Barnes & Noble Warns Customers About Data Breach

Subscribe to Newsletters

Webinar Archives

White Papers

InformationWeek & Network Computing Report Round Up

Osterman Research: Cyber Crisis Response – Fit For Today’s Threat Landscape?

[Dark Reading Report] Building an Effective Cybersecurity Incident Response Team

Vulnerability Management for Financial Companies

How to Choose the Right TLS/SSL Certificate

More White Papers

Video

All Videos

Cartoon

Latest Comment: I’m done with Technology tonight. The bed won’t go up so I’m using pillows, the Kindle is locked up so I’m reading an actual book and …

Cartoon Archive

Current Issue

Special Report: Computing’s New NormalThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Back Issues | Must Reads

Flash Poll

All Polls

How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world — and enterprise computing — on end. Here’s a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-25858
PUBLISHED: 2020-10-15

The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denia…

CVE-2020-25859
PUBLISHED: 2020-10-15

The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI…

CVE-2019-12411
PUBLISHED: 2020-10-15

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2020-11637
PUBLISHED: 2020-10-15

A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.

CVE-2020-13939
PUBLISHED: 2020-10-15

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

The post Barnes & Noble Warns Customers About Data Breach appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/barnes-noble-warns-customers-about-data-breach/?utm_source=rss&utm_medium=rss&utm_campaign=barnes-noble-warns-customers-about-data-breach

Patch Tuesday Update – October 2020

It’s that time again… Patch Tuesday! Some good news finally. This is the first month in the past 8 that we’ve had less than 100 CVE’s released. This month’s list of 87 includes 11 critical vulnerabilities (down from 23 last month) with the typical variety of OS, software, and browser-based flaws. There is one scary …

Read More

The post Patch Tuesday Update – October 2020 appeared first on Security Boulevard.

Read More

The post Patch Tuesday Update – October 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/patch-tuesday-update-october-2020/?utm_source=rss&utm_medium=rss&utm_campaign=patch-tuesday-update-october-2020

ESB-2020.3553 – [Juniper] Junos OS: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3553
JSA11047 - 2020-10 Security Bulletin: FreeBSD-SA-19:20.bsnmp : Insufficient
        message length validation in bsnmp library (CVE-2019-5610)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-5610  

Reference:         ESB-2019.3031.2

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11047

- --------------------------BEGIN INCLUDED TEXT--------------------

2020-10 Security Bulletin: FreeBSD-SA-19:20.bsnmp : 
Insufficient message length validation in bsnmp library (CVE-2019-5610)

Article ID  : JSA11047
Last Updated: 14 Oct 2020
Version     : 1.0

Product Affected:
This issue affects Junos OS 15.1, 16.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2,
18.2X75, 18.3, 18.4, 19.1, 19.2, 19.3.
Problem:

The bsnmp software library is a SNMP (Simple Network Management Protocol)
implementation included with Juniper Networks Junos OS for the snmpd process.

A programming error allows a remote user to read unrelated data or trigger a
snmpd process crash.

This issue affects Juniper Networks Junos OS

  o 15.1 versions prior to 15.1R7-S7;
  o 16.1 versions prior to 16.1R7-S8;
  o 17.2 versions prior to 17.2R3-S4;
  o 17.2X75 versions prior to 17.2X75-D45;
  o 17.3 versions prior to 17.3R3-S8;
  o 17.4 versions prior to 17.4R2-S12, 17.4R3-S3;
  o 18.1 versions prior to 18.1R3-S9;
  o 18.2 versions prior to 18.2R3-S6;
  o 18.2X75 versions prior to 18.2X75-D34, 18.2X75-D420, 18.2X75-D53,
    18.2X75-D60;
  o 18.3 versions prior to 18.3R2-S3, 18.3R3-S1;
  o 18.4 versions prior to 18.4R1-S5, 18.4R2-S5, 18.4R3;
  o 19.1 versions prior to 19.1R1-S4, 19.1R2-S2, 19.1R3;
  o 19.2 versions prior to 19.2R1-S5, 19.2R2;
  o 19.3 versions prior to 19.3R2.

This issue does not affect Junos OS with FreeBSD 6, for example Junos OS
15.1X49.

To verifiy which FreeBSD version is used in Junos OS, the administrator can use
the following commands:

user&device> start shell
% sysctl kern.osreldate
kern.osreldate: 601000  start shell
% sysctl kern.osreldate
kern.osreldate: 1001510 

Read More

The post ESB-2020.3553 – [Juniper] Junos OS: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/esb-2020-3553-juniper-junos-os-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3553-juniper-junos-os-multiple-vulnerabilities

ESB-2020.3551 – [Juniper] MX series/EX9200 Series running Junos OS: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3551
 JSA11062 - 2020-10 Security Bulletin: Junos OS: MX series/EX9200 Series:
      IPv6 DDoS protection does not work as expected. (CVE-2020-1665)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
                   MX series
                   EX9200 Series
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1665  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11062

- --------------------------BEGIN INCLUDED TEXT--------------------

2020-10 Security Bulletin: Junos OS: MX series/EX9200 Series: 
IPv6 DDoS protection does not work as expected. (CVE-2020-1665)

Article ID  : JSA11062
Last Updated: 14 Oct 2020
Version     : 2.0

Product Affected:
This issue affects Junos OS 17.2, 17.2X75, 17.3, 17.4, 18.2, 18.2X75, 18.3.
Affected platforms: MX series/EX9200 Series.
Problem:

On Juniper Networks MX Series and EX9200 Series, in a certain condition the
IPv6 Distributed Denial of Service (DDoS) protection might not take affect when
it reaches the threshold condition.

The DDoS protection allows the device to continue to function while it is under
DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC
Concentrator (FPC) during the DDoS attack.

When this issue occurs, the RE and/or the FPC can become overwhelmed, which
could disrupt network protocol operations and/or interrupt traffic.

This issue does not affect IPv4 DDoS protection.

This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet
Forwarding Engines).

Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs.

This issue affects Juniper Networks Junos OS on MX series and EX9200 Series:

  o 17.2 versions prior to 17.2R3-S4;
  o 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110;
  o 17.3 versions prior to 17.3R3-S8;
  o 17.4 versions prior to 17.4R2-S11, 17.4R3-S2;
  o 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3;
  o 18.2X75 versions prior to 18.2X75-D30;
  o 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.

The DDoS feature is enabled by default, there is no specific config stanza
required to enable DDoS protection, however it can be manually disabled.

To check if DDOS protection is enabled, the administrator can issue the
following command:

user@host> show ddos-protection statistics
DDOS protection global statistics:
Policing on routing engine: Yes
Policing on FPC: Yes

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was found during internal product security testing or research.

This issue has been assigned CVE-2020-1665 .

Solution:

The following software releases have been updated to resolve this specific
issue: Junos OS 17.2R3-S4, 17.2X75-D102, 17.2X75-D110, 17.3R3-S8, 17.4R2-S11,
17.4R3-S2, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2X75-D30, 18.3R2-S4, 18.3R3-S2,
18.4R1, and all subsequent releases.

This issue is being tracked as 1377899 .

Workaround:

There are no viable workarounds for this issue.

Implementation:
Software releases or updates are available for download at https://
www.juniper.net/support/downloads/ .
Modification History:
2020-10-14: Initial Publication
CVSS Score:
5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4e/vONLKJtyKPYoAQgq5Q/+MxRQdBuRZ2sip467SEE8gDbNenEqSw4E
9Ud9gvSQcpvK/JmvwI80kgJVuDz/xFOJ4b5x6bODjIonGZN5UztiYy3wNAsoaRiP
B68Qa2bNdCZy2L2vIIRHz8wLEywA+QpbolB+MACUU2S1itKta7j69sox2yNn2F/Q
pEcYUb83MqchBINq1qTpGyHYc29/SwGxA08aeBKglmq5gm2wxzp8FxNE6d2ZyREG
6Dr6RB+5ZF/mIJ5AKdcgrn/O/hDWD64qteghIL173A5rA1rsjpxc8WHh0Cpfxc6l
XxRNbdjFLoQaZMuHQqQvre03ITs1W+kjEpP/C3fM1/NKl9W5CkHLcV1Dw6S2HwZn
HvM26c0bbVPSsElk+lkK3FUiXHQX71UEarVxTbTUVH+X/BHMIMRc4Tjswp8YCAoO
MDFhv9EtJ/EYqsjXdgVBHn39W1Qtt0nrCKtlYgMes74WQOV3Hc0/RICfHC7uGLyU
+UhrfG/jg/2wSopLNxmqO8lO8s+cxlQx9W1GudSwgHLmoCTjLhyxBGY7yIj1zIqt
PywULighQXZOX1LOS0rVZXMaSPavVnqKEOQx+th1hgPTLGlYUEJpmhJqxMHj3AGC
JO04TCD2y4IltdTN0dlSVgkz8x3jE8t5HqbpnnGHu3JfL603rdoETqC4hyZeSYe7
djXhL4ghUwg=
=7xtq
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3551 – [Juniper] MX series/EX9200 Series running Junos OS: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/esb-2020-3551-juniper-mx-series-ex9200-series-running-junos-os-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3551-juniper-mx-series-ex9200-series-running-junos-os-denial-of-service-remote-unauthenticated

ESB-2020.3549 – [Win][UNIX/Linux] McAfee Application and Change Control (MACC): Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3549
           McAfee Application and Change Control update fixes a
        vulnerability in Package Control (CVE-2020-7334) (SB10333)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           McAfee Application and Change Control (MACC)
Publisher:         McAfee
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Modify Arbitrary Files -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7334  

Original Bulletin: 
   https://kc.mcafee.com/corporate/index?page=content&id=SB10333

- --------------------------BEGIN INCLUDED TEXT--------------------

McAfee Security Bulletin - Application and Change Control update fixes a
vulnerability in Package Control (CVE-2020-7334)

Security Bulletins ID   : SB10333

Last Modified           : 10/13/2020

Summary

First Published: October 13, 2020
+------------------+---------+-------------+----------------+--------+--------+
|                  |         |             |                |        |CVSS    |
|                  |Impacted |             |Impact of       |Severity|v3.1    |
|Product:          |Versions:|CVE ID:      |Vulnerabilities:|Ratings:|Base/   |
|                  |         |             |                |        |Temporal|
|                  |         |             |                |        |Scores: |
+------------------+---------+-------------+----------------+--------+--------+
|McAfee Application|         |             |Incorrect       |        |        |
|and Change Control|8.3.1 and|CVE-2020-7334|Privilege       |High    |8.2 /   |
|(MACC)            |earlier  |             |Assignment      |        |7.6     |
|                  |         |             |(CWE-266)       |        |        |
+------------------+---------+-------------+----------------+--------+--------+
|Recommendations:  |Install or update to MACC 8.3.2                           |
+------------------+----------------------------------------------------------+
|Security Bulletin |None                                                      |
|Replacement:      |                                                          |
+------------------+----------------------------------------------------------+
|Location of       |http://www.mcafee.com/us/downloads/downloads.aspx         |
|updated software: |                                                          |
+------------------+----------------------------------------------------------+

To receive email notification when this Security Bulletin is updated, click
Subscribe on the right side of the page. You must be logged on to subscribe.

Article contents:

  o Vulnerability Description
  o Remediation
  o Frequently Asked Questions (FAQs)
  o Resources
  o Disclaimer

Vulnerability Description
CVE-2020-7334
Improper privilege assignment vulnerability in the installer McAfee Application
and Change Control (MACC) prior to 8.3.2 allows local administrators to change
or update the configuration settings via a carefully constructed MSI configured
to mimic the genuine installer. This version adds further controls for
installation/uninstallation of software.
https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2020-7334
https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2020-7334
Remediation
To remediate this issue, go to the Product Downloads site , and download the
applicable product update file:
+-------+-------+------+----------------+
|Product|Version|Type  |Release Date    |
+-------+-------+------+----------------+
|MACC   |8.3.2  |Update|October 13, 2020|
+-------+-------+------+----------------+

Download and Installation Instructions
See KB56057 for instructions on how to download McAfee products, documentation,
updates, and hotfixes. Review the Release Notes and the Installation Guide for
instructions on how to install these updates. All documentation is available at
https://docs.mcafee.com .
Frequently Asked Questions (FAQs)
How do I know if my McAfee product is vulnerable or not
For endpoint products:
Use the following instructions for endpoint or client-based products:

 1. Right-click the McAfee tray shield icon on the Windows taskbar.
 2. Select Open Console .
 3. In the console, select Action Menu .
 4. In the Action Menu, select Product Details . The product version displays.

What is CVSS
CVSS, or Common Vulnerability Scoring System, is the result of the National
Infrastructure Advisory Council's effort to standardize a system of assessing
the criticality of a vulnerability. This system offers an unbiased criticality
score between 0 and 10 that customers can use to judge how critical a
vulnerability is and plan accordingly. For more information, visit the CVSS
website at: https://www.first.org/cvss/ .

When calculating CVSS scores, McAfee has adopted a philosophy that fosters
consistency and repeatability. Our guiding principle for CVSS scoring is to
score the exploit under consideration by itself. We consider only the immediate
and direct impact of the exploit under consideration. We do not factor into a
score any potential follow-on exploits that might be made possible by the
successful exploitation of the issue being scored.

What are the CVSS scoring metrics

CVE-2020-7334
+------------------------+-----------------------------+
|Base Score              |8.2                          |
+------------------------+-----------------------------+
|Attack Vector (AV)      |Local (L)                    |
+------------------------+-----------------------------+
|Attack Complexity (AC)  |Low (L)                      |
+------------------------+-----------------------------+
|Privileges Required (PR)|High (H)                     |
+------------------------+-----------------------------+
|User Interaction (UI)   |Required (R)                 |
+------------------------+-----------------------------+
|Scope (S)               |Changed (C)                  |
+------------------------+-----------------------------+
|Confidentiality (C)     |High (H)                     |
+------------------------+-----------------------------+
|Integrity (I)           |High (H)                     |
+------------------------+-----------------------------+
|Availability (A)        |High (H)                     |
+------------------------+-----------------------------+
|Temporal Score (Overall)|7.6                          |
+------------------------+-----------------------------+
|Exploitability (E)      |Functional exploit exists (F)|
+------------------------+-----------------------------+
|Remediation Level (RL)  |Official Fix (O)             |
+------------------------+-----------------------------+
|Report Confidence (RC)  |Confirmed (C)                |
+------------------------+-----------------------------+

NOTE: The below CVSS version 3.1 vector was used to generate this score.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:H/UI:R
/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C&version=3.1

Where can I find a list of all Security Bulletins
All Security Bulletins are published on our external PSIRT website at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see
Security Bulletins for McAfee Enterprise products on this website click
Enterprise Security Bulletins . Security Bulletins are retired (removed) once a
product is both End of Sale and End of Support (End of Life).

How do I report a product vulnerability to McAfee
If you have information about a security issue or vulnerability with a McAfee
product, visit the McAfee PSIRT website for instructions at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an
issue, click Report a Security Vulnerability .

How does McAfee respond to this and any other reported security flaws
Our key priority is the security of our customers. If a vulnerability is found
within any McAfee software or services, we work closely with the relevant
security software development team to ensure the rapid and effective
development of a fix and communication plan.

McAfee only publishes Security Bulletins if they include something actionable
such as a workaround, mitigation, version update, or hotfix. Otherwise, we
would simply be informing the hacker community that our products are a target,
putting our customers at greater risk. For products that are updated
automatically, a non-actionable Security Bulletin might be published to
acknowledge the discoverer.

View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/
threat-center/product-security-bulletins.aspx by clicking About PSIRT .
Resources
To contact Technical Support, log on to the ServicePortal and go to the Create
a Service Request page at https://support.mcafee.com/ServicePortal/faces/
serviceRequests/createSR :

  o If you are a registered user, type your User ID and Password, and then
    click Log In .
  o If you are not a registered user, click Register and complete the required
    fields. Your password and logon instructions will be emailed to you.

Disclaimer
The information provided in this Security Bulletin is provided as is without
warranty of any kind. McAfee disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall McAfee or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if McAfee or its suppliers have
been advised of the possibility of such damages. Some states do not allow the
exclusion or limitation of liability for consequential or incidental damages so
the preceding limitation may not apply.

Any future product release dates mentioned in this Security Bulletin are
intended to outline our general product direction, and they should not be
relied on in making a purchasing decision. The product release dates are for
information purposes only, and may not be incorporated into any contract. The
product release dates are not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. The development, release, and
timing of any features or functionality described for our products remains at
our sole discretion and may be changed or canceled at any time

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4ekw+NLKJtyKPYoAQjBcw/+KzNTcJgeybDmZofDEM3fwPzpY+sPTVZU
0KvIisL2WWVWGQHm5RqAvFe/6805QRc5S+6ozxLe1ShI0Wvtti093WFmdhy4yqUI
sNkrMQK4dqiKaULN4HhqUCpfGUf01BWOcR8XIbcKUYcKy1FpPRirLUexuMY3rzaD
r+xi6nkek9/LOA33a1tbXl8SclRuTzU/Q3r42DSSW979zkTjc5McnWP9pN2xtFBf
rdejt8vSXRfiNWhdO1H+Xkrn+Z+AvIYj1eOuWYqJAH1UDMsO1NxesPZhOftUVy9L
rOKeEZ+898jyW0bCLm3BU/xnVdNRWkeG2l9FEviFWmxdTXdiA1bsLUDrBOQr+jX+
2rfzgEDWkflnhQd4iOXDem71YY+HWYvIkqBySoSknAzbC7RupDH7y6yw117NpAM5
s3JsVG+L2kaNplrRHYPVk181UZBUN9seb0fM9MdtIORVw85oEoEza7qy88HAkE7F
0nF+2UxQ3ZlC8Kw6iBRAKrTWtTPfvQWL3lG8t8i0ButLKtqDldGy3UKHqywPwn1h
LDxRlZfS7XlGV5SCDA6AkELl1L9gGEOvFECyGjIcxd53DqWuudz7pn1GAAnggrxz
aYiZQUmZyi1HQ5m7v0mUlnNImPxE9uQ1eIWZrvgES3bRNCD3Che+Ax9MVSzFQ10t
btkPgaPftkk=
=1x8V
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3549 – [Win][UNIX/Linux] McAfee Application and Change Control (MACC): Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/esb-2020-3549-winunix-linux-mcafee-application-and-change-control-macc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3549-winunix-linux-mcafee-application-and-change-control-macc-multiple-vulnerabilities

ESB-2020.3549 – [Win][UNIX/Linux] McAfee Application and Change Control (MACC): Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3549
           McAfee Application and Change Control update fixes a
        vulnerability in Package Control (CVE-2020-7334) (SB10333)
                              15 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           McAfee Application and Change Control (MACC)
Publisher:         McAfee
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Modify Arbitrary Files -- Existing Account
                   Denial of Service      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7334  

Original Bulletin: 
   https://kc.mcafee.com/corporate/index?page=content&id=SB10333

- --------------------------BEGIN INCLUDED TEXT--------------------

McAfee Security Bulletin - Application and Change Control update fixes a
vulnerability in Package Control (CVE-2020-7334)

Security Bulletins ID   : SB10333

Last Modified           : 10/13/2020

Summary

First Published: October 13, 2020
+------------------+---------+-------------+----------------+--------+--------+
|                  |         |             |                |        |CVSS    |
|                  |Impacted |             |Impact of       |Severity|v3.1    |
|Product:          |Versions:|CVE ID:      |Vulnerabilities:|Ratings:|Base/   |
|                  |         |             |                |        |Temporal|
|                  |         |             |                |        |Scores: |
+------------------+---------+-------------+----------------+--------+--------+
|McAfee Application|         |             |Incorrect       |        |        |
|and Change Control|8.3.1 and|CVE-2020-7334|Privilege       |High    |8.2 /   |
|(MACC)            |earlier  |             |Assignment      |        |7.6     |
|                  |         |             |(CWE-266)       |        |        |
+------------------+---------+-------------+----------------+--------+--------+
|Recommendations:  |Install or update to MACC 8.3.2                           |
+------------------+----------------------------------------------------------+
|Security Bulletin |None                                                      |
|Replacement:      |                                                          |
+------------------+----------------------------------------------------------+
|Location of       |http://www.mcafee.com/us/downloads/downloads.aspx         |
|updated software: |                                                          |
+------------------+----------------------------------------------------------+

To receive email notification when this Security Bulletin is updated, click
Subscribe on the right side of the page. You must be logged on to subscribe.

Article contents:

  o Vulnerability Description
  o Remediation
  o Frequently Asked Questions (FAQs)
  o Resources
  o Disclaimer

Vulnerability Description
CVE-2020-7334
Improper privilege assignment vulnerability in the installer McAfee Application
and Change Control (MACC) prior to 8.3.2 allows local administrators to change
or update the configuration settings via a carefully constructed MSI configured
to mimic the genuine installer. This version adds further controls for
installation/uninstallation of software.
https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2020-7334
https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2020-7334
Remediation
To remediate this issue, go to the Product Downloads site , and download the
applicable product update file:
+-------+-------+------+----------------+
|Product|Version|Type  |Release Date    |
+-------+-------+------+----------------+
|MACC   |8.3.2  |Update|October 13, 2020|
+-------+-------+------+----------------+

Download and Installation Instructions
See KB56057 for instructions on how to download McAfee products, documentation,
updates, and hotfixes. Review the Release Notes and the Installation Guide for
instructions on how to install these updates. All documentation is available at
https://docs.mcafee.com .
Frequently Asked Questions (FAQs)
How do I know if my McAfee product is vulnerable or not
For endpoint products:
Use the following instructions for endpoint or client-based products:

 1. Right-click the McAfee tray shield icon on the Windows taskbar.
 2. Select Open Console .
 3. In the console, select Action Menu .
 4. In the Action Menu, select Product Details . The product version displays.

What is CVSS
CVSS, or Common Vulnerability Scoring System, is the result of the National
Infrastructure Advisory Council's effort to standardize a system of assessing
the criticality of a vulnerability. This system offers an unbiased criticality
score between 0 and 10 that customers can use to judge how critical a
vulnerability is and plan accordingly. For more information, visit the CVSS
website at: https://www.first.org/cvss/ .

When calculating CVSS scores, McAfee has adopted a philosophy that fosters
consistency and repeatability. Our guiding principle for CVSS scoring is to
score the exploit under consideration by itself. We consider only the immediate
and direct impact of the exploit under consideration. We do not factor into a
score any potential follow-on exploits that might be made possible by the
successful exploitation of the issue being scored.

What are the CVSS scoring metrics

CVE-2020-7334
+------------------------+-----------------------------+
|Base Score              |8.2                          |
+------------------------+-----------------------------+
|Attack Vector (AV)      |Local (L)                    |
+------------------------+-----------------------------+
|Attack Complexity (AC)  |Low (L)                      |
+------------------------+-----------------------------+
|Privileges Required (PR)|High (H)                     |
+------------------------+-----------------------------+
|User Interaction (UI)   |Required (R)                 |
+------------------------+-----------------------------+
|Scope (S)               |Changed (C)                  |
+------------------------+-----------------------------+
|Confidentiality (C)     |High (H)                     |
+------------------------+-----------------------------+
|Integrity (I)           |High (H)                     |
+------------------------+-----------------------------+
|Availability (A)        |High (H)                     |
+------------------------+-----------------------------+
|Temporal Score (Overall)|7.6                          |
+------------------------+-----------------------------+
|Exploitability (E)      |Functional exploit exists (F)|
+------------------------+-----------------------------+
|Remediation Level (RL)  |Official Fix (O)             |
+------------------------+-----------------------------+
|Report Confidence (RC)  |Confirmed (C)                |
+------------------------+-----------------------------+

NOTE: The below CVSS version 3.1 vector was used to generate this score.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:L/AC:L/PR:H/UI:R
/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C&version=3.1

Where can I find a list of all Security Bulletins
All Security Bulletins are published on our external PSIRT website at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see
Security Bulletins for McAfee Enterprise products on this website click
Enterprise Security Bulletins . Security Bulletins are retired (removed) once a
product is both End of Sale and End of Support (End of Life).

How do I report a product vulnerability to McAfee
If you have information about a security issue or vulnerability with a McAfee
product, visit the McAfee PSIRT website for instructions at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an
issue, click Report a Security Vulnerability .

How does McAfee respond to this and any other reported security flaws
Our key priority is the security of our customers. If a vulnerability is found
within any McAfee software or services, we work closely with the relevant
security software development team to ensure the rapid and effective
development of a fix and communication plan.

McAfee only publishes Security Bulletins if they include something actionable
such as a workaround, mitigation, version update, or hotfix. Otherwise, we
would simply be informing the hacker community that our products are a target,
putting our customers at greater risk. For products that are updated
automatically, a non-actionable Security Bulletin might be published to
acknowledge the discoverer.

View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/
threat-center/product-security-bulletins.aspx by clicking About PSIRT .
Resources
To contact Technical Support, log on to the ServicePortal and go to the Create
a Service Request page at https://support.mcafee.com/ServicePortal/faces/
serviceRequests/createSR :

  o If you are a registered user, type your User ID and Password, and then
    click Log In .
  o If you are not a registered user, click Register and complete the required
    fields. Your password and logon instructions will be emailed to you.

Disclaimer
The information provided in this Security Bulletin is provided as is without
warranty of any kind. McAfee disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall McAfee or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if McAfee or its suppliers have
been advised of the possibility of such damages. Some states do not allow the
exclusion or limitation of liability for consequential or incidental damages so
the preceding limitation may not apply.

Any future product release dates mentioned in this Security Bulletin are
intended to outline our general product direction, and they should not be
relied on in making a purchasing decision. The product release dates are for
information purposes only, and may not be incorporated into any contract. The
product release dates are not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. The development, release, and
timing of any features or functionality described for our products remains at
our sole discretion and may be changed or canceled at any time

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4ekw+NLKJtyKPYoAQjBcw/+KzNTcJgeybDmZofDEM3fwPzpY+sPTVZU
0KvIisL2WWVWGQHm5RqAvFe/6805QRc5S+6ozxLe1ShI0Wvtti093WFmdhy4yqUI
sNkrMQK4dqiKaULN4HhqUCpfGUf01BWOcR8XIbcKUYcKy1FpPRirLUexuMY3rzaD
r+xi6nkek9/LOA33a1tbXl8SclRuTzU/Q3r42DSSW979zkTjc5McnWP9pN2xtFBf
rdejt8vSXRfiNWhdO1H+Xkrn+Z+AvIYj1eOuWYqJAH1UDMsO1NxesPZhOftUVy9L
rOKeEZ+898jyW0bCLm3BU/xnVdNRWkeG2l9FEviFWmxdTXdiA1bsLUDrBOQr+jX+
2rfzgEDWkflnhQd4iOXDem71YY+HWYvIkqBySoSknAzbC7RupDH7y6yw117NpAM5
s3JsVG+L2kaNplrRHYPVk181UZBUN9seb0fM9MdtIORVw85oEoEza7qy88HAkE7F
0nF+2UxQ3ZlC8Kw6iBRAKrTWtTPfvQWL3lG8t8i0ButLKtqDldGy3UKHqywPwn1h
LDxRlZfS7XlGV5SCDA6AkELl1L9gGEOvFECyGjIcxd53DqWuudz7pn1GAAnggrxz
aYiZQUmZyi1HQ5m7v0mUlnNImPxE9uQ1eIWZrvgES3bRNCD3Che+Ax9MVSzFQ10t
btkPgaPftkk=
=1x8V
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3549 – [Win][UNIX/Linux] McAfee Application and Change Control (MACC): Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/15/esb-2020-3549-winunix-linux-mcafee-application-and-change-control-macc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3549-winunix-linux-mcafee-application-and-change-control-macc-multiple-vulnerabilities

Network Security News Summary for Thursday October 15 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Thursday October 15 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/14/network-security-news-summary-for-thursday-october-15-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-thursday-october-15-2020

Yes, we can validate leaked emails

When emails leak, we can know whether they are authenticate or forged. It’s the first question we should ask of today’s leak of emails of Hunter Biden. It has a definitive answer.

Today’s emails have “cryptographic signatures” inside the metadata. Such signatures have been common for the past decade as one way of controlling spam, to verify the sender is who they claim to be. These signatures verify not only the sender, but also that the contents have not been altered. In other words, it authenticates the document, who sent it, and when it was sent.

Crypto works. The only way to bypass these signatures is to hack into the servers. In other words, when we see a 6 year old message with a valid Gmail signature, we know either (a) it’s valid or (b) they hacked into Gmail to steal the signing key. Since (b) is extremely unlikely, and if they could hack Google, they could a ton more important stuff with the information, we have to assume (a).

Your email client normally hides this metadata from you, because it’s boring and humans rarely want to see it. But it’s still there in the original email document. An email message is simply a text document consisting of metadata followed by the message contents.

It takes no special skills to see metadata. If the person has enough skill to export the email to a PDF document, they have enough skill to export the email source. If they can upload the PDF to Scribd (as in the story), they can upload the email source. I show how to below.

To show how this works, I send an email using Gmail to my private email server (from gmail.com to robertgraham.com).

The NYPost story shows the email printed as a PDF document. Thus, I do the same thing when the email arrives on my MacBook, using the Apple “Mail” app. It looks like the following:

The “raw” form originally sent from my Gmail account is simply a text document that looked like the following:

This is rather simple. Client’s insert details like a “Message-ID” that humans don’t care about. There’s also internal formatting details, like the fact that this is a “plain text” message rather than an “HTML” email.

But this raw document was the one sent by the Gmail web client. It then passed through Gmail’s servers, then was passed across the Internet to my private server, where I finally retrieved it using my MacBook.

As email messages pass through servers, the servers add their own metadata.

When it arrived, the “raw” document looked like the following. None of the important bits changed, but a lot more metadata was added:

The bit you care about here is the “DKIM-Signature:” metadata.

This is added by Gmail’s servers, for anything sent from gmail.com. It “authenticates” or “verifies” that this email actually did come from those servers, and that the essential content hasn’t been altered. The long strings of random-looking characters are the “cryptographic signature”. That’s what all crypto is based upon — long chunks of random-looking data.

To extract this document, I used Apple’s “Mail” client program and selected “Save As…” from the “File” menu, saving as “Raw Message Source”.

I uploaded this this document to Scrib so that anybody can download and play with it, such as verifying the signature.

To verify the email signature, I simply open the email document using Thunderbird (Firefox’s email client) with the “DKIM Verifier” extension, which validates that the signature is indeed correct. Thus we see it’s a valid email sent by Gmail and that the key headers have not been changed:

The same could be done with those emails from the purported Hunter Biden laptop. If they can be printed as a PDF (as in the news story) then they can also be saved in raw form and have their DKIM signatures verified.

This sort of thing is extraordinarily easy, something anybody with minimal computer expertise can accomplish. It would go a long way to establishing the credibility of the story, proving that the emails were not forged. The lack leads me to believe that nobody with minimal computer expertise was involved in the story.

The story contains the following paragraph about one of the emails recovered from the drive (the smoking gun claiming Pozharskyi met Joe Biden), claiming how it was “allegedly sent”. Who alleges this? If they have the email with a verifiable DKIM signature, no “alleging” is needed — it’s confirmed. Since Pozharskyi used Gmail, we know the original would have had a valid signature.

The lack of unconfirmed allegations that could be confirmed seems odd for a story of this magnitude.

Note that the NYPost claims to have a copy of the original, so they should be able to do this sort of verification:

However, while they could in theory, it appears they didn’t in practice. The PDF displayed in the story is up on Scribd, allowing anybody to download it. PDF’s, like email, also have metadata, which most PDF viewers will show you. It appears this PDF was not created after Sunday when the NYPost got the hard drive, but back in September when Trump’s allies got the hard drive.

Conclusion

It takes no special skills to do any of this. If the person has enough skill to export the email to a PDF document, they have enough skill to export the email source. Instead of “Export to PDF”, select “Save As … Raw Message Source”. Instead of uploading the .pdf file, upload the resulting .txt to Scribd.

At this point, a journalist wouldn’t need to verify DKIM, or consult an expert: anybody could verify it. There a ton of tools out there that can simply load that raw source email and verify it, such as the Thunderbird example I did above.

The post Yes, we can validate leaked emails appeared first on Security Boulevard.

Read More

The post Yes, we can validate leaked emails appeared first on Malware Devil.

https://malwaredevil.com/2020/10/14/yes-we-can-validate-leaked-emails/?utm_source=rss&utm_medium=rss&utm_campaign=yes-we-can-validate-leaked-emails

ManagedMethods Named “Data Security Solution of the Year” in the 2020 CyberSecurity Breakthrough Awards

BOULDER, Colo.—October 14, 2020—ManagedMethods, the leading Google Workplace and Microsoft 365 cybersecurity, student safety and compliance platform for K-12 school districts, today announced it has been named the winner of the “Data Security Solution of the Year” award by CyberSecurity Breakthrough. This is the second consecutive year ManagedMethods has been recognized in the CyberSecurity Breakthrough […]

The post ManagedMethods Named “Data Security Solution of the Year” in the 2020 CyberSecurity Breakthrough Awards appeared first on ManagedMethods.

The post ManagedMethods Named “Data Security Solution of the Year” in the 2020 CyberSecurity Breakthrough Awards appeared first on Security Boulevard.

Read More

The post ManagedMethods Named “Data Security Solution of the Year” in the 2020 CyberSecurity Breakthrough Awards appeared first on Malware Devil.

https://malwaredevil.com/2020/10/14/managedmethods-named-data-security-solution-of-the-year-in-the-2020-cybersecurity-breakthrough-awards/?utm_source=rss&utm_medium=rss&utm_campaign=managedmethods-named-data-security-solution-of-the-year-in-the-2020-cybersecurity-breakthrough-awards

No-one expects fraud will happen to them, until it does

Online fraud can be pretty insidious, especially if you think you’re doing everything right. But fraud is becoming more […]

The post No-one expects fraud will happen to them, until it does appeared first on NuData Security.

The post No-one expects fraud will happen to them, until it does appeared first on Security Boulevard.

Read More

The post No-one expects fraud will happen to them, until it does appeared first on Malware Devil.

https://malwaredevil.com/2020/10/14/no-one-expects-fraud-will-happen-to-them-until-it-does/?utm_source=rss&utm_medium=rss&utm_campaign=no-one-expects-fraud-will-happen-to-them-until-it-does

JavaScript Used by Phishing Page to Steal Magento Credentials

Digital attackers created a Magento phishing page that used JavaScript to exfiltrate the login credentials of its victims. Sucuri came across a compromised website using the filename “wp-order.php” during an investigation. This phishing page hosted what appeared to be a legitimate Magento 1.x login portal at the time of discovery. In support of this ruse, […]… Read More

The post JavaScript Used by Phishing Page to Steal Magento Credentials appeared first on The State of Security.

The post JavaScript Used by Phishing Page to Steal Magento Credentials appeared first on Security Boulevard.

Read More

The post JavaScript Used by Phishing Page to Steal Magento Credentials appeared first on Malware Devil.

https://malwaredevil.com/2020/10/14/javascript-used-by-phishing-page-to-steal-magento-credentials/?utm_source=rss&utm_medium=rss&utm_campaign=javascript-used-by-phishing-page-to-steal-magento-credentials

Coalition Pokes Five Eyes on Call for Backdoors

Subscribe to Newsletters

Webinar Archives

White Papers

Software Exploits, a Technical Deep Dive into Vulnerabilities

The State of IT & Cybersecurity Operations 2020

2020 SANS Cyber Threat Intelligence Survey

Create a PKI Infrastructure for Zero Trust

More White Papers

Video

All Videos

Cartoon

Latest Comment: Sorry, I cannot brush my teeth tonight. The toothbrush locked me out after three tries.

Cartoon Archive

Current Issue

Special Report: Computing’s New NormalThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Back Issues | Must Reads

Flash Poll

All Polls

How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world — and enterprise computing — on end. Here’s a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2018-20243
PUBLISHED: 2020-10-13

The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

CVE-2020-13957
PUBLISHED: 2020-10-13

Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that’s uploaded via API without authentication/authorization. The checks in place to prevent such feature…

CVE-2020-15251
PUBLISHED: 2020-10-13

In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability.

CVE-2020-17411
PUBLISHED: 2020-10-13

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within…

CVE-2020-17412
PUBLISHED: 2020-10-13

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han…

The post Coalition Pokes Five Eyes on Call for Backdoors appeared first on Malware Devil.

https://malwaredevil.com/2020/10/13/coalition-pokes-five-eyes-on-call-for-backdoors/?utm_source=rss&utm_medium=rss&utm_campaign=coalition-pokes-five-eyes-on-call-for-backdoors

Demand for Healthcare Data Visualization for Better Protection

The healthcare industry is one of the most heavily regulated in the world due to the volume and sensitivity of the data entrusted to it.  As data protection regulations grow more numerous and more stringent, companies must select and deploy solutions to ensure that they can maintain regulatory compliance and protect their sensitive data from […]

The post Demand for Healthcare Data Visualization for Better Protection appeared first on 1touch.io.

The post Demand for Healthcare Data Visualization for Better Protection appeared first on Security Boulevard.

Read More

The post Demand for Healthcare Data Visualization for Better Protection appeared first on Malware Devil.

https://malwaredevil.com/2020/10/13/demand-for-healthcare-data-visualization-for-better-protection/?utm_source=rss&utm_medium=rss&utm_campaign=demand-for-healthcare-data-visualization-for-better-protection