De SLA a XLA: de servicios a experiencias

Imaginen el mejor automóvil, el más veloz, con tecnología de punta de inicio a fin. Pero al ingresar a este notan que no tiene asientos y cuenta con una combinación de velocidades desconocida, que cumple con lo básico, pero lo …

The post De SLA a XLA: de servicios a experiencias appeared first on ManageEngine Blog.

The post De SLA a XLA: de servicios a experiencias appeared first on Security Boulevard.

Read More

The post De SLA a XLA: de servicios a experiencias appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/de-sla-a-xla-de-servicios-a-experiencias-4/?utm_source=rss&utm_medium=rss&utm_campaign=de-sla-a-xla-de-servicios-a-experiencias-4

De SLA a XLA: de servicios a experiencias

Imaginen el mejor automóvil, el más veloz, con tecnología de punta de inicio a fin. Pero al ingresar a este notan que no tiene asientos y cuenta con una combinación de velocidades desconocida, que cumple con lo básico, pero lo …

The post De SLA a XLA: de servicios a experiencias appeared first on ManageEngine Blog.

The post De SLA a XLA: de servicios a experiencias appeared first on Security Boulevard.

Read More

The post De SLA a XLA: de servicios a experiencias appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/de-sla-a-xla-de-servicios-a-experiencias-3/?utm_source=rss&utm_medium=rss&utm_campaign=de-sla-a-xla-de-servicios-a-experiencias-3

De SLA a XLA: de servicios a experiencias

Imaginen el mejor automóvil, el más veloz, con tecnología de punta de inicio a fin. Pero al ingresar a este notan que no tiene asientos y cuenta con una combinación de velocidades desconocida, que cumple con lo básico, pero lo …

The post De SLA a XLA: de servicios a experiencias appeared first on ManageEngine Blog.

The post De SLA a XLA: de servicios a experiencias appeared first on Security Boulevard.

Read More

The post De SLA a XLA: de servicios a experiencias appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/de-sla-a-xla-de-servicios-a-experiencias-2/?utm_source=rss&utm_medium=rss&utm_campaign=de-sla-a-xla-de-servicios-a-experiencias-2

De SLA a XLA: de servicios a experiencias

Imaginen el mejor automóvil, el más veloz, con tecnología de punta de inicio a fin. Pero al ingresar a este notan que no tiene asientos y cuenta con una combinación de velocidades desconocida, que cumple con lo básico, pero lo …

The post De SLA a XLA: de servicios a experiencias appeared first on ManageEngine Blog.

The post De SLA a XLA: de servicios a experiencias appeared first on Security Boulevard.

Read More

The post De SLA a XLA: de servicios a experiencias appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/de-sla-a-xla-de-servicios-a-experiencias/?utm_source=rss&utm_medium=rss&utm_campaign=de-sla-a-xla-de-servicios-a-experiencias

How to Choose an MDR Provider

Managed detection and response (MDR) providers are becoming increasingly popular with small-to-medium sized business and mid-market companies alike. 

Gartner estimates that by 2024, a quarter of all organizations will be using MDR services—either as augmentation of their in-house capabilities or as a stand-alone security partner—which is up from less than 5% today. They also expect that by 2024, 40% of midsize enterprises will use MDR as their only managed security service.

With that said, Gartner also highlighted the confusion that exists in the market. Would-be MDR customers have a hard time differentiating one provider—and even one feature—from another, given the variety of approaches and technologies used by MDR service providers.

The post How to Choose an MDR Provider appeared first on Security Boulevard.

Read More

The post How to Choose an MDR Provider appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/how-to-choose-an-mdr-provider-6/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-choose-an-mdr-provider-6

How to Choose an MDR Provider

Managed detection and response (MDR) providers are becoming increasingly popular with small-to-medium sized business and mid-market companies alike. 

Gartner estimates that by 2024, a quarter of all organizations will be using MDR services—either as augmentation of their in-house capabilities or as a stand-alone security partner—which is up from less than 5% today. They also expect that by 2024, 40% of midsize enterprises will use MDR as their only managed security service.

With that said, Gartner also highlighted the confusion that exists in the market. Would-be MDR customers have a hard time differentiating one provider—and even one feature—from another, given the variety of approaches and technologies used by MDR service providers.

The post How to Choose an MDR Provider appeared first on Security Boulevard.

Read More

The post How to Choose an MDR Provider appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/how-to-choose-an-mdr-provider-5/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-choose-an-mdr-provider-5

How to Choose an MDR Provider

Managed detection and response (MDR) providers are becoming increasingly popular with small-to-medium sized business and mid-market companies alike. 

Gartner estimates that by 2024, a quarter of all organizations will be using MDR services—either as augmentation of their in-house capabilities or as a stand-alone security partner—which is up from less than 5% today. They also expect that by 2024, 40% of midsize enterprises will use MDR as their only managed security service.

With that said, Gartner also highlighted the confusion that exists in the market. Would-be MDR customers have a hard time differentiating one provider—and even one feature—from another, given the variety of approaches and technologies used by MDR service providers.

The post How to Choose an MDR Provider appeared first on Security Boulevard.

Read More

The post How to Choose an MDR Provider appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/how-to-choose-an-mdr-provider-4/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-choose-an-mdr-provider-4

How to Choose an MDR Provider

Managed detection and response (MDR) providers are becoming increasingly popular with small-to-medium sized business and mid-market companies alike. 

Gartner estimates that by 2024, a quarter of all organizations will be using MDR services—either as augmentation of their in-house capabilities or as a stand-alone security partner—which is up from less than 5% today. They also expect that by 2024, 40% of midsize enterprises will use MDR as their only managed security service.

With that said, Gartner also highlighted the confusion that exists in the market. Would-be MDR customers have a hard time differentiating one provider—and even one feature—from another, given the variety of approaches and technologies used by MDR service providers.

The post How to Choose an MDR Provider appeared first on Security Boulevard.

Read More

The post How to Choose an MDR Provider appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/how-to-choose-an-mdr-provider-3/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-choose-an-mdr-provider-3

How to Choose an MDR Provider

Managed detection and response (MDR) providers are becoming increasingly popular with small-to-medium sized business and mid-market companies alike. 

Gartner estimates that by 2024, a quarter of all organizations will be using MDR services—either as augmentation of their in-house capabilities or as a stand-alone security partner—which is up from less than 5% today. They also expect that by 2024, 40% of midsize enterprises will use MDR as their only managed security service.

With that said, Gartner also highlighted the confusion that exists in the market. Would-be MDR customers have a hard time differentiating one provider—and even one feature—from another, given the variety of approaches and technologies used by MDR service providers.

The post How to Choose an MDR Provider appeared first on Security Boulevard.

Read More

The post How to Choose an MDR Provider appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/how-to-choose-an-mdr-provider-2/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-choose-an-mdr-provider-2

How to Choose an MDR Provider

Managed detection and response (MDR) providers are becoming increasingly popular with small-to-medium sized business and mid-market companies alike. 

Gartner estimates that by 2024, a quarter of all organizations will be using MDR services—either as augmentation of their in-house capabilities or as a stand-alone security partner—which is up from less than 5% today. They also expect that by 2024, 40% of midsize enterprises will use MDR as their only managed security service.

With that said, Gartner also highlighted the confusion that exists in the market. Would-be MDR customers have a hard time differentiating one provider—and even one feature—from another, given the variety of approaches and technologies used by MDR service providers.

The post How to Choose an MDR Provider appeared first on Security Boulevard.

Read More

The post How to Choose an MDR Provider appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/how-to-choose-an-mdr-provider/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-choose-an-mdr-provider

The Hard Truth About Federal 2021 Bid Deadlines for Cloud-Based Software Vendors

Chances are, you’re already late.  As cloud-based software vendors adapt to the new normal of a COVID economy, many have pivoted to the public sector for new opportunities and business growth. However, for many business leaders, it shouldn’t come as a surprise that processes, procurement, and certifications involving the Federal Government can take much longer […]

The post The Hard Truth About Federal 2021 Bid Deadlines for Cloud-Based Software Vendors appeared first on Anitian.

The post The Hard Truth About Federal 2021 Bid Deadlines for Cloud-Based Software Vendors appeared first on Security Boulevard.

Read More

The post The Hard Truth About Federal 2021 Bid Deadlines for Cloud-Based Software Vendors appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/the-hard-truth-about-federal-2021-bid-deadlines-for-cloud-based-software-vendors/?utm_source=rss&utm_medium=rss&utm_campaign=the-hard-truth-about-federal-2021-bid-deadlines-for-cloud-based-software-vendors

Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys

Hacker forums are a rich source of threat intelligence.
Read More

The post Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/digging-into-the-dark-web-how-security-researchers-learn-to-think-like-the-bad-guys-2/?utm_source=rss&utm_medium=rss&utm_campaign=digging-into-the-dark-web-how-security-researchers-learn-to-think-like-the-bad-guys-2

Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys

Hacker forums are a rich source of threat intelligence.
Read More

The post Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/digging-into-the-dark-web-how-security-researchers-learn-to-think-like-the-bad-guys/?utm_source=rss&utm_medium=rss&utm_campaign=digging-into-the-dark-web-how-security-researchers-learn-to-think-like-the-bad-guys

Mcafee Announces Mvision Marketplace And Mvision Api To Enable Organizations To Quickly And Easily Adapt To Security Gaps

Open and Cloud Driven Platform Expands Existing Security Infrastructure with Simple Pre-Integrated Building Block Approach San Jose, Calif., November 12, 2020 – McAfee Corp. (Nasdaq: MCFE) – Today, McAfee announced the launch of MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISION platform that will allow customers to quickly and easily integrate..

The post Mcafee Announces Mvision Marketplace And Mvision Api To Enable Organizations To Quickly And Easily Adapt To Security Gaps appeared first on Security Boulevard.

Read More

The post Mcafee Announces Mvision Marketplace And Mvision Api To Enable Organizations To Quickly And Easily Adapt To Security Gaps appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/mcafee-announces-mvision-marketplace-and-mvision-api-to-enable-organizations-to-quickly-and-easily-adapt-to-security-gaps/?utm_source=rss&utm_medium=rss&utm_campaign=mcafee-announces-mvision-marketplace-and-mvision-api-to-enable-organizations-to-quickly-and-easily-adapt-to-security-gaps

ESB-2020.4029 – [Debian] pacemaker: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4029
                         pacemaker security update
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           pacemaker
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Unauthorised Access -- Existing Account
                   Reduced Security    -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25654  

Reference:         ESB-2020.3754
                   ESB-2020.3745
                   ESB-2020.3721

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2447

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2447-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
November 11, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pacemaker
Version        : 1.1.16-1+deb9u1
CVE ID         : CVE-2020-25654
Debian Bug     : 973254

An ACL bypass flaw was found in pacemaker, a cluster resource manager.
An attacker having a local account on the cluster and in the haclient group
could use IPC communication with various daemons directly to perform certain
tasks that they would be prevented by ACLs from doing if they went through
the configuration.

For Debian 9 stretch, this problem has been fixed in version
1.1.16-1+deb9u1.

We recommend that you upgrade your pacemaker packages.

For the detailed security status of pacemaker please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pacemaker

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+sgAVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRfwBAAyipiGEIZe2KZaMBKxHqTmtt3J+SiClf07VSMKU42dq0CA8ia3euVDxVD
ObG7xTzqnZMTKKkrbWJoNYpt0okA2marIwuIMr8INTrGkjbz/qYIoSsRCBNa4Iwf
5DGM9fBemngZL++g/dWX5nRzg5FMjG/fQ3aIqCN2np9joZtlUaxHLHtdLwWE/eid
2eZckgVGSpSay1CWsqBE8k96oddCX+RzodCg4HXqzJuXaHOr6atngOCM7wOCGScS
94seb80Xy2p9b8BAtWdUl7FtBFvylF/MpFz/6bOvoeOpttq0sEx6GU11ry8vFQLI
7kgWS9IAgDhZ34rSAfsOArodsjzr3mec6STdaBeUcyQnJygF62aEhz4wJLyG3Tt9
dtm6XtUIuet3vCOE8YuwJ4AW+stGYwOJRmgTPdts+foYymllqKrxgGtDpSKYq7xq
XdAjJAjrPO1p7QMziPvq0VkZf468EixeGAgbVi32zpcmGvrfZNWauorL1CmdAKEC
OrPMbR0ejXz8OfED0bnXltGABRaOWxyHnpuOI3OliWHIjsRsJYI19QBSNBsyItBB
L7yN7yM9ssEF/dTUUl6SXKiviaAJy3iqlaRLRc7efS8y40SmA2NcI6zr11Y8ZbSg
H7QlCFPc2rInl1E/Wsm7/6YRCnUxo9+hJ2QaHFy6/Vvu3oJKB0Y=
=4pdv
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6zOK+NLKJtyKPYoAQi6cg//a+OIS3hAnium+yD80LXC9MhpK7xHOlcE
Wzfg8nNO8/0o5xxzO1fo5e8X4H4lrPFFQynh9FZtN+m3XmFRitDnW1RI/pdnh9zv
GYZsC4BHC/xOC1Ez4BFmpc5Kg+TFM57e/kibThBuRj5We57KwYp7iTDHagweSXVY
aVh8YjN3Vpxid/DXB9KnS5b0iAfNM/X1zlkDNzvt+WCH/5SxZ7v7RMYHy5/k+iS0
uuffDzlmRguX/+LiaqglGKJEZHT/SFXDMTyngy2i4U/ut1g7+3vPRHSFVV2jvVux
7lq/3pexJul6WbMjmax/JSHk/1ZcSIRB4p0lwZqAjIzX6S/871u9W1wnQ8jJ1ljW
SV8BiTose7xZddJkcxNxN8uucXzFBn59nkb98E91cuCc45rvK+fjdcg0VASUP6nU
mi9UEWzWNcJapCj9C7TJYCp7Y1aR/rfFO6qYMnrEyomlRoifLMoFkAg5hWn4ItQF
WZvlVTf2VtOQj79tExNWSy/5RAPy3iQx+5Kw0HTBbfCIgWWIb8LXiqynpIwvGukD
spw/m3rl1oxPuAir+slHtQp9gDgfb2mCinK94zCERohfrj+eifp3oJBN6upngjUJ
Dz9DaoHnssiOiNgYZidhYyO/q5Q6ENuKyJO8dBumZelgIpFroQ92psNZNzdSqthN
Blc74BO2B84=
=qq70
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4029 – [Debian] pacemaker: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4029-debian-pacemaker-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4029-debian-pacemaker-multiple-vulnerabilities

ESB-2020.4028 – [RedHat] rh-nodejs12-nodejs: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4028
                    rh-nodejs12-nodejs security update
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           rh-nodejs12-nodejs
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Existing Account      
                   Reduced Security                -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15095 CVE-2020-8252 CVE-2020-8201
                   CVE-2020-8116  

Reference:         ESB-2020.3588.2
                   ESB-2020.3494
                   ESB-2020.3330

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:5086

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-nodejs12-nodejs security update
Advisory ID:       RHSA-2020:5086-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5086
Issue date:        2020-11-11
CVE Names:         CVE-2020-8116 CVE-2020-8201 CVE-2020-8252 
                   CVE-2020-15095 
=====================================================================

1. Summary:

An update for rh-nodejs12-nodejs is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version:
rh-nodejs12-nodejs (12.18.4). (BZ#1878550, BZ#1888291, BZ#1888298)

Security Fix(es):

* nodejs-dot-prop: prototype pollution (CVE-2020-8116)

* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
(CVE-2020-8201)

* npm: Sensitive information exposure through logs (CVE-2020-15095)

* libuv: buffer overflow in realpath (CVE-2020-8252)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1856875 - CVE-2020-15095 npm: Sensitive information exposure through logs
1868196 - CVE-2020-8116 nodejs-dot-prop: prototype pollution
1879311 - CVE-2020-8201 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
1879315 - CVE-2020-8252 libuv: buffer overflow in realpath

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

aarch64:
rh-nodejs12-nodejs-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.aarch64.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

aarch64:
rh-nodejs12-nodejs-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.aarch64.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-8116
https://access.redhat.com/security/cve/CVE-2020-8201
https://access.redhat.com/security/cve/CVE-2020-8252
https://access.redhat.com/security/cve/CVE-2020-15095
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6vpDtzjgjWX9erEAQhVBhAAjCdpoUHdRTSRsGusDgADPOyprrXsdcKM
57u/ODFju7ucGlzxP4ZM2ISr5vGlKrSbu4KzrWn04fP8drjo78lU/XguE/ENCX2G
dobzCowj9koBz2PBeKPj2bUFmVjvujYDzvxwpPChQ8beS8RNo/k18BMPkRvnYT3b
HKhpCfvZxV1M3xHIO+EZKuOEK2yiVgLC3hvb+sWJ0pDESmL0o6lCIHQEvXzbW1JO
irOq4X4AFOX3m85U5O9nQMXGBxhBvF3F/f0eKzDWlJ5SVx+r7jk5A4Zd8w1+dndh
ih+1N7o8c+kuMfgWhRFjyG5BVieS4nIZ7TCJuYMGJ1KayBZEWTjP70XMVkE575rw
mQIBdLtBeCjv3CmNapqJDnV0U9CEMQ0k825WKmK2yZuyzdtnDe7au3S5p85Ao/hk
XO09z9i5OQLvSj+PaGMdrOV21tbHf3zlYXbLrFvpNmuQaFd+o7KGKZeihkJpkqlo
/n29P3DRpwMS7pkYack92Lmlt2N/e2wloD/CyVrf2S6bJC8OjHLnCUBNIIzKoqXc
GnF0Ivnf4ctOGFT41ANcMlegQ7quL+9gvRSat7+wv3hoEZcoaLWPh9XMQoPvU1Da
qRVOj59lucvq9GFTchLRE2g+Qj/QVrzKSRkZl4uDPZ6cofMQnAPebqZdrVxo2YCJ
gh2XZJQrT9o=
=LktG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6zOFeNLKJtyKPYoAQgnBQ//Wl7achuhZbKwM+R4p1SJU0bxmgfW2FBY
ln/1opAz1Gr/QVEZw5Jw8rSD5LdeZmvpykQvYC0WYsqrFCK+Q3RkpYduDVIKHn7q
4TNkdNGJACLtvJJFPu1nWiIkQBIGNsMkYyo+pi+jSoi4SQkRt5N5ptCS3LnbLjWp
djDEvCthN4v3pU+mNleOT5H6fu4Y/szs9wFkIpeFIjveLBNixKYxBs3LGC1+jaT8
O6/c4hBRxCfN4wkBuLlpeU3Zp6SXQaz5E/uBoR6cB+8U9OYh029l9m7EMW+jfB0a
C8Le8ajqXfUucWk/FIL741OZ5RfJckXgChs4W0cKdwS7pDTfg2Jtk/G9mkOhd0CV
VoRy9dJ24j+IMM4OAh6Nzaj61a1Ja3MDb2jYJxObPPD5hQZ9FVVAo1M3QMxBllh4
yevfuubo6RAJypUHZfZw4EsDUlZTltvcWTT3+fFP17nvi3gENlnmfx1twky8jUUO
8wfUdACTSJqKxymV07doeCc0zRFGICevPMzKXQEDnEn6qeeGz+9rrN2JyzKv4oRG
nqzmD6zUTfqIw/WzDsbQCX87ppM1iJzybYjU+lYgnEfIsZUuQItuEC4FC4pbHrnv
v5xvx5SPdWJUC0wy4SOZ8tFs/uYLZzjlZIFruleRBOXsqOSTwJ1Gzp3GgU6OPIpW
4hhPGv5eVi4=
=cXs/
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4028 – [RedHat] rh-nodejs12-nodejs: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4028-redhat-rh-nodejs12-nodejs-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4028-redhat-rh-nodejs12-nodejs-multiple-vulnerabilities

ESB-2020.4026 – [Appliance] OSIsoft PI Interface for OPC XML-DA: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4026
       Advisory (icsa-20-315-01) OSIsoft PI Interface for OPC XML-DA
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OSIsoft PI Interface for OPC XML-DA
Publisher:         ICS-CERT
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-0006  

Reference:         ESB-2013.0025

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-315-01)

OSIsoft PI Interface for OPC XML-DA

Original release date: November 10, 2020

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are
provided"as is" for informational purposes only. The Department of Homeland
Security (DHS) does not provide any warranties of any kind regarding any
information contained within. DHS does not endorse any commercial product or
service, referenced in this product or otherwise. Further dissemination of this
product is governed by the Traffic Light Protocol (TLP) marking in the header.
For more information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 8.1
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: OSIsoft
  o Equipment: PI Interface
  o Vulnerability: Numeric Errors

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an
attacker-controlled OPC XML-DA Server to respond with a crafted XML message and
exploit the PI Interface for OPC XML-DA, resulting in code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

All versions of PI Interface for OPC XML-DA prior to 1.7.3.x are affected.

3.2 VULNERABILITY OVERVIEW

3.2.1 NUMERIC ERRORS CWE-189

The affected product is vulnerable to a stack-based buffer overflow, which may
allow an attacker to remotely execute arbitrary code.

CVE-2013-0006 has been assigned to this vulnerability. A CVSS v3 base score of
8.1 has been assigned; the CVSS vector string is ( AV:N/AC:H/PR:N/UI:N/S:U/C:H/
I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Multiple
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

OSIsoft reported this vulnerability to CISA.

4. MITIGATIONS

Upgrade to PI Interface for OPC XML-DA Version 1.7.3.x to remove this
vulnerability.

Security bulletin and access to security update is available on the OSIsoft
customer portal (login required).

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6yyDONLKJtyKPYoAQhKOw/+KvXvr4QJeMHoqj7ZoAScr+GUZNpKu9xh
VQVMld5AXpfkqit+Tw03dHgVLJLvFP6glKy4SSyFxc0krEfz6I0Xs/Coia30OAY4
WZqSbDMjojL/Bp7dtu6kZc1X7NjU7PVcD+WwUmhGnMjNc7tHYpDO3F4sXLMiq/Hn
bH6ltYfPiTT20d/8pn5Tf727o2gFYUqPmC/GmB3ZUXrG/3NCJNhl4EizgJyDWGoG
8HMcpUiHI65rmFnIfNP8qXALgU6FK0nys7NHuob1jgKTnIaTMoSaPQ4Q4AfDtwZl
8YogoJ0YMyw4ZueAkxnWQSwfHYmL7nn+M8vyWS0C+H4/24/z2vylFw2CzWkW3Gg6
7W8ATCDm7uCHYGr4XbnqeWkMzmrXB216QmYMcBCEWywYmR9Sq4wJlgp/V8p5hcPH
zhCGbmvroUXfH0CRD+yQCedgttV8EsfbTOF+F+dzGGiMUFM2dfZBiEKYIy1WV5fZ
o+OjD1Xvpus6iwN0CfwvLEd4pI68djgG5Ne5UQQj86gl6ddlN87jznOH9urX6U/1
ajlFlc/JdRs3nfdmhMYTgtkadB5nPfSvnWhuFOhWpwkYYffsKKjhtbjtG88ws4Xc
DHefiZap0yT3wgzKN/ZBpCb2j4lARydi8SlKdkBGSzzUHhN7tlKQJQvX40CIDFFw
gxo30wXNSsA=
=32eZ
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4026 – [Appliance] OSIsoft PI Interface for OPC XML-DA: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4026-appliance-osisoft-pi-interface-for-opc-xml-da-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4026-appliance-osisoft-pi-interface-for-opc-xml-da-multiple-vulnerabilities

ESB-2020.4027 – [Appliance] OSIsoft PI Vision: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4027
                Advisory (icsa-20-315-02) OSIsoft PI Vision
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OSIsoft PI Vision
Publisher:         ICS-CERT
Operating System:  Network Appliance
Impact/Access:     Modify Arbitrary Files   -- Existing Account
                   Cross-site Scripting     -- Existing Account
                   Access Confidential Data -- Existing Account
                   Unauthorised Access      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25167 CVE-2020-25163 

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-315-02

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-315-02)

OSIsoft PI Vision

Original release date: November 10, 2020

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are
provided"as is" for informational purposes only. The Department of Homeland
Security (DHS) does not provide any warranties of any kind regarding any
information contained within. DHS does not endorse any commercial product or
service, referenced in this product or otherwise. Further dissemination of this
product is governed by the Traffic Light Protocol (TLP) marking in the header.
For more information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 7.7
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: OSIsoft
  o Equipment: PI Vision 2020
  o Vulnerabilities: Cross-site Scripting, Incorrect Authorization

2. RISK EVALUATION

Successful exploitation of these vulnerabilities may allow a remote attacker
with write access to the PI ProcessBook files to inject code that is imported
into PI Vision, or disclose information to a user with insufficient privileges.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

All versions prior to PI Vision 2020 are affected.

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE
SCRIPTING') CWE-79

A remote attacker with write access to PI ProcessBook files could inject code
that is imported into PI Vision. Unauthorized information disclosure,
modification, or deletion is also possible if a victim views or interacts with
the infected display. This vulnerability affects PI System data and other data
accessible with victim's user permissions.

CVE-2020-25163 has been assigned to this vulnerability. A CVSS v3 base score of
7.7 has been assigned; the CVSS vector string is ( AV:N/AC:H/PR:L/UI:R/S:C/C:H/
I:H/A:N ).

3.2.2 INCORRECT AUTHORIZATION CWE-863

PI Vision could disclose information to a user with insufficient privileges for
an AF attribute.

CVE-2020-25167 has been assigned to this vulnerability. A CVSS v3 base score of
4.9 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:H/UI:N/S:U/C:H/
I:N/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Multiple
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

OSIsoft reported these vulnerabilities to CISA.

4. MITIGATIONS

OSIsoft released PI Vision 2020 Version 3.5.0, which resolves these
vulnerabilities.

Recommended defensive measures and related configuration settings are described
on the OSIsoft customer portal (Login required).

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves
from social engineering attacks:

  o Do not click web links or open unsolicited attachments in email messages.
  o Refer to Recognizing and Avoiding Email Scams for more information on
    avoiding email scams.
  o Refer to Avoiding Social Engineering and Phishing Attacks for more
    information on social engineering attacks.

No known public exploits specifically target these vulnerabilities.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6yyG+NLKJtyKPYoAQiuFQ/+N2MAg/sG22Fudj4ljZNTV27sngtpcPIe
VqebssdEalZ892orRIuiDWAu0H3u3rRJ4T2hBI51RS8MWMtx4/SV/fHELLaOd1+J
odle4dndGHAaYN+p2rEEMJnYU/RXp9nsN6NvlzlOpqWfPPjSPtT6Jnd8H0EpPI8g
NDQxGIptF8HIg/OsObksaJhMspIEC3Ba3He5X77naASFa7xjoMuO40TEaiTxEfO6
4CsavrDvOga+w7d/mvg9GWwyU83kn/oyJZivElkf2xQezgQvzBwXBSS+PACE0vkb
o1XXrUW3GXbA7uwsyUe39ayzm9hdOA/hWsNTduOtE0IKg3DKcx3v846K1bWMlZpx
3u2+tXAzZxiyyzwn3wAyDNHlyC6v0eeEJ8ovX0WOBlDPSfPqj+5QjBtaPUnxU2h0
KRFU5bW9G2KHSJTICufA3g1gXdnwPGZTOSyEDRY3O6+xkX6UDZ0NmfPxU4OoTBaM
MskR/8CIWwDv2/p/2DaCXIlncapDzAAD0FXTZsDjv3scab++S3XfWUd6GEnhRulV
mN07kwNZjZHJ7wcSSamHruZYg3OzRlFVILNULfys9efwoXmop4vW/9VVKCK8kuWu
NB8pWtrfGIOvWKoPVaJmDOt4WUuDL6wuWYGyK6b9REO3ES8G3HAMCJEusQsODgUN
jXDTRIogTwk=
=8V2V
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4027 – [Appliance] OSIsoft PI Vision: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4027-appliance-osisoft-pi-vision-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4027-appliance-osisoft-pi-vision-multiple-vulnerabilities

ESB-2020.4025 – [Win] Microsoft Dynamics 365 Commerce: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4025
                    Microsoft Security Update Releases
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Dynamics 365 Commerce
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Increased Privileges -- Remote/Unauthenticated
                   Unauthorised Access  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16943  

Reference:         ASB-2020.0167
                   ESB-2020.3586

Original Bulletin: 
   https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16943

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: November 10, 2020
**************************************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2020-16943
 

Revision Information:
=====================

* CVE-2020-16943

 - CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16943
 - Version 3.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Dynamics 365 Commerce. The Security Updates table has been revised to
   list the versions that are affected by this vulnerability. Customers running any
   of these versions of Dynamics 365 Commerce should install the update for their 
   product to be protected from this vulnerability.
 - Originally posted: October 13, 2020
 - Updated: November 10, 2020
 - Aggregate CVE Severity Rating: Important


**************************************************************************************
 
Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================

If you receive an email message that claims to be distributing a Microsoft security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security 
notifications. However, PGP is not required for reading security notifications, 
reading security bulletins, or installing security updates. You can obtain the MSRC
public PGP key at .

**************************************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT 
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, 
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS 
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
**************************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at 
.

If you would prefer not to receive future technical security notification alerts by 
email from Microsoft and its family of companies please visit the following website 
to unsubscribe:
.

These settings will not affect any newsletters you've requested or any mandatory 
service communications that are considered part of certain Microsoft services.

For legal Information, see:
.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEg0iscncjmT22JxoVtl38EsTnIbgFAl+qyt8ACgkQtl38EsTn
IbiNHgf8DgXqwF2K+mdFdkgiXTzPF//Yusz6NzSKUK/rmxk6n1R0dZRpVE27J2BQ
/vN3LyT6u2aikjboIqfHSnMdojFk44o2jpTe78GaZseJPRHkrwcCH8Nwmt+jJRv3
sst/C5VUN/aNHJ063UZUvCLApoJEPBeFsY8gayVttal7VeilW1wcsAF9TdxDo+VA
uIb8S0A8imtr9ZnDbfP6ZWxTtF3MEoL7eogaVv+Y9WnAb7aSRjwiFRJ5IzVYZ/If
3wbBayaIkFm/IyIKiOAPV6XXIOHBIh81StY1ABCbpXE3sSqhJ8X0cWeQkwCj9ZGA
OhRTI5dGLR2semjYDW5571ulqjCINA==
=eyMw
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6yx1uNLKJtyKPYoAQh5fA//R0UsfrehwKACwam8r2FAhy8Tvj48PyRa
XK/NHfFXqjm/CTTJUzoe1w9VsT5TPQksekT4Agw+OMXBO9siisbwICDr6XqvR1iH
xEXpHred2k+jWAwhGR7u7U3UXQH4rw8VHdn52KZVbU5BwT4T+VGmzmhvGnEVkrXq
8J2+NOy0MuZUvkWGPnms2wt0T/yT0AQDHtkgMp15MfjyMFQChIJ+4LGi+EuHUeEb
NEw72PMtPvlG9il+EXFdv9fG52vPos0iXVJQPhcp8IS37Pz1AOSSgT62dedI6+bx
dux2hVZYT+A9t7YqVh9YiSIiXigRIhdy18l8xWnQDHk6BlqE1lbmNvmEFHi7tlgx
Xc1R+NO12jZ4RVOu6gxLEr5nYvUuoX+0I8+32KF+bnXKuxMNVpOS0tnJ0Y84V2az
RPQke5P8fkh3cMezhawSwhwGdRQs1HNPnWciUdNumnmJm1jM+7xXQXuBLOWYHK5d
qJn2WY2Vt4WoOjMTmOEMwuNfHJezMiut6TYQoRlkFvxcl5s46qUhB2Pg6wEmSvzN
iInFOPY9Cx4Zk+bVY4Ne9cNnnCBDduJyFVv87vyLwJiLI0eyHbhCSA7PGYl8G0JN
yvf9N+P4JNxhVtAdiZ1T2E0txmNo7vt+ls+y93vsQkC+6+LHnbWX4RBmL7HXITPE
RBqa6lTmHTU=
=bdCs
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4025 – [Win] Microsoft Dynamics 365 Commerce: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4025-win-microsoft-dynamics-365-commerce-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4025-win-microsoft-dynamics-365-commerce-multiple-vulnerabilities

Exposed Blob Storage in Azure, (Thu, Nov 12th)

With the headline “Improperly Configured AWS S3 Bucket Exposes 10 Million Hotel Guest Records” in this week’s SANS NewsBites, I wanted to shed a little light on the same problem, but in Azure.

Microsoft Azure Blob Storage is very similar to AWS S3, and comes in three access control flavors:

• “Private” is thankfully the default. and turns off anonymous public access
• “Blob” allows unauthenticated public access to a file, as long as you know its name
• “Container” is the same as blob, but also allows to list the folder contents

You can check the configured access level by looking at your Azure resources, clicking on the storage accounts, and then drilling down into the storage containers present:

An access level of “Blob” can be sufficient for something like a public website. It behaves very similar to a web server – if someone knows or can guess the file name, they can access the file, no questions asked.  For business data, this level of access is dangerous though, because its “security” basically just relies on your assumption that nobody else knows or can guess the file name. More often than not, this assumption turns out to be ill-advised. Other files that you intentionally share publicly might have a similar naming structure, or you maybe are using easily guessable names to begin with. In a nutshell: If you would consider a file too sensitive to store on your public web server, don’t store it in a Azure container with “Blob” access, either.

An access level of “Container” is the same as “Blob”, but worse. An attacker just needs to know the name of the Storage Account itself. That’s the part of the name in front of the *.blob.core.windows.net URLs that you certainly have encountered before. That name space is pretty small, because the Storage Account Name has to be unique across all Azure tenants (Microsoft Azure Customers).  While creating a new storage account, “name collisions” are therefore quite frequent:

The container name itself (one level below the storage account) only needs to be unique per storage account though, and cannot be directly enumerated. Therefore, even accounts that are exposed at access level “Container” retain a tiny modicum of security-by-obscurity, presumed that your container is indeed named obscurely. In my example shown, the container is named “logs”, and would likely be discovered real quick once someone develops any interest in my “temporaryexampleonly” container. Enumerating the contents is then only one API call away, and the resulting XML/JSON is readily machine parseable to extract the URLs of all the files in the container. Once the file and path names are known, the files can be obtained even if the access level is later changed back to “Blob”.

One way to quickly find out if you have exposed Containers in your Azure Storage setup is to use Azure Security Center (ASC).  Even at the “Free” tier, you will see recommendations like these:

If your ASC displays this recommendation for any of your storage accounts, take it seriously, and investigate if the flagged resource is public-by-design, or public-by-mistake. 

In the next diary, I’m going to show how you can reliably prevent the problem from occurring in the first place.
 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Exposed Blob Storage in Azure, (Thu, Nov 12th) appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/exposed-blob-storage-in-azure-thu-nov-12th/?utm_source=rss&utm_medium=rss&utm_campaign=exposed-blob-storage-in-azure-thu-nov-12th