Mcafee Announces Mvision Marketplace And Mvision Api To Enable Organizations To Quickly And Easily Adapt To Security Gaps

Open and Cloud Driven Platform Expands Existing Security Infrastructure with Simple Pre-Integrated Building Block Approach San Jose, Calif., November 12, 2020 – McAfee Corp. (Nasdaq: MCFE) – Today, McAfee announced the launch of MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISION platform that will allow customers to quickly and easily integrate..

The post Mcafee Announces Mvision Marketplace And Mvision Api To Enable Organizations To Quickly And Easily Adapt To Security Gaps appeared first on Security Boulevard.

Read More

The post Mcafee Announces Mvision Marketplace And Mvision Api To Enable Organizations To Quickly And Easily Adapt To Security Gaps appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/mcafee-announces-mvision-marketplace-and-mvision-api-to-enable-organizations-to-quickly-and-easily-adapt-to-security-gaps/?utm_source=rss&utm_medium=rss&utm_campaign=mcafee-announces-mvision-marketplace-and-mvision-api-to-enable-organizations-to-quickly-and-easily-adapt-to-security-gaps

ESB-2020.4029 – [Debian] pacemaker: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4029
                         pacemaker security update
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           pacemaker
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Unauthorised Access -- Existing Account
                   Reduced Security    -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25654  

Reference:         ESB-2020.3754
                   ESB-2020.3745
                   ESB-2020.3721

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2447

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2447-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
November 11, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pacemaker
Version        : 1.1.16-1+deb9u1
CVE ID         : CVE-2020-25654
Debian Bug     : 973254

An ACL bypass flaw was found in pacemaker, a cluster resource manager.
An attacker having a local account on the cluster and in the haclient group
could use IPC communication with various daemons directly to perform certain
tasks that they would be prevented by ACLs from doing if they went through
the configuration.

For Debian 9 stretch, this problem has been fixed in version
1.1.16-1+deb9u1.

We recommend that you upgrade your pacemaker packages.

For the detailed security status of pacemaker please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pacemaker

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -----BEGIN PGP SIGNATURE-----

iQKTBAABCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+sgAVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRfwBAAyipiGEIZe2KZaMBKxHqTmtt3J+SiClf07VSMKU42dq0CA8ia3euVDxVD
ObG7xTzqnZMTKKkrbWJoNYpt0okA2marIwuIMr8INTrGkjbz/qYIoSsRCBNa4Iwf
5DGM9fBemngZL++g/dWX5nRzg5FMjG/fQ3aIqCN2np9joZtlUaxHLHtdLwWE/eid
2eZckgVGSpSay1CWsqBE8k96oddCX+RzodCg4HXqzJuXaHOr6atngOCM7wOCGScS
94seb80Xy2p9b8BAtWdUl7FtBFvylF/MpFz/6bOvoeOpttq0sEx6GU11ry8vFQLI
7kgWS9IAgDhZ34rSAfsOArodsjzr3mec6STdaBeUcyQnJygF62aEhz4wJLyG3Tt9
dtm6XtUIuet3vCOE8YuwJ4AW+stGYwOJRmgTPdts+foYymllqKrxgGtDpSKYq7xq
XdAjJAjrPO1p7QMziPvq0VkZf468EixeGAgbVi32zpcmGvrfZNWauorL1CmdAKEC
OrPMbR0ejXz8OfED0bnXltGABRaOWxyHnpuOI3OliWHIjsRsJYI19QBSNBsyItBB
L7yN7yM9ssEF/dTUUl6SXKiviaAJy3iqlaRLRc7efS8y40SmA2NcI6zr11Y8ZbSg
H7QlCFPc2rInl1E/Wsm7/6YRCnUxo9+hJ2QaHFy6/Vvu3oJKB0Y=
=4pdv
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6zOK+NLKJtyKPYoAQi6cg//a+OIS3hAnium+yD80LXC9MhpK7xHOlcE
Wzfg8nNO8/0o5xxzO1fo5e8X4H4lrPFFQynh9FZtN+m3XmFRitDnW1RI/pdnh9zv
GYZsC4BHC/xOC1Ez4BFmpc5Kg+TFM57e/kibThBuRj5We57KwYp7iTDHagweSXVY
aVh8YjN3Vpxid/DXB9KnS5b0iAfNM/X1zlkDNzvt+WCH/5SxZ7v7RMYHy5/k+iS0
uuffDzlmRguX/+LiaqglGKJEZHT/SFXDMTyngy2i4U/ut1g7+3vPRHSFVV2jvVux
7lq/3pexJul6WbMjmax/JSHk/1ZcSIRB4p0lwZqAjIzX6S/871u9W1wnQ8jJ1ljW
SV8BiTose7xZddJkcxNxN8uucXzFBn59nkb98E91cuCc45rvK+fjdcg0VASUP6nU
mi9UEWzWNcJapCj9C7TJYCp7Y1aR/rfFO6qYMnrEyomlRoifLMoFkAg5hWn4ItQF
WZvlVTf2VtOQj79tExNWSy/5RAPy3iQx+5Kw0HTBbfCIgWWIb8LXiqynpIwvGukD
spw/m3rl1oxPuAir+slHtQp9gDgfb2mCinK94zCERohfrj+eifp3oJBN6upngjUJ
Dz9DaoHnssiOiNgYZidhYyO/q5Q6ENuKyJO8dBumZelgIpFroQ92psNZNzdSqthN
Blc74BO2B84=
=qq70
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4029 – [Debian] pacemaker: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4029-debian-pacemaker-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4029-debian-pacemaker-multiple-vulnerabilities

ESB-2020.4028 – [RedHat] rh-nodejs12-nodejs: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4028
                    rh-nodejs12-nodejs security update
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           rh-nodejs12-nodejs
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Existing Account      
                   Reduced Security                -- Remote/Unauthenticated
                   Access Confidential Data        -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15095 CVE-2020-8252 CVE-2020-8201
                   CVE-2020-8116  

Reference:         ESB-2020.3588.2
                   ESB-2020.3494
                   ESB-2020.3330

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2020:5086

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: rh-nodejs12-nodejs security update
Advisory ID:       RHSA-2020:5086-01
Product:           Red Hat Software Collections
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:5086
Issue date:        2020-11-11
CVE Names:         CVE-2020-8116 CVE-2020-8201 CVE-2020-8252 
                   CVE-2020-15095 
=====================================================================

1. Summary:

An update for rh-nodejs12-nodejs is now available for Red Hat Software
Collections.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version:
rh-nodejs12-nodejs (12.18.4). (BZ#1878550, BZ#1888291, BZ#1888298)

Security Fix(es):

* nodejs-dot-prop: prototype pollution (CVE-2020-8116)

* nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
(CVE-2020-8201)

* npm: Sensitive information exposure through logs (CVE-2020-15095)

* libuv: buffer overflow in realpath (CVE-2020-8252)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1856875 - CVE-2020-15095 npm: Sensitive information exposure through logs
1868196 - CVE-2020-8116 nodejs-dot-prop: prototype pollution
1879311 - CVE-2020-8201 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
1879315 - CVE-2020-8252 libuv: buffer overflow in realpath

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

aarch64:
rh-nodejs12-nodejs-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.aarch64.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

aarch64:
rh-nodejs12-nodejs-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.aarch64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.aarch64.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

ppc64le:
rh-nodejs12-nodejs-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.ppc64le.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.ppc64le.rpm

s390x:
rh-nodejs12-nodejs-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.s390x.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.s390x.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.s390x.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rh-nodejs12-nodejs-12.18.4-3.el7.src.rpm

noarch:
rh-nodejs12-nodejs-docs-12.18.4-3.el7.noarch.rpm

x86_64:
rh-nodejs12-nodejs-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-debuginfo-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-nodejs-devel-12.18.4-3.el7.x86_64.rpm
rh-nodejs12-npm-6.14.6-12.18.4.3.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-8116
https://access.redhat.com/security/cve/CVE-2020-8201
https://access.redhat.com/security/cve/CVE-2020-8252
https://access.redhat.com/security/cve/CVE-2020-15095
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6vpDtzjgjWX9erEAQhVBhAAjCdpoUHdRTSRsGusDgADPOyprrXsdcKM
57u/ODFju7ucGlzxP4ZM2ISr5vGlKrSbu4KzrWn04fP8drjo78lU/XguE/ENCX2G
dobzCowj9koBz2PBeKPj2bUFmVjvujYDzvxwpPChQ8beS8RNo/k18BMPkRvnYT3b
HKhpCfvZxV1M3xHIO+EZKuOEK2yiVgLC3hvb+sWJ0pDESmL0o6lCIHQEvXzbW1JO
irOq4X4AFOX3m85U5O9nQMXGBxhBvF3F/f0eKzDWlJ5SVx+r7jk5A4Zd8w1+dndh
ih+1N7o8c+kuMfgWhRFjyG5BVieS4nIZ7TCJuYMGJ1KayBZEWTjP70XMVkE575rw
mQIBdLtBeCjv3CmNapqJDnV0U9CEMQ0k825WKmK2yZuyzdtnDe7au3S5p85Ao/hk
XO09z9i5OQLvSj+PaGMdrOV21tbHf3zlYXbLrFvpNmuQaFd+o7KGKZeihkJpkqlo
/n29P3DRpwMS7pkYack92Lmlt2N/e2wloD/CyVrf2S6bJC8OjHLnCUBNIIzKoqXc
GnF0Ivnf4ctOGFT41ANcMlegQ7quL+9gvRSat7+wv3hoEZcoaLWPh9XMQoPvU1Da
qRVOj59lucvq9GFTchLRE2g+Qj/QVrzKSRkZl4uDPZ6cofMQnAPebqZdrVxo2YCJ
gh2XZJQrT9o=
=LktG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6zOFeNLKJtyKPYoAQgnBQ//Wl7achuhZbKwM+R4p1SJU0bxmgfW2FBY
ln/1opAz1Gr/QVEZw5Jw8rSD5LdeZmvpykQvYC0WYsqrFCK+Q3RkpYduDVIKHn7q
4TNkdNGJACLtvJJFPu1nWiIkQBIGNsMkYyo+pi+jSoi4SQkRt5N5ptCS3LnbLjWp
djDEvCthN4v3pU+mNleOT5H6fu4Y/szs9wFkIpeFIjveLBNixKYxBs3LGC1+jaT8
O6/c4hBRxCfN4wkBuLlpeU3Zp6SXQaz5E/uBoR6cB+8U9OYh029l9m7EMW+jfB0a
C8Le8ajqXfUucWk/FIL741OZ5RfJckXgChs4W0cKdwS7pDTfg2Jtk/G9mkOhd0CV
VoRy9dJ24j+IMM4OAh6Nzaj61a1Ja3MDb2jYJxObPPD5hQZ9FVVAo1M3QMxBllh4
yevfuubo6RAJypUHZfZw4EsDUlZTltvcWTT3+fFP17nvi3gENlnmfx1twky8jUUO
8wfUdACTSJqKxymV07doeCc0zRFGICevPMzKXQEDnEn6qeeGz+9rrN2JyzKv4oRG
nqzmD6zUTfqIw/WzDsbQCX87ppM1iJzybYjU+lYgnEfIsZUuQItuEC4FC4pbHrnv
v5xvx5SPdWJUC0wy4SOZ8tFs/uYLZzjlZIFruleRBOXsqOSTwJ1Gzp3GgU6OPIpW
4hhPGv5eVi4=
=cXs/
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4028 – [RedHat] rh-nodejs12-nodejs: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4028-redhat-rh-nodejs12-nodejs-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4028-redhat-rh-nodejs12-nodejs-multiple-vulnerabilities

ESB-2020.4026 – [Appliance] OSIsoft PI Interface for OPC XML-DA: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4026
       Advisory (icsa-20-315-01) OSIsoft PI Interface for OPC XML-DA
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OSIsoft PI Interface for OPC XML-DA
Publisher:         ICS-CERT
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-0006  

Reference:         ESB-2013.0025

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-315-01)

OSIsoft PI Interface for OPC XML-DA

Original release date: November 10, 2020

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are
provided"as is" for informational purposes only. The Department of Homeland
Security (DHS) does not provide any warranties of any kind regarding any
information contained within. DHS does not endorse any commercial product or
service, referenced in this product or otherwise. Further dissemination of this
product is governed by the Traffic Light Protocol (TLP) marking in the header.
For more information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 8.1
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: OSIsoft
  o Equipment: PI Interface
  o Vulnerability: Numeric Errors

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an
attacker-controlled OPC XML-DA Server to respond with a crafted XML message and
exploit the PI Interface for OPC XML-DA, resulting in code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

All versions of PI Interface for OPC XML-DA prior to 1.7.3.x are affected.

3.2 VULNERABILITY OVERVIEW

3.2.1 NUMERIC ERRORS CWE-189

The affected product is vulnerable to a stack-based buffer overflow, which may
allow an attacker to remotely execute arbitrary code.

CVE-2013-0006 has been assigned to this vulnerability. A CVSS v3 base score of
8.1 has been assigned; the CVSS vector string is ( AV:N/AC:H/PR:N/UI:N/S:U/C:H/
I:H/A:H ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Multiple
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

OSIsoft reported this vulnerability to CISA.

4. MITIGATIONS

Upgrade to PI Interface for OPC XML-DA Version 1.7.3.x to remove this
vulnerability.

Security bulletin and access to security update is available on the OSIsoft
customer portal (login required).

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6yyDONLKJtyKPYoAQhKOw/+KvXvr4QJeMHoqj7ZoAScr+GUZNpKu9xh
VQVMld5AXpfkqit+Tw03dHgVLJLvFP6glKy4SSyFxc0krEfz6I0Xs/Coia30OAY4
WZqSbDMjojL/Bp7dtu6kZc1X7NjU7PVcD+WwUmhGnMjNc7tHYpDO3F4sXLMiq/Hn
bH6ltYfPiTT20d/8pn5Tf727o2gFYUqPmC/GmB3ZUXrG/3NCJNhl4EizgJyDWGoG
8HMcpUiHI65rmFnIfNP8qXALgU6FK0nys7NHuob1jgKTnIaTMoSaPQ4Q4AfDtwZl
8YogoJ0YMyw4ZueAkxnWQSwfHYmL7nn+M8vyWS0C+H4/24/z2vylFw2CzWkW3Gg6
7W8ATCDm7uCHYGr4XbnqeWkMzmrXB216QmYMcBCEWywYmR9Sq4wJlgp/V8p5hcPH
zhCGbmvroUXfH0CRD+yQCedgttV8EsfbTOF+F+dzGGiMUFM2dfZBiEKYIy1WV5fZ
o+OjD1Xvpus6iwN0CfwvLEd4pI68djgG5Ne5UQQj86gl6ddlN87jznOH9urX6U/1
ajlFlc/JdRs3nfdmhMYTgtkadB5nPfSvnWhuFOhWpwkYYffsKKjhtbjtG88ws4Xc
DHefiZap0yT3wgzKN/ZBpCb2j4lARydi8SlKdkBGSzzUHhN7tlKQJQvX40CIDFFw
gxo30wXNSsA=
=32eZ
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4026 – [Appliance] OSIsoft PI Interface for OPC XML-DA: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4026-appliance-osisoft-pi-interface-for-opc-xml-da-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4026-appliance-osisoft-pi-interface-for-opc-xml-da-multiple-vulnerabilities

ESB-2020.4027 – [Appliance] OSIsoft PI Vision: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4027
                Advisory (icsa-20-315-02) OSIsoft PI Vision
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OSIsoft PI Vision
Publisher:         ICS-CERT
Operating System:  Network Appliance
Impact/Access:     Modify Arbitrary Files   -- Existing Account
                   Cross-site Scripting     -- Existing Account
                   Access Confidential Data -- Existing Account
                   Unauthorised Access      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25167 CVE-2020-25163 

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-20-315-02

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-20-315-02)

OSIsoft PI Vision

Original release date: November 10, 2020

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are
provided"as is" for informational purposes only. The Department of Homeland
Security (DHS) does not provide any warranties of any kind regarding any
information contained within. DHS does not endorse any commercial product or
service, referenced in this product or otherwise. Further dissemination of this
product is governed by the Traffic Light Protocol (TLP) marking in the header.
For more information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 7.7
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: OSIsoft
  o Equipment: PI Vision 2020
  o Vulnerabilities: Cross-site Scripting, Incorrect Authorization

2. RISK EVALUATION

Successful exploitation of these vulnerabilities may allow a remote attacker
with write access to the PI ProcessBook files to inject code that is imported
into PI Vision, or disclose information to a user with insufficient privileges.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

All versions prior to PI Vision 2020 are affected.

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE
SCRIPTING') CWE-79

A remote attacker with write access to PI ProcessBook files could inject code
that is imported into PI Vision. Unauthorized information disclosure,
modification, or deletion is also possible if a victim views or interacts with
the infected display. This vulnerability affects PI System data and other data
accessible with victim's user permissions.

CVE-2020-25163 has been assigned to this vulnerability. A CVSS v3 base score of
7.7 has been assigned; the CVSS vector string is ( AV:N/AC:H/PR:L/UI:R/S:C/C:H/
I:H/A:N ).

3.2.2 INCORRECT AUTHORIZATION CWE-863

PI Vision could disclose information to a user with insufficient privileges for
an AF attribute.

CVE-2020-25167 has been assigned to this vulnerability. A CVSS v3 base score of
4.9 has been assigned; the CVSS vector string is ( AV:N/AC:L/PR:H/UI:N/S:U/C:H/
I:N/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Multiple
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: United States

3.4 RESEARCHER

OSIsoft reported these vulnerabilities to CISA.

4. MITIGATIONS

OSIsoft released PI Vision 2020 Version 3.5.0, which resolves these
vulnerabilities.

Recommended defensive measures and related configuration settings are described
on the OSIsoft customer portal (Login required).

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing that VPNs may have vulnerabilities and should
    be updated to the most current version available. Also recognize that VPN
    is only as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

CISA also recommends users take the following measures to protect themselves
from social engineering attacks:

  o Do not click web links or open unsolicited attachments in email messages.
  o Refer to Recognizing and Avoiding Email Scams for more information on
    avoiding email scams.
  o Refer to Avoiding Social Engineering and Phishing Attacks for more
    information on social engineering attacks.

No known public exploits specifically target these vulnerabilities.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6yyG+NLKJtyKPYoAQiuFQ/+N2MAg/sG22Fudj4ljZNTV27sngtpcPIe
VqebssdEalZ892orRIuiDWAu0H3u3rRJ4T2hBI51RS8MWMtx4/SV/fHELLaOd1+J
odle4dndGHAaYN+p2rEEMJnYU/RXp9nsN6NvlzlOpqWfPPjSPtT6Jnd8H0EpPI8g
NDQxGIptF8HIg/OsObksaJhMspIEC3Ba3He5X77naASFa7xjoMuO40TEaiTxEfO6
4CsavrDvOga+w7d/mvg9GWwyU83kn/oyJZivElkf2xQezgQvzBwXBSS+PACE0vkb
o1XXrUW3GXbA7uwsyUe39ayzm9hdOA/hWsNTduOtE0IKg3DKcx3v846K1bWMlZpx
3u2+tXAzZxiyyzwn3wAyDNHlyC6v0eeEJ8ovX0WOBlDPSfPqj+5QjBtaPUnxU2h0
KRFU5bW9G2KHSJTICufA3g1gXdnwPGZTOSyEDRY3O6+xkX6UDZ0NmfPxU4OoTBaM
MskR/8CIWwDv2/p/2DaCXIlncapDzAAD0FXTZsDjv3scab++S3XfWUd6GEnhRulV
mN07kwNZjZHJ7wcSSamHruZYg3OzRlFVILNULfys9efwoXmop4vW/9VVKCK8kuWu
NB8pWtrfGIOvWKoPVaJmDOt4WUuDL6wuWYGyK6b9REO3ES8G3HAMCJEusQsODgUN
jXDTRIogTwk=
=8V2V
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4027 – [Appliance] OSIsoft PI Vision: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4027-appliance-osisoft-pi-vision-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4027-appliance-osisoft-pi-vision-multiple-vulnerabilities

ESB-2020.4025 – [Win] Microsoft Dynamics 365 Commerce: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.4025
                    Microsoft Security Update Releases
                             12 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Dynamics 365 Commerce
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Increased Privileges -- Remote/Unauthenticated
                   Unauthorised Access  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-16943  

Reference:         ASB-2020.0167
                   ESB-2020.3586

Original Bulletin: 
   https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16943

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: November 10, 2020
**************************************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2020-16943
 

Revision Information:
=====================

* CVE-2020-16943

 - CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16943
 - Version 3.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Dynamics 365 Commerce. The Security Updates table has been revised to
   list the versions that are affected by this vulnerability. Customers running any
   of these versions of Dynamics 365 Commerce should install the update for their 
   product to be protected from this vulnerability.
 - Originally posted: October 13, 2020
 - Updated: November 10, 2020
 - Aggregate CVE Severity Rating: Important


**************************************************************************************
 
Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================

If you receive an email message that claims to be distributing a Microsoft security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security 
notifications. However, PGP is not required for reading security notifications, 
reading security bulletins, or installing security updates. You can obtain the MSRC
public PGP key at .

**************************************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT 
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, 
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS 
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
**************************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at 
.

If you would prefer not to receive future technical security notification alerts by 
email from Microsoft and its family of companies please visit the following website 
to unsubscribe:
.

These settings will not affect any newsletters you've requested or any mandatory 
service communications that are considered part of certain Microsoft services.

For legal Information, see:
.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEg0iscncjmT22JxoVtl38EsTnIbgFAl+qyt8ACgkQtl38EsTn
IbiNHgf8DgXqwF2K+mdFdkgiXTzPF//Yusz6NzSKUK/rmxk6n1R0dZRpVE27J2BQ
/vN3LyT6u2aikjboIqfHSnMdojFk44o2jpTe78GaZseJPRHkrwcCH8Nwmt+jJRv3
sst/C5VUN/aNHJ063UZUvCLApoJEPBeFsY8gayVttal7VeilW1wcsAF9TdxDo+VA
uIb8S0A8imtr9ZnDbfP6ZWxTtF3MEoL7eogaVv+Y9WnAb7aSRjwiFRJ5IzVYZ/If
3wbBayaIkFm/IyIKiOAPV6XXIOHBIh81StY1ABCbpXE3sSqhJ8X0cWeQkwCj9ZGA
OhRTI5dGLR2semjYDW5571ulqjCINA==
=eyMw
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX6yx1uNLKJtyKPYoAQh5fA//R0UsfrehwKACwam8r2FAhy8Tvj48PyRa
XK/NHfFXqjm/CTTJUzoe1w9VsT5TPQksekT4Agw+OMXBO9siisbwICDr6XqvR1iH
xEXpHred2k+jWAwhGR7u7U3UXQH4rw8VHdn52KZVbU5BwT4T+VGmzmhvGnEVkrXq
8J2+NOy0MuZUvkWGPnms2wt0T/yT0AQDHtkgMp15MfjyMFQChIJ+4LGi+EuHUeEb
NEw72PMtPvlG9il+EXFdv9fG52vPos0iXVJQPhcp8IS37Pz1AOSSgT62dedI6+bx
dux2hVZYT+A9t7YqVh9YiSIiXigRIhdy18l8xWnQDHk6BlqE1lbmNvmEFHi7tlgx
Xc1R+NO12jZ4RVOu6gxLEr5nYvUuoX+0I8+32KF+bnXKuxMNVpOS0tnJ0Y84V2az
RPQke5P8fkh3cMezhawSwhwGdRQs1HNPnWciUdNumnmJm1jM+7xXQXuBLOWYHK5d
qJn2WY2Vt4WoOjMTmOEMwuNfHJezMiut6TYQoRlkFvxcl5s46qUhB2Pg6wEmSvzN
iInFOPY9Cx4Zk+bVY4Ne9cNnnCBDduJyFVv87vyLwJiLI0eyHbhCSA7PGYl8G0JN
yvf9N+P4JNxhVtAdiZ1T2E0txmNo7vt+ls+y93vsQkC+6+LHnbWX4RBmL7HXITPE
RBqa6lTmHTU=
=bdCs
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.4025 – [Win] Microsoft Dynamics 365 Commerce: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/esb-2020-4025-win-microsoft-dynamics-365-commerce-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-4025-win-microsoft-dynamics-365-commerce-multiple-vulnerabilities

Exposed Blob Storage in Azure, (Thu, Nov 12th)

With the headline “Improperly Configured AWS S3 Bucket Exposes 10 Million Hotel Guest Records” in this week’s SANS NewsBites, I wanted to shed a little light on the same problem, but in Azure.

Microsoft Azure Blob Storage is very similar to AWS S3, and comes in three access control flavors:

• “Private” is thankfully the default. and turns off anonymous public access
• “Blob” allows unauthenticated public access to a file, as long as you know its name
• “Container” is the same as blob, but also allows to list the folder contents

You can check the configured access level by looking at your Azure resources, clicking on the storage accounts, and then drilling down into the storage containers present:

An access level of “Blob” can be sufficient for something like a public website. It behaves very similar to a web server – if someone knows or can guess the file name, they can access the file, no questions asked.  For business data, this level of access is dangerous though, because its “security” basically just relies on your assumption that nobody else knows or can guess the file name. More often than not, this assumption turns out to be ill-advised. Other files that you intentionally share publicly might have a similar naming structure, or you maybe are using easily guessable names to begin with. In a nutshell: If you would consider a file too sensitive to store on your public web server, don’t store it in a Azure container with “Blob” access, either.

An access level of “Container” is the same as “Blob”, but worse. An attacker just needs to know the name of the Storage Account itself. That’s the part of the name in front of the *.blob.core.windows.net URLs that you certainly have encountered before. That name space is pretty small, because the Storage Account Name has to be unique across all Azure tenants (Microsoft Azure Customers).  While creating a new storage account, “name collisions” are therefore quite frequent:

The container name itself (one level below the storage account) only needs to be unique per storage account though, and cannot be directly enumerated. Therefore, even accounts that are exposed at access level “Container” retain a tiny modicum of security-by-obscurity, presumed that your container is indeed named obscurely. In my example shown, the container is named “logs”, and would likely be discovered real quick once someone develops any interest in my “temporaryexampleonly” container. Enumerating the contents is then only one API call away, and the resulting XML/JSON is readily machine parseable to extract the URLs of all the files in the container. Once the file and path names are known, the files can be obtained even if the access level is later changed back to “Blob”.

One way to quickly find out if you have exposed Containers in your Azure Storage setup is to use Azure Security Center (ASC).  Even at the “Free” tier, you will see recommendations like these:

If your ASC displays this recommendation for any of your storage accounts, take it seriously, and investigate if the flagged resource is public-by-design, or public-by-mistake. 

In the next diary, I’m going to show how you can reliably prevent the problem from occurring in the first place.
 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Exposed Blob Storage in Azure, (Thu, Nov 12th) appeared first on Malware Devil.

https://malwaredevil.com/2020/11/12/exposed-blob-storage-in-azure-thu-nov-12th/?utm_source=rss&utm_medium=rss&utm_campaign=exposed-blob-storage-in-azure-thu-nov-12th

NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains

The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting, loan- and unemployment fraud.

The post NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nsf-funded-research-aims-to-help-disrupt-cybercrime-supply-chains/?utm_source=rss&utm_medium=rss&utm_campaign=nsf-funded-research-aims-to-help-disrupt-cybercrime-supply-chains

Want to Avoid an Extreme Cyberloss? Focus on the Basics

New analysis of attacks and breaches — to the tune of more than $20 million in damages and losses of at least 20 million records — underscores the importance of planning for these events.

The post Want to Avoid an Extreme Cyberloss? Focus on the Basics appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/want-to-avoid-an-extreme-cyberloss-focus-on-the-basics/?utm_source=rss&utm_medium=rss&utm_campaign=want-to-avoid-an-extreme-cyberloss-focus-on-the-basics

Security Hiring Plans Remain Constant Despite Pandemic

Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.

The post Security Hiring Plans Remain Constant Despite Pandemic appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/security-hiring-plans-remain-constant-despite-pandemic/?utm_source=rss&utm_medium=rss&utm_campaign=security-hiring-plans-remain-constant-despite-pandemic

3 Tips For Successfully Running Tech Outside the IT Department

When marketing opts for “extra-departmental IT,” coordination and communication are required to keep things secured.

The post 3 Tips For Successfully Running Tech Outside the IT Department appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/3-tips-for-successfully-running-tech-outside-the-it-department/?utm_source=rss&utm_medium=rss&utm_campaign=3-tips-for-successfully-running-tech-outside-the-it-department

New to Identity Governance? Here’s What to Look for in a Modern Identity Governance Solution

You likely have an identity governance and administration (IGA) solution in place to address data privacy and regulatory requirements. “Identity governance” refers to identity needs like  access request approvals and certifying user access levels, and “administration” refers to the back-end user account provisioning processes in place to meet those needs. In this blog, we’ll look at the requirements that have driven the adoption of identity governance and administration, how the changing identity landscape is posing challenges for legacy IGA solutions, and how modern IGA approaches fill those gaps.

Why You Need an Identity Governance and Administration Solution

You have to manage user access requirements, ensure compliance with an ever-increasing number of regulations, protect your organizational data and intellectual property, and maintain a seamless customer experience across multiple devices. IGA solutions have evolved over the years to address this broad set of needs.

A robust identity governance and administration solution should enable the certification of appropriate user access levels and allow you to govern that access with policy-based controls. Additionally, it should enable your security and compliance teams to handle access requests, access approvals, and role administration. An effective IGA solution should also help your organization achieve regulatory compliance.

IGA Landscape Challenges 

You’ve likely had your existing identity governance and administration solution in place for a long time, and you’ve seen the identity landscape change drastically around it. Accelerating changes in enterprise technologies, cyberthreats, and the user landscape are putting growing pressure on traditional IGA solutions and, in turn, on your security and compliance teams.

The identity landscape today encompasses a growing number and type of users, accounts, devices, applications, and systems. Applications and systems are no longer just on-premises. They live in a dizzying hybrid of on-premises, cloud, and SaaS environments – and your users, encompassing your workforce, consumers, and partners, access them from many different devices and networks. On top of these complexities, you’re protecting your data and users against an increasing number of internal and external threats while the number of compliance regulations mounts. 

You’re left with a critical question: Can your IGA solution keep up? 

• Identity Silos Leave you with Poor Visibility
  Enterprise IT environments become more complex every year, increasing the number of applications and systems you provide user access to. Most legacy identity governance solutions don’t connect and manage all applications, especially with systems living in a hybrid of on-premises and cloud environments. Combined with your user identity information scattered across multiple identity silos, this can lead to poor enterprise user access visibility, a lack of context, and an inability to recommend appropriate access privileges, like entitlements and role assignments. It’s difficult to secure identities, user access and maintain compliance when you don’t have – and can’t achieve – complete visibility.
• Compliance Becomes Challenging
  Your IGA solution should enable you to understand who has access to what, but with fragmented visibility, your security and compliance teams don’t have the information needed to be compliant with the increasing number of regulations. Longstanding regulations like the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX) have been joined by new legislation like General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), are increasing the pressure on your security and compliance teams. Breaching these regulations comes at a high cost. Noncompliance with SOX can cost organizations up to $25 million in fines as well as criminal or civil prosecution. It’s estimated that $192 million in GDPR violations have been levied against companies since the legislation went into effect. 
• Resources are Exhausted
  Identity governance solutions are expected to work across multiple siloed environments with tens of millions of access privileges spread across legacy and modern applications on both on-premise and cloud environments. Automation is critical to preventing your teams from over provisioning or granting inappropriate access privileges. Unfortunately, many legacy systems can’t be automated, resulting in an overflow of access requests for your team. Requests that require manual, human reviews and fulfillment.

The shortcomings of existing  IGA solutions can lead to identity governance fatigue and leave your organization more vulnerable. When considering a new, modern IGA solution, here are a few best practices to look for:  

• AI-Driven IGA Solution – A modern identity lifecycle management solution that simplifies and automates the access request, access approval, certification and role modeling processes. By leveraging an AI-driven analytics engine, the solution identifies and applies appropriate user access, automates high-confidence access approvals, recommends low risk accounts for certification, re-certifies high-risk accounts, and automates the removal of unnecessary roles. 

A solution that automates access and governance controls to more easily manage the demands of today’s dynamic workforce throughout the entire users’ lifecycle.

• Data Agnostic – A solution that does not include data bias, a data model that reflects the entire user access landscape. A solution that provides the ability to contextually examine all identity-related data, identify and recommend the right level of user access rights via high, medium, and low confident scores while providing the ability to apply appropriate birthright and or leaver user access rights to accounts, applications, systems, roles, and entitlements across the enterprise. 

A solution that reduces overall request volumes by predicting appropriate user access at the right time, to the right resources. 

• Extensible Data Model – A solution with a highly scalable identity model for managing all users, devices, and things. A solution that enables data aggregation from diverse identity authoritative sources combined with an identity relationship model. A data visualization model that automatically identifies contextual relationships across users, devices, and things. 

A solution that automates identity orchestration and automation across access management, identity governance, and identity management via AI-based remediation recommendations. 

ForgeRock Identity Governance and Administration

The ForgeRock Identity Governance and Administration solution is an integral part of the  ForgeRock Identity Platform. The solution provides real-time, continuous enterprise-wide user access visibility, control, and remediation. A solution that simplifies the manual access request, access approval, certification, and role mining processes while providing full identity lifecycle management for creating, managing, and restricting identity access to accounts, systems, applications, and infrastructure. A solution you can strengthen your security posture and automatically drive regulatory compliance.

Amplify Your Existing IGA Solutions with AI-Driven Identity Analytics

ForgeRock Autonomous Identity is an AI-driven identity analytics solution that can be layered on top of, and integrated with, your existing IGA solution. The solution provides contextual, enterprise-wide visibility by collecting and analyzing all identity data, enabling contextual insight of low, medium, and high-risk user access at scale. It identifies and alerts your security and compliance teams about high-risk access or policy violations. By automating much of what is being done manually today, your team is freed up to focus on higher priority tasks and projects. And, by automatically examining enterprise-wide identity data, Autonomous Identity helps break down identity silos. You get an always updated contextual view of your entire user access identity landscape – what good access should and shouldn’t look like.

With ForgeRock Identity Governance and Administration and Autonomous Identity solutions, you can overcome identity governance fatigue, keep pace with user access demands, mitigate risk, and achieve regulatory compliance.   

Learn more by watching The Evolution and Modernization of Identity Governance and reading Maximize the Value of Your Identity Solution with AI-Driven Identity Analytics to see how ForgeRock Autonomous Identity can address your dynamic IGA challenges.

 

The post New to Identity Governance? Here’s What to Look for in a Modern Identity Governance Solution appeared first on Security Boulevard.

Read More

The post New to Identity Governance? Here’s What to Look for in a Modern Identity Governance Solution appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/new-to-identity-governance-heres-what-to-look-for-in-a-modern-identity-governance-solution/?utm_source=rss&utm_medium=rss&utm_campaign=new-to-identity-governance-heres-what-to-look-for-in-a-modern-identity-governance-solution

SWVHSC Micro Interviews: Secure Circle & Vicarius – Jeff Capone, Roi Cohen – ESW #206

Secure Circle:
For a true Zero-Trust environment, it isn’t enough to think about data in cloud services and SaaS applications, we also must protect, control and audit data that egresses form these services onto endpoints.

– How do you protect data that egresses from your cloud services (i.e., Github, Workday, SalesForce, Box, OneDrive)?
– Do you control access to your data after it egresses from your cloud services?

This segment is sponsored by SecureCircle.

Visit https://securityweekly.com/securecircle to learn more about them!

Vicarius:
Pentesting is littered with politics, bias reporting, and human error. So how do you clean up the trash? A former IDF engineer shares how his stint as a pentester changed the way he thinks about it – and ultimately led to the development of a new technology.

This segment is sponsored by Vicarius.

Visit https://securityweekly.com/vicarius to learn more about them!

Start your free trial today, visit: https://www.vicarius.io/sign/up
Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw206

The post SWVHSC Micro Interviews: Secure Circle & Vicarius – Jeff Capone, Roi Cohen – ESW #206 appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/swvhsc-micro-interviews-secure-circle-vicarius-jeff-capone-roi-cohen-esw-206/?utm_source=rss&utm_medium=rss&utm_campaign=swvhsc-micro-interviews-secure-circle-vicarius-jeff-capone-roi-cohen-esw-206

Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation

Open Source Is a Mainstay in Modern Development

It goes without saying that modern applications are rarely built from scratch today. Open-source software (OSS) communities are well-organized and licensing is usually pretty clear. Thus, when developers build applications, their first instinct is to use open source. Open source can provide most of the functionality required in an application, reducing the amount of custom code required to a mere fraction of the codebase. 

The post Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation appeared first on Security Boulevard.

Read More

The post Contrast Security’s Approach to SCA Enables Vulnerability Prioritization and Faster Remediation appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/contrast-securitys-approach-to-sca-enables-vulnerability-prioritization-and-faster-remediation/?utm_source=rss&utm_medium=rss&utm_campaign=contrast-securitys-approach-to-sca-enables-vulnerability-prioritization-and-faster-remediation

Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits

Development teams building applications use Nexus Repository (Nexus) to store and manage all of their components, build artifacts, and containers. It provides an efficient way to locally cache myriad types of software packages, and enables users to proxy public registries such as Maven Central, npm, and Docker Hub to reduce duplicate downloads and improve speeds to developers and CI servers. 

The post Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits appeared first on Security Boulevard.

Read More

The post Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nexus-repository-helps-developers-overcome-new-docker-hub-rate-limits/?utm_source=rss&utm_medium=rss&utm_campaign=nexus-repository-helps-developers-overcome-new-docker-hub-rate-limits

BotRx Widgets, New Kasada API, & White Ops Bot Protection – ESW #206

In the Enterprise News, BotRx widgets provide analytical context on how attacks impact business operations, New Kasada API protects from botnet attacks and targeted fraud, White Ops Offers Expanded Protection Against Sophisticated Bot Attacks and Fraud through the AWS Marketplace, SentinelOne, an AI-based endpoint security firm, confirms $267M raise on a $3.1B valuation, ZeroNorth unites security and DevOps teams with Defect Density Dashboard, and much more!

Timestamps:

2:58 – “JumpCloud Raises $75M to Advance Zero-Trust Security Based on Identity”
7:25 – “British cybersecurity firm Darktrace targets $5bn London IPO”
9:50 – “Enso Security raises $6 million seed funding for AppSec management”
12:20 – “SentinelOne, an AI-based endpoint security firm, confirms $267M raise on a $3.1B valuation”
14:59 – “Neustar Agrees to Buy Verisign’s Public DNS Service ”
16:00 – “Ping Identity Buys Symphonic Software To Add Policy-Driven Authorization”
16:36 – “PKWARE acquires Dataguise to expand global footprint – Help Net Security”
17:20 – “Palo Alto Networks introduces Enterprise Data Loss Prevention”
19:47 – “Barracuda Networks acquires zero trust cybersecurity startup Fyde to protect remote employees”
24:00 – “New Kasada API protects from botnet attacks and targeted fraud”
26:29 – “Accelerate Malware Detection, Remediation with LogRhythm and Cisco AMP”
29:20 – “Auto-Scaling Network Visibility in AWS Cloud”
31:17 – “Radware Announces Expanded Elastic Scalability and Resiliency for its Virtual DDoS Protection in AWS”
34:14 – “White Ops Offers Expanded Protection Against Sophisticated Bot Attacks and Fraud through the AWS Marketplace”

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw206

The post BotRx Widgets, New Kasada API, & White Ops Bot Protection – ESW #206 appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/botrx-widgets-new-kasada-api-white-ops-bot-protection-esw-206/?utm_source=rss&utm_medium=rss&utm_campaign=botrx-widgets-new-kasada-api-white-ops-bot-protection-esw-206

Silver Peak SD-WAN Bugs Allow for Network Takeover

Three security vulnerabilities can be chained to enable unauthenticated remote code execution.
Read More

The post Silver Peak SD-WAN Bugs Allow for Network Takeover appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/silver-peak-sd-wan-bugs-allow-for-network-takeover/?utm_source=rss&utm_medium=rss&utm_campaign=silver-peak-sd-wan-bugs-allow-for-network-takeover

9 New Tactics to Spread Security Awareness

Employees are often your first line of security defense when the bad guys come calling — providing your workers are properly trained. Security leaders share how they’re raising awareness.

The post 9 New Tactics to Spread Security Awareness appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/9-new-tactics-to-spread-security-awareness/?utm_source=rss&utm_medium=rss&utm_campaign=9-new-tactics-to-spread-security-awareness

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW.
Read More

The post Nvidia Warns Windows Gamers of GeForce NOW Flaw appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nvidia-warns-windows-gamers-of-geforce-now-flaw-2/?utm_source=rss&utm_medium=rss&utm_campaign=nvidia-warns-windows-gamers-of-geforce-now-flaw-2

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW.
Read More

The post Nvidia Warns Windows Gamers of GeForce NOW Flaw appeared first on Malware Devil.

https://malwaredevil.com/2020/11/11/nvidia-warns-windows-gamers-of-geforce-now-flaw/?utm_source=rss&utm_medium=rss&utm_campaign=nvidia-warns-windows-gamers-of-geforce-now-flaw