How to Set Up an Open Source Strategy

Open source components have become the basic building blocks of software applications, comprising 60%-80% of the software projects. As open source usage has established itself as an industry standard and the default choice of software production, software development organizations are required to set up an open source strategy. 

Gone are the days when the standard practice was to choose open source components seemingly at random with no regard for checking for security vulnerabilities or open source licenses. There was no deep-dive into dependencies, no strings attached. This left organizations open to both security vulnerabilities and non-compliant usage of open source components. 

Development teams today are under orders to create a strategy for their open source usage to keep their products secure and compliant. They need to build an open source strategy that addresses all aspects of open source usage, from selecting components, integration with their proprietary code, to bug detection and license management. 

The Importance of Adopting an Open Source Strategy

The choice to invest in an open source strategy is primarily a business one and its logic extends from other fields of business development wherein a similar rise in formalization, standardization, and documentation is already underway.

Once a company reaches a critical mass of activity, it can easily fall into an endless stream of oversights, loopholes, and casualties. It is then that companies begin to feel the need for a strategy; a “think first” approach to efficiency, profitability, and growth prospects. 

Looking at the dollars and cents of remediation efforts, organizations do the math to understand that it is more cost-effective to set up an open source strategy that will keep them on the right side of security and compliance than it is to repair damage once it is already hit.  

The Open Source Program Office 

Companies across all industries are ushering in ‘Open Source Programs Offices’ that implement an organizational strategy to ensure open source components are used securely and compliantly by all teams.  

Gartner 2020 Magic Quadrant for Application Security Testing Download Free
Report

The central nervous system of open source usage within a company, these hubs establish an open source strategy that implements policies surrounding code selection, component adoption and usage, and auditing practices. Open Source Offices train new developers on the company’s open source strategy and ensure open source security and license policies are followed. 

Such offices have been popping up at an increasing rate, and many enterprises are choosing to scout out open source leaders to head up these teams. They are utilizing these open source strategy superstars to manage their policy on a team level, operating on a local basis instead of corporate-wide.

Open Source Strategy: Key Considerations Along the Way

These are a few of the steps that need to be put in motion when planning your organization’s open source strategy.

#1 Establishing an Open Source Office 

Where, under which department, should the Open Source Office sit? Who will the Chief Open Source Officer report to? 

This is not simply a chain of command question, but rather a question that requires an examination and mapping of the company’s focus. Software companies will want to have the Office under their R&D departments, whereas companies with extensive intellectual property portfolios may want to place the office under their legal departments.  

Once the decision involving the Open Source Office is made, it sets the tone for the open source strategy that will follow. It is here that rules and guidelines for working with open source are formulated and distributed company-wide. 

#2 Formulating an Open Source Strategy

How will your strategy address open source security and license compliance? You will need to decide which open source licenses you are willing to use in your products and which should be prevented from entering your code. The quantity of code, with multiple licenses, requires that you use automated solutions to enforce your policies, ensuring that those licenses that you do not want developers to use will be banned from entering your system.

Similarly, you will need to put in place security restrictions, setting your governance policies to allow open source components that are deemed acceptable for use without additional review, whereas others may need a team leader to sign off on a potentially risky component. In more severe instances, you can use automation to block risky open source components from entering the product, even failing the build if need be to keep the code base safe.

Another strategy wrinkle that needs to be ironed out before incorporating open source components is a company’s open source reporting policy. As a vendor servicing clients, any company selling a product that contains open source elements must provide due diligence, in the form of an attribution report, to its customers. Rules of disclosure will require that a company provide its clients with a package name, version, original download URL, license obligations, included dependencies and developer’s point of contact for every piece of open source used in their software. 

#3 Implementing an Open Source Strategy 

Establishing an open source strategy begins with understanding that open source management has its particular set of challenges that are separate from those of proprietary and even third-party commercial code. 

While most rely on the National Vulnerability Database (NVD) for security updates, often important information will be posted first to a variety of other security advisories or issue trackers. To ensure that developers are using updated and secure open source components, organizations must integrate the right tools for identifying the components in your development environment or products, and matching them with the distributed information sources regarding which ones have known vulnerabilities that pose a risk to your products. 

Only Software Composition Analysis (SCA) tools bring the automated solutions to aggregate all of the relevant information, identify and monitor open source components at scale, issue alerts when new concerns arise, and run at the speed of DevSecOps.

Open Source Strategy: A Plan of Action

Establishing an open source strategy begins with a milestone event: carving out a place in the corporation for open source management. This step must be taken with the understanding that open source security and license compliance have their particular set of challenges that are unique to those of proprietary code and even third-party commercial contribution.

Purposeful adoption of open source should be part of a corporation’s larger governance strategy as far as it pertains to security and licensing of third-party and open source contributions. It is up to the open source experts in the company to put together a strategy for open source automation, documentation, vulnerability detection, remediation, and licensing compliance. 

 

The post How to Set Up an Open Source Strategy appeared first on Security Boulevard.

Read More

The post How to Set Up an Open Source Strategy appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/how-to-set-up-an-open-source-strategy/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-set-up-an-open-source-strategy

DEF CON 28 Safe Mode Lock Bypass Village – Steven Collins’ ‘Cuff Stuff’

Many thanks to DEF CON and Conference Speakers for publishing their outstanding presentations; of which, originally appeared at the organization’s DEFCON 28 SAFE MODE Conference, and on the DEF CON YouTube channel. Enjoy!

Permalink

The post DEF CON 28 Safe Mode Lock Bypass Village – Steven Collins’ ‘Cuff Stuff’ appeared first on Security Boulevard.

Read More

The post DEF CON 28 Safe Mode Lock Bypass Village – Steven Collins’ ‘Cuff Stuff’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/def-con-28-safe-mode-lock-bypass-village-steven-collins-cuff-stuff/?utm_source=rss&utm_medium=rss&utm_campaign=def-con-28-safe-mode-lock-bypass-village-steven-collins-cuff-stuff

Code42 Achieves FedRAMP Authorization

Insider risk solution for federal agencies helps provide threat detection and response for cybersecurity teams MINNEAPOLIS — Jan. 12, 2021 — Code42 announced today that it has received a Federal Risk and Authorization Management Program (FedRAMP) Agency Authorization through its partnership with the Department of Energy. Code42, an insider risk solution, is now available for use across the..

The post Code42 Achieves FedRAMP Authorization appeared first on Security Boulevard.

Read More

The post Code42 Achieves FedRAMP Authorization appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/code42-achieves-fedramp-authorization/?utm_source=rss&utm_medium=rss&utm_campaign=code42-achieves-fedramp-authorization

Lo que 2021 espera de los CIO

Los CIO (Chief Information Officer) no solo tendrán que enfocarse en las estrategias de ciberseguridad para garantizar el flujo de operaciones a lo largo de este 2021 que apenas comienza. Además, deberán desarrollar una perspectiva global de tendencias y negocios; …

The post Lo que 2021 espera de los CIO appeared first on ManageEngine Blog.

The post Lo que 2021 espera de los CIO appeared first on Security Boulevard.

Read More

The post Lo que 2021 espera de los CIO appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/lo-que-2021-espera-de-los-cio/?utm_source=rss&utm_medium=rss&utm_campaign=lo-que-2021-espera-de-los-cio

Digital Ocean Minds its MANRS Alongside Other Service Providers

Digital Ocean has become the latest service provider to join a Mutually Agreed Norms for Routing Security (MANRS) initiative, led by content delivery networks (CDNs) and cloud service providers, to reduce common routing security threats. Barry Cooks, CTO of Digital Ocean, said the company is committed to following specific MANRS guidelines, as defined by the..

The post Digital Ocean Minds its MANRS Alongside Other Service Providers appeared first on Security Boulevard.

Read More

The post Digital Ocean Minds its MANRS Alongside Other Service Providers appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/digital-ocean-minds-its-manrs-alongside-other-service-providers/?utm_source=rss&utm_medium=rss&utm_campaign=digital-ocean-minds-its-manrs-alongside-other-service-providers

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

It’s a question that continues to engage debate, as the majority of new physical security devices being installed are now connected to a network. While this offers myriad benefits, it also raises the question: Who is responsible for their cybersecurity?

The post Who Is Responsible for Protecting Physical Security Systems From Cyberattacks? appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/who-is-responsible-for-protecting-physical-security-systems-from-cyberattacks/?utm_source=rss&utm_medium=rss&utm_campaign=who-is-responsible-for-protecting-physical-security-systems-from-cyberattacks

What Isn’t a Swastika?

I’ve been asked, perhaps in jest by those reading my SS blog post, whether the Columbia logo is a swastika because it also has four quadrants (it’s not). …founded in 1938 [a year after largest shirt factory owners Paul and Marie Lamfrom were forced to escape Nazi Germany], used a simple wordmark until the introduction … Continue reading What Isn’t a Swastika? →

The post What Isn’t a Swastika? appeared first on Security Boulevard.

Read More

The post What Isn’t a Swastika? appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/what-isnt-a-swastika/?utm_source=rss&utm_medium=rss&utm_campaign=what-isnt-a-swastika

OS-Native Endpoint Security Outpaces Third-Party Tools

For the first two decades of the internet age, from the early 1990s to the 2010s, high-quality antivirus software that blocked the most malware came at an appropriate premium. After all, the endpoint was—and still is—of the primary attack vectors for cyber threats, so it stands to reason that antivirus could charge a premium to secure your endpoint. 

The post OS-Native Endpoint Security Outpaces Third-Party Tools appeared first on Security Boulevard.

Read More

The post OS-Native Endpoint Security Outpaces Third-Party Tools appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/os-native-endpoint-security-outpaces-third-party-tools/?utm_source=rss&utm_medium=rss&utm_campaign=os-native-endpoint-security-outpaces-third-party-tools

XKCD ‘1/10,000th Scale World’

via the comic delivery system monikered Randall Munroe resident at XKCD!

Permalink

The post XKCD ‘1/10,000th Scale World’ appeared first on Security Boulevard.

Read More

The post XKCD ‘1/10,000th Scale World’ appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/xkcd-1-10000th-scale-world/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-1-10000th-scale-world

ESB-2021.0162 – [SUSE] openstack-dashboard,: Reduced security – Remote with user interaction

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0162
Security update for openstack-dashboard, release-notes-suse-openstack-cloud
                              14 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           openstack-dashboard,
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Reduced Security -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-29565  

Reference:         ESB-2021.0043
                   ESB-2021.0020
                   ESB-2020.4420.2

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210099-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for openstack-dashboard,
release-not

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0099-1
Rating:            important
References:        #1179955
Cross-References:  CVE-2020-29565
Affected Products:
                   SUSE OpenStack Cloud Crowbar 8
                   SUSE OpenStack Cloud 8
                   HPE Helion Openstack 8
______________________________________________________________________________

es-suse-openstack-cloud

An update that fixes one vulnerability is now available.

Description:

This update for openstack-dashboard, release-notes-suse-openstack-cloud fixes
the following issues:

  o Fix open redirect (OSSA-2020-008, CVE-2020-29565)
  o Fix horizon-nodejs jobs.
  o Add workaround for secure boot issue when shim package is updated. (bsc#
    1179955)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 8:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-99=1
  o SUSE OpenStack Cloud 8:
    zypper in -t patch SUSE-OpenStack-Cloud-8-2021-99=1
  o HPE Helion Openstack 8:
    zypper in -t patch HPE-Helion-OpenStack-8-2021-99=1

Package List:

  o SUSE OpenStack Cloud Crowbar 8 (noarch):
       openstack-dashboard-12.0.5~dev6-3.29.1
       python-horizon-12.0.5~dev6-3.29.1
       release-notes-suse-openstack-cloud-8.20201214-3.26.1
  o SUSE OpenStack Cloud 8 (noarch):
       openstack-dashboard-12.0.5~dev6-3.29.1
       python-horizon-12.0.5~dev6-3.29.1
       release-notes-suse-openstack-cloud-8.20201214-3.26.1
  o HPE Helion Openstack 8 (noarch):
       openstack-dashboard-12.0.5~dev6-3.29.1
       python-horizon-12.0.5~dev6-3.29.1
       release-notes-hpe-helion-openstack-8.20201214-3.26.1


References:

  o https://www.suse.com/security/cve/CVE-2020-29565.html
  o https://bugzilla.suse.com/1179955

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX//EuuNLKJtyKPYoAQiQJBAAsRxP03gmtBCzPGvjIXx/Qoo209eR0egH
JHdbgempGeAnBurkhgjz7JDe9dPnIgr5G42Oyiglb0Usca+KA5JW+UBKRLgO570D
NZ/Rb/ftooBa+hWCjcT0YrBYmoiB6c3TOX6ZC+dxliPaMwUAiI7EubBNE/SqDof6
zuUS/8oyHEWFdowSwzO6Ftprbjz+3z2BvIy4Ty6++hZzumiMWFLyXSnAPsYFYNXF
mWUwbfmL91Df7Z4+iEc4cyZ5Gagd89CO1imuVO1NcNWQCa4oKZm2THyN/bDqdJTa
KxwfBqAsHh9kDKZ7kPYY1nn+5iEAS1m7qahIoJUyAZZM4nDRDlvP/0aoMMBPVENW
xLX2YQTVLiZ9SXRk4hW99zbicKhqoOVIb9R3FSxpL2DsLs1YSBrCs3npd8rfwHIg
d4ofDcdkdP0zq4YCkXVmHqaS8TyciUXAx9n5dpLSKgp1CNx4r2k6bPW1b923JFd8
Mpgrx8gKOVLAs9YabW4Va3TDShi9mvmmpcQKjuKbbdjrpz/XMUbkflObiKqLhLyF
S9OQv6ToCKRhdFCudaRvrHmQG9ffEk4AKEXJCXTB2Csf2foOnncVaSDL4ktnW8yR
4FFJdz1EuKp5I9Ntnn4fBlT3P030BfIbow9T9IM45rEU4qyakl40ZjZq4vBmvv/o
pXQViUz0XvI=
=iA5f
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0162 – [SUSE] openstack-dashboard,: Reduced security – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/esb-2021-0162-suse-openstack-dashboard-reduced-security-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0162-suse-openstack-dashboard-reduced-security-remote-with-user-interaction

ESB-2021.0160 – [SUSE] nodejs10: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0160
                       Security update for nodejs10
                              14 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           nodejs10
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-8287 CVE-2020-8265 CVE-2020-1971

Reference:         ESB-2021.0111
                   ESB-2020.4516
                   ESB-2020.4426.3

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210082-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for nodejs10

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0082-1
Rating:            moderate
References:        #1179491 #1180553 #1180554
Cross-References:  CVE-2020-1971 CVE-2020-8265 CVE-2020-8287
Affected Products:
                   SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for nodejs10 fixes the following issues:

  o New upstream LTS version 10.23.1: * CVE-2020-8265: use-after-free in
    TLSWrap (High) bug in TLS implementation. When writing to a TLS enabled
    socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
    allocated WriteWrap object as first argument. If the DoWrite method does
    not return an error, this object is passed back to the caller as part of a
    StreamWriteResult structure. This may be exploited to corrupt memory
    leading to a Denial of Service or potentially other exploits (bsc#1180553)
    * CVE-2020-8287: HTTP Request Smuggling allow two copies of a header field
    in a http request. For example, two Transfer-Encoding header fields. In
    this case Node.js identifies the first header field and ignores the second.
    This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/
    definitions/444.html). (bsc#1180554) * CVE-2020-1971: OpenSSL -
    EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in
    OpenSSL which may be exploited through Node.js. (bsc#1179491)


  o New upstream LTS version 10.23.0: * deps: upgrade npm to 6.14.8 * n-api:
    + create N-API version 7 + expose napi_build_version variable

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Web Scripting 12:
    zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-82=1

Package List:

  o SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x
    x86_64):
       nodejs10-10.23.1-1.33.1
       nodejs10-debuginfo-10.23.1-1.33.1
       nodejs10-debugsource-10.23.1-1.33.1
       nodejs10-devel-10.23.1-1.33.1
       npm10-10.23.1-1.33.1
  o SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
       nodejs10-docs-10.23.1-1.33.1


References:

  o https://www.suse.com/security/cve/CVE-2020-1971.html
  o https://www.suse.com/security/cve/CVE-2020-8265.html
  o https://www.suse.com/security/cve/CVE-2020-8287.html
  o https://bugzilla.suse.com/1179491
  o https://bugzilla.suse.com/1180553
  o https://bugzilla.suse.com/1180554

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX//ES+NLKJtyKPYoAQiUoQ//ciS1CK8+vGu16uGOHaSqiwbLG8lBY2d+
RJbbsPj7cHsC2eICbOtsunS2ASGBpzkjcntUznxkjMKgpVOS2x3N8VbtVZdlIwkv
RLv54iYzsGVmpAiwe6ywnFCA6m6oy5lRFHvuslsI02Ek16H++5W/Y5dU7P5kdMag
V8k31lfg94GB3972ymRDjZbh9jI+phtaYMDG/6OoixjBHd6FuwpBpc+6fR5F7Ifz
r0u5453t0xE3VaCUWl/n4fx0FtPtKKqq1mdsMNXzMbxYlaxjDWW+4kzakT6y61Te
mPX88IfrJxCvPSia6wyk+VHKw+QaXXoTR2zS5KUWO5aBrl2dybuCpakFZTFHdbWz
8/x9T/jwSNLBI2/rx1QehWpqdM+48EFR277gxKCar518wq/r95nBkwMycmwumB0a
G8KlGHSoCOg8w9wq392j0rEKDv1g3cT9iCQ76Q56Cj4hOpnw3qYp4e6cAM4Fnwwy
vhbi7gx5qyTsxgJIl3NxAMFhWVaMJNwtlJQ8Gr1j9q/aeK5nwI8EwiAS/QAgdDjP
bHHPLvth93SJQyiDHa8KOhmV7QVN933odO1jRDPPN1vyDmjEjR/1y9bIyhYgriew
7fj5rPw2yFSOtBFax/kcxcz5NJ+CrYlb7Hfnz3u89B0bfL9qhDuVTHVGJDF+d77M
Wo4cUJV0ubE=
=70wU
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0160 – [SUSE] nodejs10: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/esb-2021-0160-suse-nodejs10-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0160-suse-nodejs10-multiple-vulnerabilities

ESB-2021.0161 – [Linux][SUSE] tcmu-runner: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0161
                      Security update for tcmu-runner
                              14 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tcmu-runner
Publisher:         SUSE
Operating System:  SUSE
                   Linux variants
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
                   Unauthorised Access      -- Remote/Unauthenticated
                   Reduced Security         -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-28374  

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210093-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than SUSE. It is recommended that administrators 
         running tcmu-runner check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for tcmu-runner

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0093-1
Rating:            important
References:        #1180676
Cross-References:  CVE-2020-28374
Affected Products:
                   SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for tcmu-runner fixes the following issues:

  o CVE-2020-28374: Fixed a LIO security issue (bsc#1180676).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Server Applications 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-93=1

Package List:

  o SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64
    ppc64le s390x x86_64):
       libtcmu2-1.5.2-3.3.1
       libtcmu2-debuginfo-1.5.2-3.3.1
       tcmu-runner-1.5.2-3.3.1
       tcmu-runner-debuginfo-1.5.2-3.3.1
       tcmu-runner-debugsource-1.5.2-3.3.1


References:

  o https://www.suse.com/security/cve/CVE-2020-28374.html
  o https://bugzilla.suse.com/1180676

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX//Ef+NLKJtyKPYoAQh+bQ/+IfSEON7PnbQTfghYOF1+MMGtb8VzG0/j
9sZuWoqFzisvE+NkP+fcBTDzVjPQ1l5FfuqBvZavRtyAa2dVwqXZjQ94uE8NSjvF
xJ5WHReKfDeJf7VUuUFUzuGfgk6hraEbTBfL0YNUs8iqGMAXrIQDapVgT9YNKmRx
FVoC9R2kszgomkO3vdb+tBan1GriQh4GWEG0OA8Ii1UaXo9PPcyLZEjZudSqkhJg
iKLbFUPgC8Ueas2o6FsiihIjN4XiOSvW0BmZD+cdJxD/mkW+VS19gLly0GNEqVm+
nniss9+7BGnFubC8h/ZrimS+z7Ha9Sa/uaLS20a4ou0HKkvk414kB2HmQuJy3dtZ
Q2/bHEETpkh89iUj1C8T/4EOoD9UoJOsKJsbt/PJt7v1sVHvHKELWi3jQZwvFXB7
q3pXrOamw+QRlQoTHVxMX0m/yHvStgQLU7EeituCKN90xUBx7IGmc3EXL+JOxlEG
a9ykqZh0ijfkve7VS44Ud2VDBO6QMjzCtLpSQwLpqk9taIiLbz4wLsR5KJQAjKrh
2In5MBQkRWptc8px4OYYJREQODadd7v90yE1xgd9h5Bc/ilwwoLeKXzyC5/vpP/G
C7lv9F0ZPt+yuz3Dh4XwrXfuB6YetkhXkVby5xLI85uKHoa9qX67g7Tr5LvMsbvQ
ewK4Wizi4T8=
=qEis
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0161 – [Linux][SUSE] tcmu-runner: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/esb-2021-0161-linuxsuse-tcmu-runner-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0161-linuxsuse-tcmu-runner-multiple-vulnerabilities

ESB-2021.0145 – [Cisco] Cisco Enterprise NFVIS devices: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0145
          Cisco Enterprise NFV Infrastructure Software Cross-Site
                          Scripting Vulnerability
                              14 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Enterprise NFVIS devices
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Cross-site Scripting            -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-1127  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability

Priority:        Medium
Advisory ID:     cisco-sa-nfvis-xss-smsz5Vhb
First Published: 2021 January 13 16:00 GMT
Version 1.0:     Final
Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvv59980
CVE Names:       CVE-2021-1127
CWEs:            CWE-79

Summary

  o A vulnerability in the web-based management interface of Cisco Enterprise
    NFV Infrastructure Software (NFVIS) could allow an authenticated, remote
    attacker to conduct a cross-site scripting (XSS) attack against a user of
    the web-based management interface.

    The vulnerability is due to improper input validation of log file content
    stored on the affected device. An attacker could exploit this vulnerability
    by modifying a log file with malicious code and getting a user to view the
    modified log file. A successful exploit could allow the attacker to execute
    arbitrary script code in the context of the affected interface or to access
    sensitive, browser-based information.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb

Affected Products

  o Vulnerable Products

    At the time of publication, this vulnerability affected Cisco Enterprise
    NFVIS devices running releases earlier than Release 4.4.1.

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Fixed Releases

    At the time of publication, Cisco Enterprise NFVIS releases 4.4.1 and later
    contained the fix for this vulnerability.

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-xss-smsz5Vhb

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2021-JAN-13  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/+5juNLKJtyKPYoAQjSiA//XMHeKZSLLkkbtubswOUm+5jhxO3kDWQo
sM1y3dN+V9FcbFschl+BY1N/yvdxQj1CDMGo9tN02xeMZaRUJS8z1wBmg3agTW3g
M8j19Owz1ePt9JiwEIo+FC91LS6PHsNVlAXk0oMUdLtAnC3I2CdipWEkWIEkLMmT
53dsNPBquC4rPCHcNCQxptHtQTBE5vAGzksk0h56aXP82NsniWJ5fkP00EbCGOKG
RuWM+t1MVZWYltDGXqwH9LMupyBydfnt5skiYv68x769IOG/cHsj15lz6j/OdF7K
D21C5PnQ5eD0s6rtP/vKp/ZJkxAdDCzGbdGdAsRPJhBKISR1wC8Oip6jmkB3R5Bu
w30lqG7LNtZlP3FaDYukeEDRGaMPrt9vJaWRUcEvADhhuJZLuhgbo2Lcz/M6m1k+
SPm0BT8S8TG27Z7e/Gut5269LU++iAhb2q1wjobkgp4AUI3yKCYzqOjH6somO8wr
+8tsw1RQG3l54tVhNhfo1gefC4HNuWrB4Wy7XcjUGp1DAEimboBU8zQBN2Lyx9jS
57ZGpW2UVHKujWQaIwrpL56R3S9CgamdOoLvvkqK9NBPHvldt8vPdyGUhaYOpms5
7CANrG/4RnmBqypcQ2eYzmDDe9lQkSGbZ9UrswjLrgGdJ8+TXq3N6zqHU+pVnLs4
8wiX6Cgv5cc=
=VFyJ
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0145 – [Cisco] Cisco Enterprise NFVIS devices: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/esb-2021-0145-cisco-cisco-enterprise-nfvis-devices-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0145-cisco-cisco-enterprise-nfvis-devices-multiple-vulnerabilities

ESB-2021.0147 – [Cisco] Cisco Video Surveillance 8000 Series IP Camera: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0147
           Cisco Video Surveillance 8000 Series IP Cameras Cisco
            Discovery Protocol Denial of Service Vulnerability
                              14 January 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Video Surveillance 8000 Series IP Camera
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-1131  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-9zdZcUfq

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Denial
of Service Vulnerability

Priority:        Medium
Advisory ID:     cisco-sa-ipcameras-dos-9zdZcUfq
First Published: 2021 January 13 16:00 GMT
Version 1.0:     Final
Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvv72651
CVE Names:       CVE-2021-1131
CWEs:            CWE-119

Summary

  o A vulnerability in the Cisco Discovery Protocol implementation for Cisco
    Video Surveillance 8000 Series IP Cameras could allow an unauthenticated,
    adjacent attacker to cause an affected IP camera to reload.

    The vulnerability is due to missing checks when Cisco Discovery Protocol
    messages are processed. An attacker could exploit this vulnerability by
    sending a malicious Cisco Discovery Protocol packet to an affected IP
    camera. A successful exploit could allow the attacker to cause the affected
    IP camera to reload unexpectedly, resulting in a denial of service (DoS)
    condition.

    Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this
    vulnerability, an attacker must be in the same broadcast domain as the
    affected device (Layer 2 adjacent).

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-9zdZcUfq

Affected Products

  o Vulnerable Products

    At the time of publication, this vulnerability affected Cisco Video
    Surveillance 8000 Series IP Cameras if they were running a firmware release
    earlier than Release 1.0.9-8 and they had Cisco Discovery Protocol enabled.

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco products:

       Video Surveillance 3000 Series IP Cameras
       Video Surveillance 4000 Series High-Definition IP Cameras
       Video Surveillance 4300E High-Definition IP Cameras
       Video Surveillance 4500E High-Definition IP Cameras
       Video Surveillance 6000 Series IP Cameras
       Video Surveillance 7000 Series IP Cameras
       Video Surveillance PTZ IP Cameras

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Fixed Releases

    At the time of publication, Cisco Video Surveillance 8000 Series IP Camera
    firmware releases 1.0.9-8 and later contained the fix for this
    vulnerability.

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

    To download the firmware from the Software Center on Cisco.com, do the
    following:

     1. Click Browse all.
     2. Choose Connected Safety and Security > Video Surveillance IP Cameras >
        Video Surveillance 8000 Series IP Cameras .
     3. Choose the appropriate IP camera model.
     4. Click Video Surveillance 8000 Series IP Camera Firmware.
     5. Choose a release from the left pane of the product page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Qian Chen of Qihoo 360 Nirvan Team for reporting
    this vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-dos-9zdZcUfq

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2021-JAN-13  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX/+/WeNLKJtyKPYoAQh8FxAAgqHg7OfAXEjN0fAOtqYO44OT9/l2BHxs
UfTh6H22w+MI+3i6uo3xRMDA4xbCDqV7he4TpFNDentcZGGoosmTrMvR2UtCBgtn
ZeCeLKww1uJQQ+AldUE+PCNbpX7lvZDPDWe0CeSpGajGJe9Ax7uHDA5NoM9Lffg6
QkrSM1abL/oKpXfC/Q16Bb1/NQOwJ0PcrZQRpL/eHcbd2NR6RcNFM0OZuyJGo3g+
cJ8MA/mw0UJyMpLaBEGZSoElfqkN+i034nlEtkde83iegfq6s2Rd2LeoXO/FeJWG
kQkCRLLY8KyD0/AJKJhT2llK6pxFfAsWJBt/acGn5l7MDYcWWXIa9VoYYoGSAw74
B2Pp20P4ldSOeDNN86ZGgTGbMHo5XLRAckkZzDFWkuW7BfWVCvHneH0weoP3PnpP
55HiM3hG7fcIyUeLSsi7vT8xXqLn0bAD7Pxw6psbj6XLxW57U8kkk09Mji0GZyfF
IevtMzQYVH5ZZuAk+VN+3CWkyx6rdAzCW+Rdrjny6zhhRWHPnOtAukU+hY15P2Gd
f0lSeNU+o4UhB5m/BlXXmFNfrFEhiRJjycvvo+bgOhomElVFxd8oMs2OqitKIsIh
tnmSBqUd6K8zLTDY1bbOY4fZl9dpBBTI6q2qEZG6cbHUo8BkcKANrIiRUbzFQp7t
qeY8U3D7E8M=
=TdEt
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0147 – [Cisco] Cisco Video Surveillance 8000 Series IP Camera: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/esb-2021-0147-cisco-cisco-video-surveillance-8000-series-ip-camera-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0147-cisco-cisco-video-surveillance-8000-series-ip-camera-denial-of-service-remote-unauthenticated

Network Security News Summary for Thursday January 14th, 2021

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Thursday January 14th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/14/network-security-news-summary-for-thursday-january-14th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-thursday-january-14th-2021

The DBoM Consortium – Chris Blask – ESW #213

The DBoM consortium is a Linux Foundation project to be able to share information with third parties safely, securely, and with control over the information, even after handing it over! Unisys has just open sourced the code to make this possible, and Chris was a big part of their effort. Using a blockchain based approach, DBoM works to share software bill of materials (SBoM)s in a fashion that works in a cloud centric, internet time approach.
Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw213

The post The DBoM Consortium – Chris Blask – ESW #213 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/13/the-dbom-consortium-chris-blask-esw-213/?utm_source=rss&utm_medium=rss&utm_campaign=the-dbom-consortium-chris-blask-esw-213

TikTok Takes Teen Accounts Private

The company announced accounts for ages 13-15 will default to privacy setting, among other safety measures.
Read More

The post TikTok Takes Teen Accounts Private appeared first on Malware Devil.

https://malwaredevil.com/2021/01/13/tiktok-takes-teen-accounts-private/?utm_source=rss&utm_medium=rss&utm_campaign=tiktok-takes-teen-accounts-private

SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns

Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.

The post SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns appeared first on Malware Devil.

https://malwaredevil.com/2021/01/13/solarwinds-attackers-may-have-hit-mimecast-driving-new-concerns-2/?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-attackers-may-have-hit-mimecast-driving-new-concerns-2

SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns

Mimecast no longer uses the SolarWinds Orion network management software that served as an attack vector for thousands of organizations.

The post SolarWinds Attackers May Have Hit Mimecast, Driving New Concerns appeared first on Malware Devil.

https://malwaredevil.com/2021/01/13/solarwinds-attackers-may-have-hit-mimecast-driving-new-concerns/?utm_source=rss&utm_medium=rss&utm_campaign=solarwinds-attackers-may-have-hit-mimecast-driving-new-concerns

It’s 2021, Do You Know Where Your Assets Are? – ESW #213

We all know asset management is one of the basics. In fact, it’s literally the first two items on the Center for Internet Security’s list of top 20 critical security controls.

https://www.cisecurity.org/controls/cis-controls-list/

The term “basics” can be deceptive though. We typically expect something basic to also be easy. This is InfoSec though, and the basics aren’t simple or easy. We call them basics because they’re foundational.

Put another way, the other 18 critical security controls on that top 20 list can’t be applied to assets that haven’t been discovered yet!

In the past few years, we’ve seen a resurgence in asset management. There are a few players taking a fresh crack at solving this problem and we’re hearing positive things. Could this be the year we get a better handle on discovering and managing assets? Join us as we discuss.
Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw213

The post It’s 2021, Do You Know Where Your Assets Are? – ESW #213 appeared first on Malware Devil.

https://malwaredevil.com/2021/01/13/its-2021-do-you-know-where-your-assets-are-esw-213/?utm_source=rss&utm_medium=rss&utm_campaign=its-2021-do-you-know-where-your-assets-are-esw-213