 – [Debian] squid3: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/esb-2020-3435-debian-squid3-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3435-debian-squid3-multiple-vulnerabilities

ESB-2020.3434 – [UNIX/Linux][Debian] libvirt: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3434
                          libvirt security update
                              5 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libvirt
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25637  

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2395

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running libvirt check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2395-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                  Roberto C. S=E1nchez
October 02, 2020                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libvirt
Version        : 3.0.0-4+deb9u5
CVE ID         : CVE-2020-25637
Debian Bug     : 971555

A double free vulnerability was discovered in libvirt, a toolkit to
interact with the virtualization capabilities of recent versions of
Linux (and other OSes).

For Debian 9 stretch, this problem has been fixed in version
3.0.0-4+deb9u5.

We recommend that you upgrade your libvirt packages.

For the detailed security status of libvirt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvirt

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl93QfgACgkQLNd4Xt2n
sg8DEBAAkeKv1LKTnvAHIym0wOxFSR42XWytKimJGEC0MlTLcbnOjhUM/GOtkahk
q/uhCaJThxMpAEC73vsY7Uswi1lkjtErahYYbIXh+d/KpLC5ikGAYBZGqK+cKOLe
7lv9vtIv5yvcjQ5PTMcIS0dbqFNUmz1Q65Zu/FynmgtKiq4h6fuxbM6VtaPe4UNT
JSJ/vwTVif+rG3hP+SMg7nndeTv+mKr3uGxEz5DZnm7i33LrLjy8Rx6CdQpAOVIY
n2mCPMpHYq0UIE1xIAP17G/L0mCnCNwwq+feKBaNonhPAQ29aQEFRWE1nSacvFD8
Z9SESGnf+YnwRsSOitV5h1HRQgKDfFQI9zu6UpB5sFqFj+9SV+p3tvmTvGBu3u1/
LNTcYua7Qc5/Q1AyAiK4G6a3wwVbo7ktkZc+l/HO942gwfKij9z4RLVrjBdrkfVY
y5CYMaxahtPYBmU2HZAY12qd41fUUONvPY9OlHjnTXFA/w/444rqSgSvJNFr+i21
kA0wCClbntCNokMRlekcGqZknQ/NGxydagXY6s5cC1zn7Jz/VZv42RibrwZptkr7
MiA2VDbBsR6jt48B6KH/slwSAZKX3koom7LOHGcdSWch5UF/2WSU+0uewB2cBbdB
QdjR6shUyj/ow1D5trA116B2f+EU+W8cx8v6wL3LHUb52N1UfnM=
=qz29
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3pX1+NLKJtyKPYoAQi1UBAAgDlvD2KZ3wZHCi+GZDSCLicnWRQbHsxf
yG8TXpvdLptzYSffaYrYvKORB+MNUdSVcQxygRcrqr2d4EiBUrHsb6qn82ETI7ea
/wo3piPFK7Mk3oYQhCfmOq5e6h9vPwGJKa+9upkJq6laYY3LVDIB1BD6QaoGPQfW
MiOrBTyriWWeF1J+FSYhefOLsB56Sp8LLZrxndvMZpE3+LyD9Nyb+A8ulOjCzIZU
BO8fkSN/FfFI3/zMNPfJqpvM4oyOL/uhTdGy50qs+yMBFROxnmV4ejl2grfb4IBo
nBR+AqmQSbZwLArYd+MrmFkEIvnFOE1ci43H8pfaTUZ5SmA7AlXtZqGdVpvhrG6h
xY0sWNSoNkjE10zNffT8skRHSAL1QcwIXlRSP9MbXt3ElAGkiI0E6BY2Im3w8nWw
992A9XMIZGPxpdNtWyV9G93262AusIYJjXaEmBH5/672ObTiuhaJxMoNzWyi51xp
cl7+kp7WpvlTyPl9lSmaJ026QC7lALh5fffVywUzCD5DKHBpfGrMBcalIzX6FUVV
f/J6XBVfxkrEXvlECqYZ8XVvD/6gx/alAMWkyYD7a/5DPrQRewIEEYU9ar9lXZht
0G4Tqewcxjg9JCDnVCp+etN8Swll0WHFxx8rJj6HrWj9xc92BmFF07oAYs8eGkvJ
0XFELBmIlsY=
=QBlw
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3434 – [UNIX/Linux][Debian] libvirt: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/esb-2020-3434-unix-linuxdebian-libvirt-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3434-unix-linuxdebian-libvirt-multiple-vulnerabilities

ESB-2020.3433 – [Win][UNIX/Linux] ruby: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3433
         Ruby - Potential HTTP Request Smuggling Vulnerability in
                         WEBrick (CVE-2020-25613)
                              5 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ruby
Publisher:         Ruby
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Unauthorised Access -- Existing Account
                   Reduced Security    -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25613  

Reference:         ESB-2020.3430

Original Bulletin: 
   https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/

- --------------------------BEGIN INCLUDED TEXT--------------------

CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick

Posted by mame on 29 Sep 2020

A potential HTTP request smuggling vulnerability in WEBrick was reported. This
vulnerability has been assigned the CVE idenfitifer CVE-2020-25613. We strongly
recommend upgrading the webrick gem.

Details

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may
lead to inconsistent interpretation between WEBrick and some HTTP proxy
servers, which may allow the attacker to "smuggle" a request. See CWE-444 in
detail.

Please update the webrick gem to version 1.6.1 or later. You can use gem update
webrick to update it. If you are using bundler, please add gem "webrick", ">=
1.6.1" to your Gemfile.

Affected versions

  o webrick gem 1.6.0 or prior
  o bundled versions of webrick in ruby 2.7.1 or prior
  o bundled versions of webrick in ruby 2.6.6 or prior
  o bundled versions of webrick in ruby 2.5.8 or prior

Credits

Thanks to piao for discovering this issue.

History

  o Originally published at 2020-09-29 06:30:00 (UTC)

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3pWrONLKJtyKPYoAQgAHA/+L0Q3c+9Iv8cDthvq+yTe6zoSY+ENYCkf
v2WTj/CmrTRaUW15i4kaDDIKqee7LkWxNHRsw1FlgUqbYLLktC882z01E/zBFrz2
QFEHvlnY3RQz5qXrDYxNltDvD920UVeQ05GqQ/1lLssu2fvi5NCp7UWcrPtmcqpx
Tau8nQcur65PeqatHTzvCULHRpaRSyiq/Ee6C1Mtw2PMvtE9Kd4AeVc3NShKY0Ax
1Mi3OS/MS4pHcDp+cEOjnNr7Qno1RJWSbd9QC5LHbb6Vw9bxN/lCGECrqG7k6BtE
iWrZGRQzFBYJwW/xTsSTIf0GxHQHudxEwr3H1s8avYAOl+wdH7DJzp1Hc1pe6LI/
R58froVCALQbmwrMKNugxKIxnI+hCJXiWGypFkZpngCXBarc+qbRBTtJsqGQ7CSm
82TbIWE4DpD76rYEJBCSCpWGpK7OTmMg5YMaACsYpAteFBMGFe/NBnIeti6p6eFi
JGw3q6ZOCIZIk6lJDTv6XTELq+6C5g5jeDRHlMMgJuobtgLah/bLkNiwepKTjO0Y
JU2Lz6xkPmMRK4hY4o6QPgWDk184EynNyCbkaDkgMtYmwODIOjcAf1yc7oxXaSfd
OAe9Fh59YnC/soyCGmWesDldbCbk4ZQI25tGIR5IGZLdahbsO0AuEoHv4tlycCk8
ALRvV4t4OSs=
=q4/p
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3433 – [Win][UNIX/Linux] ruby: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/esb-2020-3433-winunix-linux-ruby-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3433-winunix-linux-ruby-multiple-vulnerabilities

ESB-2020.3432 – [Win] IBM Security Access Manager: Access confidential data – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3432
         IBM Security Access Manager for Enterprise Single Sign-On
                       vulnerability (CVE-2020-4576)
                              5 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Security Access Manager
Publisher:         IBM
Operating System:  Windows
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-4576  

Reference:         ESB-2020.3422

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6340511

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2020-4576)

Security Bulletin

Summary

IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions

IBM Security Access Manager for Enterprise Single Sign-On 8.2.0, 8.2.1, 8.2.2

Remediation/Fixes
 
Principal Product and Version(s)        Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Security Access Manager for Enterprise Single Sign-On 8.2.0 IBM WebSphere Application Server 7.0    Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4576)
IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 IBM WebSphere Application Server 7.0, 8.5       Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4576)
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM WebSphere Application Server 8.5    Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4576)
 

Workarounds and Mitigations

None

Change History

01 Oct 2020: Initial Publication

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX3pUPONLKJtyKPYoAQhq2xAAszUCbApPXrkAfmT/Cjqojhkj2HtwdTZs
L4VG/43skptUqo0td8fsZZ2VcCA1oCsELIhCP6aMQiA0xrFCd0LZr7ZKR7glQ5wF
GYPc3spRnDxkOEfks38vOepc8EJy71PqzC1z2O/NwKJwe+ZfMkWqG1juy07+ZC/e
VG4ZjQN/jZ76Di5aMlrxJRubDAwXeke9QoTmzZfXnqnLpvloB7BvNIBa+TL4edAw
P8uSmLSiKan4/K+Lge6/hDjNnKOVtD6GZ0p8RSsoCjheCfanqudi1AqkgijnebGJ
8hrZk6coHup0ELWFiWr8qsYhXcIjHk4tI5PFAueMfThsLSglSA18B6ln0o8+Veiy
0426soRTX36FqZrI1DdwY0i9mYC1Cw3uVlYE5MfHy0nvIIH8dlSMI1N8RyhEZXzU
C9XTvPRo/vOOIlX/0l7tdFeewDyTVPK96zuNQNNqT3Nnpw81hCMhw+ZDu+D2hlOF
FClgDM+Hj6bmWo7YuNG0G7DBwcSCD7XMeK8ei46tSWSlJfUbyV69gFDsux+3pTNH
mCBiHEBFIc1AhxBQafM+/H4+aIrgkZSHG87+qrxGgC2X8xzA6kWyN7bCDet+Yse6
VpYQnC2ZiYn2XhZ/WTVKBcGtIvs3Uq+BAFvhc6o275NWR3l6xqSw2YjtU1+ByzOm
WX0tVtmuxww=
=iqCV
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3432 – [Win] IBM Security Access Manager: Access confidential data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/05/esb-2020-3432-win-ibm-security-access-manager-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3432-win-ibm-security-access-manager-access-confidential-data-remote-unauthenticated