Malware Devil

Tuesday, October 20, 2020

How Backdoors Lead To Breaches & GRC Compliance Issues – David Mundhenk, Ivan Tsarynny – SCW #48

The client-side or the front end of web applications, aka ‘digital user experience’, actively ingests customer/user information via forms. As the web app’s front-end code runs on unmonitored devices, many application security flaws are being leveraged by malware and malicious actors to capture credentials, financial transactions, payment card data, and permit legitimate third-party vendor tools to facilitate unauthorized access or theft of sensitive data causing damages from tens of thousands to hundreds of millions of dollars.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/scw48

The post How Backdoors Lead To Breaches & GRC Compliance Issues – David Mundhenk, Ivan Tsarynny – SCW #48 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/how-backdoors-lead-to-breaches-grc-compliance-issues-david-mundhenk-ivan-tsarynny-scw-48-2/?utm_source=rss&utm_medium=rss&utm_campaign=how-backdoors-lead-to-breaches-grc-compliance-issues-david-mundhenk-ivan-tsarynny-scw-48-2

How Backdoors Lead To Breaches & GRC Compliance Issues – David Mundhenk, Ivan Tsarynny – SCW #48

The post How Backdoors Lead To Breaches & GRC Compliance Issues – David Mundhenk, Ivan Tsarynny – SCW #48 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/how-backdoors-lead-to-breaches-grc-compliance-issues-david-mundhenk-ivan-tsarynny-scw-48/?utm_source=rss&utm_medium=rss&utm_campaign=how-backdoors-lead-to-breaches-grc-compliance-issues-david-mundhenk-ivan-tsarynny-scw-48

Office Hours Recap: All About Apple MDM

JumpCloud is helping IT administrators get ready for macOS 11 Big Sur — learn what it takes to be ready for this significant upgrade.

The post Office Hours Recap: All About Apple MDM appeared first on JumpCloud.

The post Office Hours Recap: All About Apple MDM appeared first on Security Boulevard.

The post Office Hours Recap: All About Apple MDM appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/office-hours-recap-all-about-apple-mdm/?utm_source=rss&utm_medium=rss&utm_campaign=office-hours-recap-all-about-apple-mdm

ESB-2020.3588 – [RedHat] nodejs:12: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3588
                   nodejs:12 security and bug fix update
                              20 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           nodejs:12
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Existing Account      
                   Reduced Security                -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15095 CVE-2020-8252 CVE-2020-8201
                   CVE-2020-8116  

Reference:         ESB-2020.3494
                   ESB-2020.3330

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:4272

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:12 security and bug fix update
Advisory ID:       RHSA-2020:4272-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4272
Issue date:        2020-10-19
CVE Names:         CVE-2020-8116 CVE-2020-8201 CVE-2020-8252 
                   CVE-2020-15095 
=====================================================================

1. Summary:

An update for the nodejs:12 module is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version:
nodejs (12.18.4).

Security Fix(es):

* nodejs-dot-prop: prototype pollution (CVE-2020-8116)

* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
(CVE-2020-8201)

* npm: Sensitive information exposure through logs (CVE-2020-15095)

* libuv: buffer overflow in realpath (CVE-2020-8252)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* The nodejs:12/development module is not installable (BZ#1883966)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1856875 - CVE-2020-15095 npm: Sensitive information exposure through logs
1868196 - CVE-2020-8116 nodejs-dot-prop: prototype pollution
1879311 - CVE-2020-8201 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
1879315 - CVE-2020-8252 libuv: buffer overflow in realpath
1883966 - The nodejs:12/development module is not installable [rhel-8.2.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
nodejs-12.18.4-2.module+el8.2.0+8361+192e434e.src.rpm
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm

aarch64:
nodejs-12.18.4-2.module+el8.2.0+8361+192e434e.aarch64.rpm
nodejs-debuginfo-12.18.4-2.module+el8.2.0+8361+192e434e.aarch64.rpm
nodejs-debugsource-12.18.4-2.module+el8.2.0+8361+192e434e.aarch64.rpm
nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e.aarch64.rpm
nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e.aarch64.rpm
npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e.aarch64.rpm

noarch:
nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e.noarch.rpm
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm

ppc64le:
nodejs-12.18.4-2.module+el8.2.0+8361+192e434e.ppc64le.rpm
nodejs-debuginfo-12.18.4-2.module+el8.2.0+8361+192e434e.ppc64le.rpm
nodejs-debugsource-12.18.4-2.module+el8.2.0+8361+192e434e.ppc64le.rpm
nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e.ppc64le.rpm
nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e.ppc64le.rpm
npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e.ppc64le.rpm

s390x:
nodejs-12.18.4-2.module+el8.2.0+8361+192e434e.s390x.rpm
nodejs-debuginfo-12.18.4-2.module+el8.2.0+8361+192e434e.s390x.rpm
nodejs-debugsource-12.18.4-2.module+el8.2.0+8361+192e434e.s390x.rpm
nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e.s390x.rpm
nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e.s390x.rpm
npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e.s390x.rpm

x86_64:
nodejs-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpm
nodejs-debuginfo-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpm
nodejs-debugsource-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpm
nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpm
nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpm
npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-8116
https://access.redhat.com/security/cve/CVE-2020-8201
https://access.redhat.com/security/cve/CVE-2020-8252
https://access.redhat.com/security/cve/CVE-2020-15095
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX41E/tzjgjWX9erEAQiqAhAAh0qeleD3fUgwf3gHPlqT2W5m9JcrxFze
Inz7Dgcwiibbym4BlJQ+4BOCta/eDyE5eREuFNww/z9BUbbgITI+qlfIaJzLMWFX
9RUtpZcf9mao6FHbxtbHbdRd1UuxhpuTcdTP38m71y4ES/QkfgwngxBDNqlexu8K
/UTkdpBnZsuLo1pvYydCn73HCRmPOJtmBy3BB13Z6yIwTUQhEw0bru2pq6UIHDGn
w5Fm1FlpnDmu+fAIaFev8RGQB//3Qb/XFJn6PW21wgIXMdqhdaH3Xmh4+m3s2afV
OdlO7fxFMxSdms0mwhbCwYL8FqyNqRMoVJHGKAKypN4tFj1xkprIaV1AELayShsg
oDAbZSi/Eh8pYu/wDnriV26uDDZizzuuNTS3BJfpuhJCQ1nn90pYhLIa1Y9FU2jQ
NVhciL7B+KjkHQHEClEcX44ge0cue9+f5RsDqxb+RdGlP2dyAxCqT5MZjOb06C2y
oAGcib7DWvh7zXVwn3+3j77y3HLQk45VnxhCV2WM3DE5vrJ7jPUMowDIp4RMc6qw
CGKKW8bzHdRdL9/B6V0HVe2CtJiiz2L9KD7+CV+13Mi4fapq6qM2jEHpbUn91AoG
cJ/hqT912XEDtNDt/SMxHLBMPTHv/9hh+nSbw1TfY5TvQM8hnKCznH2gS4abenO0
Mwmrogf+Egs=
=OV38
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX44Z/uNLKJtyKPYoAQiTWw/+Ljl0WbVg3iqVBCKUkI2rFh9l2xPwbJKI
dbfxCHcxVahjMYoiFdWYeMHolRcDm/NpAtPEjWuFvv7RP9BjaTWvXQ2d/nl3ByD5
ElVLi6v4cMjnOXmvT5UQ0cFCej8RZz62aWXIbbNyyoDcS3oZ3z7vZhMt9KpyBxmt
1420aUxNLhFskX00ntIrbqBgd6lWw2HDq5qCBGcIrOB5XYprxJB2Na4Ld9o4rE5H
3Fq7yc0kVZZyt5rY36SqK39dLiAgHGn1MtC8XHEZsJfKRVcW6sUnygngQZ5arTeA
o2C0KX6LClCG1OWWiu9hYpJv7i2QkGHq0ivIcHBKp99jjipaWmba/8byvP4a0Cst
/kYYj0MwxSZPea1h7IJ9eOgmqnVlKk8B3XOgkyfJrmpK25JeH8FttrgiFisIXMaQ
RbWF3SmuHCWIMhKYBLnj/hxJKjAqXDllao+NTIVegHhYkp8U8OEgXvPWsPZS9frW
U46gNG9/MFSlMOjLxNlAh7in8IHmhhz2k9savh+zx5VRNPm7iXIIzbqbhroEFQ+2
cbIlyKsfsXIf24g2Is1w8SReHB3E8hKO4zIfgHLR8lwXYdtMxnQ4P3C0JNJrQ0c/
fIgybaOGXcpiQ5bCF7gpSkVc8eu3LiYHCvvU50HWFgkRm9sg07KkjJ+1Gs4bsuJm
f3+ooIVzPIw=
=/dkZ
-----END PGP SIGNATURE-----

The post ESB-2020.3588 – [RedHat] nodejs:12: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/esb-2020-3588-redhat-nodejs12-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3588-redhat-nodejs12-multiple-vulnerabilities

ESB-2020.3589 – [Ubuntu] Collabtive: Execute arbitrary code/commands – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3589
                   USN-4590-1: Collabtive vulnerability
                              20 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Collabtive
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-0258  

Reference:         ESB-2020.0750

Original Bulletin: 
   https://usn.ubuntu.com/4590-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4590-1: Collabtive vulnerability
19 October 2020

Collabtive could be made to run programs if it received
specially crafted network traffic from an authenticated user.
Releases

  o Ubuntu 16.04 LTS

Packages

  o collabtive - Web-based project management software

Details

It was discovered that Collabtive did not properly validate avatar image
file uploads. An authenticated user could exploit this with a crafted file
to cause Collabtive to execute arbitrary code. (CVE-2015-0258)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04

  o collabtive - 2.0+dfsg-6ubuntu1.1

In general, a standard system update will make all the necessary changes.

References

  o CVE-2015-0258

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX44YWeNLKJtyKPYoAQhY9BAArmxBLgk1EVvPdsjbIt1aLRtHD6YlIgAM
apyw3s0tGq3K3zKuYKG+eXdSbYvKmaBjgTxYb/7uiaeHNuZIdiwepLTK2ydq6TPF
qvcHh9ymxioEJW1MN5ClWfr47ZLejwPxeDLdHsI7LS5JvMn78wp9FzhG02+/EHiP
5IspeQLSEc5TP13HtL9+get5YflXLISPMxNcm3qc7TNS22IudefynmW4CE8F4Id6
il69kpxX1Hkg7MCQO5CbnlsHoqywB00vQhOwNljD/q8ZCvYbs52PdyyvbFU3o3AW
zRQ3y5ZzqGPAQo63X5HccsJ2+8qAtv6haopjN9fxbmtCE7miEYckAuchj/Jn53L7
1+KL88MqgS0Qf4X/QluoUtxZNpmaJxmsdy+aEorF1QFIGPguRzscYD817nyb/QBo
Y5TYHwSijMgAqMCtlPTqf1wl8OC8Ey+wjKWxId6kWzR9lWJFr01M3fno4jmU1YDZ
vLWmIoVnlzJ3oDOpk2iqFeYgs1cC/pepXMBs1nIM+9H9gjbvfrdh/IvCuyMFH5S8
jl2cNc1tJQCpmgVFAS21cD38+/Z1PVjICJbcTR1y9YWevnHXbKtSHpJsVs5eF0UK
kDytoPzqaqkR9t0mHttt05vK4n0KhvTY6ujAJe44Bq/XuuNUoxp5O6lsiriGWrBv
0PFLdEnyfwU=
=gOLA
-----END PGP SIGNATURE-----

The post ESB-2020.3589 – [Ubuntu] Collabtive: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/esb-2020-3589-ubuntu-collabtive-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3589-ubuntu-collabtive-execute-arbitrary-code-commands-existing-account

ESB-2020.3587 – [Linux] Linux kernel: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3587
                 Linux kernel vulnerability CVE-2019-3900
                              20 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux kernel
Publisher:         F5 Networks
Operating System:  Linux variants
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-3900  

Reference:         ESB-2019.2869

Original Bulletin: 
   https://support.f5.com/csp/article/K04107324

- --------------------------BEGIN INCLUDED TEXT--------------------

K04107324:Linux kernel vulnerability CVE-2019-3900

Security Advisory

Original Publication Date: 20 Oct, 2020

Security Advisory Description

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel
up to and including v5.1-rc6, while handling incoming packets in handle_rx().
It could occur if one end sends packets faster than the other end can process
them. A guest user, maybe remote one, could use this flaw to stall the
vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)

Impact

An attacker may cause a denial-of-service (DoS) that results in a traffic
disruption. This issue only affects BIG-IP platforms with Virtual Clustered
Multiprocessing (vCMP) guests. This issue does not affect BIG-IP Virtual
Edition (VE) or single-instance appliances.  BIG-IP vCMP systems are vulnerable
regardless of their configuration or deployed modules.

Security Advisory Status

F5 Product Development has assigned ID 949889 (BIG-IP and BIG-IQ) to this
vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

+-------------------+------+----------+----------+----------+------+----------+
|                   |      |Versions  |Fixes     |          |CVSSv3|Vulnerable|
|Product            |Branch|known to  |introduced|Severity  |score^|component |
|                   |      |be        |in        |          |1     |or feature|
|                   |      |vulnerable|          |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |16.x  |16.0.0    |None      |          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |15.x  |15.1.0 -  |None      |          |      |          |
|                   |      |15.1.1    |          |          |      |          |
|BIG-IP (LTM, AAM,  +------+----------+----------+          |      |          |
|Advanced WAF, AFM, |14.x  |14.1.0 -  |None      |          |      |          |
|Analytics, APM,    |      |14.1.2    |          |          |      |vCMP /    |
|ASM, DDHD, DNS,    +------+----------+----------+Medium    |6.3   |Linux     |
|FPS, GTM, Link     |13.x  |13.1.0 -  |None      |          |      |kernel    |
|Controller, PEM,   |      |13.1.3    |          |          |      |          |
|SSLO)              +------+----------+----------+          |      |          |
|                   |12.x  |12.1.0 -  |None      |          |      |          |
|                   |      |12.1.5    |          |          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |11.x  |11.6.1 -  |None      |          |      |          |
|                   |      |11.6.5    |          |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |7.x   |7.0.0 -   |None      |          |      |          |
|                   |      |7.1.0     |          |          |      |          |
|BIG-IQ Centralized +------+----------+----------+          |      |vCMP /    |
|Management         |6.x   |6.0.0 -   |None      |Medium    |6.3   |Linux     |
|                   |      |6.1.0     |          |          |      |kernel    |
|                   +------+----------+----------+          |      |          |
|                   |5.x   |5.4.0     |None      |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|Traffix SDC        |5.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+

^1The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

None

Supplemental Information

o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K15106: Managing BIG-IQ product hotfixes
  o K15113: BIG-IQ hotfix and point release matrix
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents
  o K14218: vCMP guest memory/CPU core allocation matrix

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX44YTeNLKJtyKPYoAQhcqw//UGevXpRYnXx6pYX/H05AEyJ5PX7FB7cI
rDcZEEt/aoTdHMeTltYHK/zLePKHpC2V8ZmZC8cTqyWXpZe392htTNmDPOmjvS07
d4b3FP94QK57KTqeLBpgthXKIa9va9t7Q9KGDSuOf1FYe0JDE3Zsi0e3udowdkm8
3VTuVvUXaH7LWIuaBewKC8ndUZzaetGtfyYbL40ZpkFa4M262oBUZk4vnBJ01mOc
ZvWvbC561VA/GoyY7aK6qDKqNYTfCcOeYtve66JLubfGIgDRCaUnoIcP92p3g+QI
0foLRmHPhQYuK1ghU7JCxN2ENztYnMgERCTKdoKAq6q41gIjVQsrALph3Kd6OBBR
6zc8lAYYSeORx8wHPlRTH0coFqAPIRF9a+6syVy0jeInJDpDwHRCphfHrkHS6MDK
8O3P9Hek7Uchjg/SIr5BQXFt1Ipxe6f1Q5utv9NJSMv8FFLobcf8gsIiN5JD6eIY
uLxZU3D1aCsKZ180WY5ZeyizmzmhC7/Et/QlDEcnLTJdGGUB/wHG0K4sLQ4ZfxjP
WFVqGwp4MoPSAk43t5wBqQQMufpuS/Le7FJ0DW93U29ru8LjUatd+XJDBpCbANUe
MeLElY+vWiCmi7mFUT5/fg+OnfaV1g8BnkCUmURtRxmaxdM6gyFIVWRA7kn4/hzS
Eyc9se180q8=
=p3Nd
-----END PGP SIGNATURE-----

The post ESB-2020.3587 – [Linux] Linux kernel: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/esb-2020-3587-linux-linux-kernel-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3587-linux-linux-kernel-denial-of-service-remote-unauthenticated

Network Security News Summary for Tuesday October 20 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Tuesday October 20 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/network-security-news-summary-for-tuesday-october-20-2020-2/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-october-20-2020-2

Network Security News Summary for Tuesday October 20 2020

The post Network Security News Summary for Tuesday October 20 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/20/network-security-news-summary-for-tuesday-october-20-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-october-20-2020

Monday, October 19, 2020

NSS Labs Shuttered

Subscribe to Newsletters

Webinar Archives

White Papers

Cloud Threat Report: Spring 2020

The Best Free Vulnerability Management Tools

Special Report: Edge Computing: An IT Platform for the New Enterprise

The Threat Hunt That Uncovered Novel Malware

Steps Organizations Can Make to PIVOT to Business Agility

More White Papers

Video

All Videos

Cartoon

Latest Comment: I’m done with Technology tonight. The bed won’t go up so I’m using pillows, the Kindle is locked up so I’m reading an actual book and …

Cartoon Archive

Current Issue

Special Report: Computing’s New NormalThis special report examines how IT security organizations have adapted to the “new normal” of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.

Back Issues | Must Reads

Flash Poll

All Polls

How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world — and enterprise computing — on end. Here’s a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.

Download Now!

Special Report: Understanding Your Cyber Attackers

0 comments

2020 State of Cybersecurity Operations and Incident Response

0 comments

The Changing Face of Threat Intelligence

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-15256
PUBLISHED: 2020-10-19

A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and settin…

CVE-2020-15261
PUBLISHED: 2020-10-19

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don’t have administr…

CVE-2020-6084
PUBLISHED: 2020-10-19

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malic…

CVE-2020-6085
PUBLISHED: 2020-10-19

CVE-2020-10746
PUBLISHED: 2020-10-19

A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

The post NSS Labs Shuttered appeared first on Malware Devil.

https://malwaredevil.com/2020/10/19/nss-labs-shuttered-2/?utm_source=rss&utm_medium=rss&utm_campaign=nss-labs-shuttered-2