Report reveals the staggering scale of Business Email Compromise losses

Internet crime is ever present, and with the ongoing pandemic, levels of scams and fraud were exceptionally high in 2020. Opportunistic fraudsters didn’t give a second thought to riding the COVID-19 wave and preying upon those who are truly in need of help, or those who truly want to help.

The Internet Crime Complaint Center (IC3), an arm of the FBI where internet users can report online fraud crimes, recently released the 2020 Internet Crime Report, an annual report that contains high-level information on suspected fraud cases reported to them and their losses. A state-by-state statistical breakdown of these cases were included in an accompanying report, 2020 State Reports, that you can browse through here.

The IC3 has found that the three biggest complaints they received in 2020 are phishing scams, which garnered the highest number of complaints (241,342), ransomware (2,474), and, perhaps the most striking of these, Business Email Compromise (BEC) (19,369). It’s striking, not because of the number of complaints but because BEC scams recorded the highest total losses by victims, at roughly $1.8 billion USD. Although phishing led to the highest number of complaints, victims “only” lost $54 million USD, a fraction of the money lost to BEC scams.

According to IC3, BEC can also be called Email Account Compromise (EAC). It may or may not involve a layered attack, depending on how a threat actor can better mimic the person they’re spoofing, and how much their target employee would be able to buy into the overall deception.

It starts off with an email, either from a compromised account or spoofed address, to make it look like it originated from a particular sender. The threat actor, usually posing as a higher-up within a company, contacts a more junior employee in the company who is cleared to perform funds transfers. The attacker gives the junior employee a plausible but urgent instruction to make a large, confidential transfer of money to a fake supplier.

“In 2020, the IC3 observed an increase in the number of BEC/EAC complaints related to the use of identity theft and funds being converted to cryptocurrency,” according to the report. “In these variations, we saw an initial victim being scammed in non-BEC/EAC situations to include Extortion, Tech Support, Romance scams, etc., that involved a victim providing a form of ID to a bad actor. That identifying information was then used to establish a bank account to receive stolen BEC/EAC funds and then transferred to a cryptocurrency account.”

We remind businesses, regardless of sector, to be aware of BEC attack trends and be very vigilant in combatting it. BEC scams rely, in part, on the pressure that junior employees feel when asked to comply with demands from senior employees, and told not to alert anyone else. Employees should be empowered to seek advice and take the time they need.

Also, if your company doesn’t have an extra layer or two of authentication before the request to transfer money is green-lit, put one in place now. A phone or video call is ideal.

True, these steps introduce a bit of friction into your company processes, but a little inconvenience and delay could your company millions of dollars.

Good luck!

Other post(s) on the subject of business email compromise:

The post Report reveals the staggering scale of Business Email Compromise losses appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/report-reveals-the-staggering-scale-of-business-email-compromise-losses/?utm_source=rss&utm_medium=rss&utm_campaign=report-reveals-the-staggering-scale-of-business-email-compromise-losses

Nova vulnerabilidade no Cyberpunk 2077 pode se tornar uma porta de entrada para programas maliciosos

Até mesmo antes do lançamento, o jogo Cyberpunk 2077, um RPG moderno de ficção científica criado pela CD Projekt, tem sido o assunto na maioria das comunidade de jogos. Agora, depois de alguns meses com o jogo disponível, uma nova …

The post Nova vulnerabilidade no Cyberpunk 2077 pode se tornar uma porta de entrada para programas maliciosos appeared first on ManageEngine Blog.

The post Nova vulnerabilidade no Cyberpunk 2077 pode se tornar uma porta de entrada para programas maliciosos appeared first on Security Boulevard.

Read More

The post Nova vulnerabilidade no Cyberpunk 2077 pode se tornar uma porta de entrada para programas maliciosos appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/nova-vulnerabilidade-no-cyberpunk-2077-pode-se-tornar-uma-porta-de-entrada-para-programas-maliciosos/?utm_source=rss&utm_medium=rss&utm_campaign=nova-vulnerabilidade-no-cyberpunk-2077-pode-se-tornar-uma-porta-de-entrada-para-programas-maliciosos

Security Advisory Regarding F5 Vulnerabilities

Hurricane Labs is aware of the recent collection of vulnerabilities published by F5 in March, 2021. The advisory acknowledges over 21 vulnerabilities in total: four critical, seven high, and ten medium CVEs in total. Of particular concern is CVE-2021-22986: iControl REST interface unauthenticated remote command execution. Summary of the Vulnerability The vulnerability to be […]

The post Security Advisory Regarding F5 Vulnerabilities appeared first on Hurricane Labs.

The post Security Advisory Regarding F5 Vulnerabilities appeared first on Security Boulevard.

Read More

The post Security Advisory Regarding F5 Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/security-advisory-regarding-f5-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=security-advisory-regarding-f5-vulnerabilities

2021-03-19 – IcedID (Bokbot) infection

Read More

The post 2021-03-19 – IcedID (Bokbot) infection appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/2021-03-19-icedid-bokbot-infection-2/?utm_source=rss&utm_medium=rss&utm_campaign=2021-03-19-icedid-bokbot-infection-2

How DUKPT key management works in POS environments

The DUKPT key management scheme is one of the cryptographic protocols essential to strong POS security. Here’s an overview of how it works.

The post How DUKPT key management works in POS environments appeared first on Intertrust Technologies.

The post How DUKPT key management works in POS environments appeared first on Security Boulevard.

Read More

The post How DUKPT key management works in POS environments appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/how-dukpt-key-management-works-in-pos-environments/?utm_source=rss&utm_medium=rss&utm_campaign=how-dukpt-key-management-works-in-pos-environments

WLAN under fuzzing with Defensics

Ensure your WLAN devices are protected against hackers by using Defensics test suites for WLAN protocol fuzzing.

The post WLAN under fuzzing with Defensics appeared first on Software Integrity Blog.

The post WLAN under fuzzing with Defensics appeared first on Security Boulevard.

Read More

The post WLAN under fuzzing with Defensics appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/wlan-under-fuzzing-with-defensics/?utm_source=rss&utm_medium=rss&utm_campaign=wlan-under-fuzzing-with-defensics

ESB-2021.0972 – [Appliance] eSOMS Telerik: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0972
      Advisory (icsa-21-077-03) Hitachi ABB Power Grids eSOMS Telerik
                               19 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           eSOMS Telerik
Publisher:         ICS-CERT
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Cross-site Scripting            -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-19790 CVE-2019-18935 CVE-2017-11357
                   CVE-2017-11317 CVE-2017-9248 CVE-2014-4958
                   CVE-2014-2217  

Reference:         ESB-2018.0469

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-21-077-03

- --------------------------BEGIN INCLUDED TEXT--------------------

TITLE: Advisory (icsa-21-077-03) Hitachi ABB Power Grids eSOMS Telerik
ICS Advisory (ICSA-21-077-03)

Hitachi ABB Power Grids eSOMS Telerik

Original release date: March 18, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 9.8
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: Hitachi ABB Power Grids
  o Equipment: eSOMS Telerik
  o Vulnerabilities: Path Traversal, Deserialization of Untrusted Data,
    Improper Input Validation, Inadequate Encryption Strength, Insufficiently
    Protected Credentials, Path Traversal

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to
upload malicious files to the server, discover sensitive information, or
execute arbitrary code.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi ABB Power Grids reports the vulnerabilities affect the following eSOMS
products:

  o eSOMS, all versions prior to 6.3 using a version of Telerik software

3.2 VULNERABILITY OVERVIEW

3.2.1 PATH TRAVERSAL CWE-22

Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote
attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON,
.JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request.

CVE-2019-19790 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

3.2.2 DESERIALIZATION OF UNTRUSTED DATA CWE-502

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET
deserialization vulnerability in the RadAsyncUpload function. This is
exploitable when the encryption keys are known.

CVE-2019-18935 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

3.2.3 IMPROPER INPUT VALIDATION CWE-20

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly
restrict user input to RadAsyncUpload, which allows remote attackers to perform
arbitrary file uploads or execute arbitrary code.

CVE-2017-11357 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

3.2.4 INADEQUATE ENCRYPTION STRENGTH CWE-326

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2
before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote
attackers to perform arbitrary file uploads or execute arbitrary code.

CVE-2017-11317 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

3.2.5 INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522

Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1
and Sitefinity before 10.0.6412.0 does not properly protect
Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it
easier for remote attackers to defeat cryptographic protection mechanisms,
leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or
ASP.NET ViewState compromise.

CVE-2017-9248 has been assigned to this vulnerability. A CVSS v3 base score of
9.8 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:H/A:H ).

3.2.6 PATH TRAVERSAL CWE-22

Absolute path traversal vulnerability in the RadAsyncUpload control in the
RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote
attackers to write to arbitrary files, and consequently execute arbitrary code,
via a full pathname in the UploadID metadata value.

CVE-2014-2217 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:N/I:H/A:N ).

3.2.7 PATH TRAVERSAL CWE-22

Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX
RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows
remote attackers to inject arbitrary web script or HTML via CSS expressions in
style attributes.

CVE-2014-4958 has been assigned to this vulnerability. A CVSS v3 base score of
4.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:R/S:U/
C:N/I:L/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Energy
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Hitachi ABB Power Grids reported these vulnerabilities to CISA.

4. MITIGATIONS

Hitachi ABB Power Grids has published an advisory for eSOMS Telerik and advises
users to update to eSOMS Version 6.3 as soon as possible.

For additional information and support, contact a product provider or Hitachi
ABB Power Grids service organization. For contact information, visit Hitachi
ABB Power Grids contact-centers .

Recommended security practices and firewall configurations can help protect a
process control network from attacks that originate from outside the network.
Such practices include ensuring applications and servers are physically
protected from direct access by unauthorized personnel, have no direct
connections to the Internet, are separated from other networks by means of a
firewall system that has a minimal number of ports exposed, and others that
must be evaluated case by case. Sensitive application servers should not be
used for Internet surfing, instant messaging, or receiving e-mails. Portable
computers and removable storage media should be carefully scanned for viruses
before they are connected to a control system.

CISA recommends users take defensive measures to minimize the risk of
exploitation of these vulnerabilities. CISA reminds organizations to perform
proper impact analysis and risk assessment prior to deploying defensive
measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target these vulnerabilities.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFQFiuNLKJtyKPYoAQhF1BAAjAjmRG7BGZ7jestgo4Nfc7Zi/XM/u+Kj
yGOb9HSp7oSjB8dTTV6Fwgy6IBKQMQM5/RN9aJkcfHn2Lck+vm6l/3M/azxA4MzL
/5dBnUFczdVLBGWvCaOcZrj1h59PGsKfSV/liwzj4Rk+3qqrzT9M4M3NR21B0MCE
QNO6OF3OIH9kpLhSkYvsvgidf+mz3sAL6lYwy9zTudAUVY6pZDRgag2QLjFxdvm6
qNrHY4B0LK6cXx8ASrEC7vblqWooZwZZrPaDuJP8ZHETn6+97H7KRLiUxBtFl8oT
KkticQriv1humLVT72K8VDt5kQIfAQa1cha8IPeYRvnY0dp1bx2c2EK3XrvDt14r
itwJ8Lyr+WHmeP1G23trMOvvHxJbhDOfflDOdYIOKeu6YMrQSuFXDcDN59tkAaZt
SS5Cw4rOXHW7PEYhTv6ojykUDWAqB/qMgYK/ko7qaWB9lBNvG9YvjhxDvhZFswOX
2kwpq0dttU1zuKErEfNoxZwpHwuyd4eXi5j58uF9i3qFqzX/O4FAYCSMU0lxahPg
jxAx2jl5tL8L0Zsqz462afAxrj9L/ER+Rx40LApqjjpZp56DiFIXMQKH+nER93Va
tc7T7A59U/lp9eoiyStFGwIH83dU5HK2z87oOalbv5ufLC1iQiH9OSfEYT3p1Op8
47ojEStehC4=
=VieF
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0972 – [Appliance] eSOMS Telerik: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/esb-2021-0972-appliance-esoms-telerik-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0972-appliance-esoms-telerik-multiple-vulnerabilities

ESB-2021.0971 – [Appliance] eSOMS: Access confidential data – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0971
          Advisory (icsa-21-077-02) Hitachi ABB Power Grids eSOMS
                               19 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           eSOMS
Publisher:         ICS-CERT
Operating System:  Network Appliance
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-26845  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-21-077-02

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-21-077-02)

Hitachi ABB Power Grids eSOMS

Original release date: March 18, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 7.5
  o ATTENTION: Low skill level to exploit
  o Vendor: Hitachi ABB Power Grids
  o Equipment: eSOMS
  o Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to gain
access to unauthorized information.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Hitachi ABB Power Grids reports this vulnerability affects the following eSOMS
products:

  o eSOMS Version 6.0 prior to 6.0.4.2.2
  o eSOMS Version 6.1 prior to 6.1.4
  o eSOMS versions prior to 6.3

3.2 VULNERABILITY OVERVIEW

3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200

A vulnerability exists in the eSOMS reporting function that could allow an
unauthorized user to gain access to report data if the URL used to access the
report is discovered.

CVE-2021-26845 has been assigned to this vulnerability. A CVSS v3 base score of
7.5 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:H/I:N/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Energy
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Switzerland

3.4 RESEARCHER

Hitachi ABB Power Grids reported this vulnerability to CISA.

4. MITIGATIONS

Hitachi ABB Power Grids has published an advisory for eSOMS and recommends
users to update affected products as soon as possible. The following
mitigations were developed to address the vulnerability:

  o eSOMS version 6.0.4.2.2
  o eSOMS version 6.1.4
  o eSOMS version 6.3

For additional information and support, contact a product provider or Hitachi
ABB Power Grids service organization. For contact information, see Hitachi ABB
Power Grids contact-centers .

Recommended security practices and firewall configurations can help protect an
organization network from attacks that originate from outside the network. Such
practices include ensuring critical systems are physically protected from
direct access by unauthorized personnel, have no direct connections to the
Internet, and are separated from other networks by means of a firewall that has
a minimal number of ports exposed, and others that must be evaluated case by
case. Critical systems should not be used for Internet surfing, instant
messaging, or receiving e-mails. Portable computers and removable storage media
should be carefully scanned for viruses before they are connected to a control
system.

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. CISA reminds organizations to perform
proper impact analysis and risk assessment prior to deploying defensive
measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability. This
vulnerability is not exploitable remotely.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFQFVeNLKJtyKPYoAQguZg/+IfJauFgQcIUyItZ5MysQYO9LFk0Ajh23
DsgZgUAyoB9m/Z2NB2yK8HoVrELwJ/HM/T+4NVngIRLCTry9Yf84dvfAC8J1i59/
DbYx25xGMYZQS0sGvD8u/PPaoRuG1rlj3MdppfAacPHGi+a5lZMc7lw1txciDtbT
N0B0EqWl/3FC41ZDt+p4Z7gxI/uvNCNx23P6MHrNfvQgqFl2aFg7FpSj4s8TfHHD
Apf3NctpRA37G4FljXNqOAQnv8Q4IbbdohLDnb2U23YNq8Z4IVvNsVamoagbxdjH
wcjTFVkFrc7OAmBHNBDGuqxEHbQDxuWW2oRDLwJ1RRS+QDn1M8OmVG1BfCsdQ06+
spw9+dAsZefibtoSnRwHSQg9eLWsXzXP8tXhSJnTrTQAyLi3t3Tob5rnEEs7suwa
5vnJknPu2+FMaywZtgLj4qkXnufEQqLYyXEUGiS8J5PQGIpJFFZoT13k820i7k2/
DYVmjzT7ewrpFZJLsQX3ROB5ysEHLU7dcT9IwZUFQaP+2k1/eNhGjRGu0/XompZF
NhnYTVNRiFyT2oLppxQ33BWQnoimjEhtBAVJyEAaMuvH3mtIo1/TjnaNdUH5Zbv5
XexTlQxCkRWExqfp/xoglb19mVfx9Bwrwn6p6KwVxLSNriV+uHvI9HgTX8xjw7s8
qljWHKZ7n7s=
=w/YP
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0971 – [Appliance] eSOMS: Access confidential data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/esb-2021-0971-appliance-esoms-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0971-appliance-esoms-access-confidential-data-remote-unauthenticated

ESB-2021.0970 – [Appliance] Johnson Controls exacqVision: Access privileged data – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0970
 Advisory (icsa-21-077-01) Johnson Controls Exacq Technologies exacqVision
                               19 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Johnson Controls exacqVision
Publisher:         ICS-CERT
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-27656  

Original Bulletin: 
   https://us-cert.cisa.gov/ics/advisories/icsa-21-077-01

- --------------------------BEGIN INCLUDED TEXT--------------------

ICS Advisory (ICSA-21-077-01)

Johnson Controls Exacq Technologies exacqVision

Original release date: March 18, 2021

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided
"as is" for informational purposes only. The Department of Homeland Security
(DHS) does not provide any warranties of any kind regarding any information
contained within. DHS does not endorse any commercial product or service,
referenced in this product or otherwise. Further dissemination of this product
is governed by the Traffic Light Protocol (TLP) marking in the header. For more
information about TLP, see https://us-cert.cisa.gov/tlp/ .



1. EXECUTIVE SUMMARY

  o CVSS v3 5.3
  o ATTENTION: Exploitable remotely/low skill level to exploit
  o Vendor: Exacq Technologies, Inc., a subsidiary of Johnson Controls
  o Equipment: exacqVision
  o Vulnerability: Information Exposure

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an unauthenticated
attacker to view system-level information about the exacqVision Web Service and
the operating system.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Johnson Controls reports the vulnerability affects the following Exacq
Technologies products:

  o exacqVision Web Service: All supported versions up to and including
    v20.12.02.0

3.2 VULNERABILITY OVERVIEW

3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200

exacqVision Web Service can expose sensitive information to an actor who is not
explicitly authorized to have access to that information.

CVE-2021-27656 has been assigned to this vulnerability. A CVSS v3 base score of
5.3 has been calculated; the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/
C:N/I:L/A:N ).

3.3 BACKGROUND

  o CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
  o COUNTRIES/AREAS DEPLOYED: Worldwide
  o COMPANY HEADQUARTERS LOCATION: Ireland

3.4 RESEARCHER

Milan Kyselica reported this vulnerability to Johnson Controls, Inc.

4. MITIGATIONS

Johnson Controls recommends users upgrade exacqVision Web Service to v21.03 or
higher.

For more detailed mitigation instructions, please see Johnson Controls Product
Security Advisory JCI-PSA-2021-03 .

CISA recommends users take defensive measures to minimize the risk of
exploitation of this vulnerability. Specifically, users should:

  o Minimize network exposure for all control system devices and/or systems,
    and ensure that they are not accessible from the Internet .
  o Locate control system networks and remote devices behind firewalls, and
    isolate them from the business network.
  o When remote access is required, use secure methods, such as Virtual Private
    Networks (VPNs), recognizing VPNs may have vulnerabilities and should be
    updated to the most current version available. Also recognize VPN is only
    as secure as the connected devices.

CISA reminds organizations to perform proper impact analysis and risk
assessment prior to deploying defensive measures.

CISA also provides a section for control systems security recommended practices
on the ICS webpage on us-cert.cisa.gov . Several recommended practices are
available for reading and download, including Improving Industrial Control
Systems Cybersecurity with Defense-in-Depth Strategies .

Additional mitigation guidance and recommended practices are publicly available
on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper,
ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation
Strategies .

Organizations observing any suspected malicious activity should follow their
established internal procedures and report their findings to CISA for tracking
and correlation against other incidents.

No known public exploits specifically target this vulnerability.

For any questions related to this report, please contact the CISA at:

Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870

CISA continuously strives to improve its products and services. You can help by
choosing one of the links below to provide feedback about this product.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFQFG+NLKJtyKPYoAQgJNA//dFzCcAptjhrQT6ZSsPhOwqaTnqVH7VJi
bhR1iCY+76dry2/QqU8krH04E6vHiuL670qG83Gx4MA5BmCTR5hHnVWqfMLLZ6Jq
NhWlgcLKx1XWsZQED6ugLzZ2u1YnXXD9VYCZqVTKLYETs12WwZBpKQtejCVlVl0g
eIoFBevlLmGRw/SzJ9P+YhoS8KcYsttivanTsmsT75xZX2bu0qPOy3tPgqveNBKU
IFt8Wj3XZzvyjIn8vucfPOIbyegAhVAA8zlflHAu8ub/8o8fv+iQ7yXebYnrCrE7
QFZ/h16bzxeHCzCNhZJhQZBO/SuSV1o0na51a8WjekkkjARVgFRt/k6lNizuvwvO
4YYhJxG5n6KCvfxlX/W81sK6ORE0eckN+4n6LpLPSVWUp69Km+ZBusiZbFFkIca+
+2PmjJBLM3aUX/ZUY4NwDAZo1aP/0t1gXOVn73m4gwXmc3pHeXrisgs5jxSxEWk0
7FrDmJSMZL9kLEjpg8Kj6jgatl+NpeMdzFQaEz/nYGFwDgC5UN6X008ASOYMymfq
Ycb80yVNhFslrWcLwthXWuoWBOVHlYylEu/vztJCnNx8wZ8bCsg0qizWCSlSnW/y
ZI5S+nBaj4KRXg/x1C1t8UKX9+J0u5sz+DmEKTwKTXfsOskW6nXBgCrsyTZAVs0k
XzuRUNWy4vU=
=Hemc
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0970 – [Appliance] Johnson Controls exacqVision: Access privileged data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/esb-2021-0970-appliance-johnson-controls-exacqvision-access-privileged-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0970-appliance-johnson-controls-exacqvision-access-privileged-data-remote-unauthenticated

ESB-2021.0968 – [Debian] shibboleth-sp & shibboleth-sp2: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0968
             shibboleth-sp and shibboleth-sp2 security update
                               19 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           shibboleth-sp
                   shibboleth-sp2
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Provide Misleading Information -- Unknown/Unspecified
                   Reduced Security               -- Unknown/Unspecified
Resolution:        Patch/Upgrade

Reference:         ESB-2021.0952

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2599
   https://www.debian.org/security/2021/dsa-4872

Comment: This bulletin contains two (2) Debian security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2599-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 19, 2021                              https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------

Package        : shibboleth-sp2
Version        : 2.6.0+dfsg1-4+deb9u2
CVE ID         : not yet available
Debian Bug     : 985405

Toni Huttunen discovered that the Shibboleth service provider's template
engine used to render error pages could be abused for phishing attacks.

For additional information please refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20210317.txt

For Debian 9 stretch, this problem has been fixed in version
2.6.0+dfsg1-4+deb9u2.

We recommend that you upgrade your shibboleth-sp2 packages.

For the detailed security status of shibboleth-sp2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/shibboleth-sp2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBT3hwACgkQgj6WdgbD
S5Z1tw/9GKE6ptM+ZVOzgspwoYw+ga4DdMepDqCRvFc02SOcrz+qyFM53FuzngZ9
v44iPDVfh6qEIVinhNXk2Kc67EQEFsWXGW0382rSSiX52kehSd5W+yfSQVEvrnXN
/1wv3Iv3v1ae7liFPpI+74mwZTK6m5QulDXPJek1FBxeY8xaAfkjzLqgNdtgYibv
eWGZ4P4Rte//xdkolnPzvqyOCFYBOKto9hQYJgz7zmVWTy5dW3V83c9OT1N7DgTW
Vei+bAtTU1SIpCdm7B032tzOMC3Vl0pmgE09Hzkf+mEIEglNW45dxhIyF8BXY+QS
wPCuQZ/GKWYyMgHLpEdXi1CXTFB9hIXWHYgavroKdDiVXypv9SNZjdYTgyLfQUZz
iW8nCMgmWiJp9V1Xd4ZsK8THjIdbwckLhPaUW6CPVj7c9i/xiO7DX1bhb0Ncp+EC
17bq+2P00RQndXBPLu7KY/JqRxaZ5xWFbvIhZNyvBE20XYm4mVLXPwUcrDRxsf2v
zZR8ilqYu9EQEZtsU87VzCfr3a+BrQ69/NOjvCayfKF2ezHp20jatb/IQlcelG/B
6l9JSLrSsurOciudWsOZzKGxOHzmtgLveqXiUh/hgl8eIm4UeWkI/tAr7BwMTbYP
2lrKxmYTCJ9YP1NiU1cH/4KlwZbLZ2QBYAlohiNVD3jCxka2uCY=
=s8XL
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4872-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 18, 2021                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : shibboleth-sp
CVE ID         : not yet available
Debian Bug     : 985405

Toni Huttunen discovered that the Shibboleth service provider's template
engine used to render error pages could be abused for phishing attacks.

For additional information please refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20210317.txt

For the stable distribution (buster), this problem has been fixed in
version 3.0.4+dfsg1-1+deb10u1.

We recommend that you upgrade your shibboleth-sp packages.

For the detailed security status of shibboleth-sp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/shibboleth-sp

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBTo9cACgkQEMKTtsN8
TjaGjw/+OREYbcLeTaXdCvtKnJ20e80/anQvxsMFiiLGrNeuVU4HvNjbXHwdjVZJ
8gtGILGWXFfg90ikCnZgIJ6ZGxsDK0zpolIem/Ob/G+iwxQStGculI7IXiDgQThK
kf2TWQJV9SzVvAHelV/9fO5g/BzJn7gjuYNmNVN+ugKTWO2Ei6jTaV/0Fj3Nuc66
FSF1gAf7MU8U+AOfhJ7Q8AelRC+4d13HGwr7vAUDgbbhlDV+wsGg+PRGp540L2FR
AGBE742c/Jt7ulD6LPWLxtWumgbb3etlRM/kFm4vfp613jASOldpvfXvacS72+yh
K2no9NHy66fnMibfX/lnJ0uuvJsxt5pxove9NtDCWhVej6/0HA3lY0um+QKt/DFI
ChPC0ZkL/vWpy1U3VTZgg8GtrXB6uWLvaGNnXOy2i59Ph3Uz/HD9f/H/oEM2m/YA
ihKc6ghvHSBA5Y34zh5eCNK96fgyOoNz8IJRnY6J5hveICm5uvWnYUKeNXI1dSas
eCCQ9bB/Oy16ahqHA1sqeqyFqzBv032QK0Gle5fNWzUBbcYLLiZ0BBHj8N88rw3L
AMg7pFKRDD9dwY+wR5xADETPeEKqqRCc4fI4I2szn5yYOiycngxrF0P92d11eJbV
44VMA2JlAGsCQUBDmmQe5Vh0Nf2YPZUnkdJDp9DaTnMwlJuNzcA=
=5tlR
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFP/suNLKJtyKPYoAQhRPxAAotZfqbMXTaEiIM6P5BgClMkCB8wn599c
CBpCMUZTcmmhKKYezD2i6roCBjYBECmFnmwFNSIApWbcYdpuG6iiDINGmOXcU60Y
CPYq9kkdxF5wzsxTY4Do0roqN+yFyDoCHvcCaZ14W2/XECEwpdy3rzp0QRCR9QzH
cetnriCHaSZ3myXUs8DgRYGG70iTGJro0RbqTn1XGHsjnHEISUaHNT48RbuOuCOf
D0qmMdrB4Yzdh2WPDjT1LHOkXTdBN/qzucekMDQG+6H+VSWNMoGS4rGdh5PVacdx
X1kt6KT4Y0YxOUsRAF4NwAsy06w1wGZbBu/YLN2DjCGjNwNVLdOPwunLxzapKPGj
fQLQ8naNe+QYM9kAwh7sYBPXYB5xOsV/vPypBPiqQ7lm552whX9eG0R5w1UH5ROz
6UW/S8J4CR39R411xLQ50DVeTpbsJz2MbMe1GYETxwI7J7/GT9kXDBOfcG+RuVBx
3rD3b4RunAYWft8ksYM0IkpQVVSgdY7DXKSVIdkVWCbjkFOm3msc41Ky7PI3ytPn
g5RK/VzThACxaFUQtvcu4bVFie4GbNdqZ2UJXxnN8F0T3zRtg3mFhJJe0a4lgMnu
4IkvfDm3XVuHVeB+bg1nAUdAQIYHu38j1IXx1JRWDMGtgJKufDMT5bR4ZOqzQ783
tYMV6O/mjzE=
=qTUf
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0968 – [Debian] shibboleth-sp & shibboleth-sp2: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/esb-2021-0968-debian-shibboleth-sp-shibboleth-sp2-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0968-debian-shibboleth-sp-shibboleth-sp2-multiple-vulnerabilities

ESB-2021.0969 – [Win][UNIX/Linux] Jenkins plugins: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0969
                   Jenkins Security Advisory 2021-03-18
                               19 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           CloudBees AWS Credentials Plugin 1.28.1
                   Libvirt Agents Plugin 1.9.1
                   Matrix Authorization Strategy Plugin 2.6.6
                   Role-based Authorization Strategy Plugin 3.1.1
                   Warnings Next Generation Plugin 8.5.0
Publisher:         Jenkins
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Cross-site Request Forgery -- Remote with User Interaction
                   Access Confidential Data   -- Existing Account            
                   Unauthorised Access        -- Existing Account            
                   Reduced Security           -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21627 CVE-2021-21626 CVE-2021-21625
                   CVE-2021-21624 CVE-2021-21623 

Original Bulletin: 
   https://www.jenkins.io/security/advisory/2021-03-18/

- --------------------------BEGIN INCLUDED TEXT--------------------

Jenkins Security Advisory 2021-03-18

This advisory announces vulnerabilities in the following Jenkins deliverables:

  * CloudBees AWS Credentials Plugin
  * Libvirt Agents Plugin
  * Matrix Authorization Strategy Plugin
  * Role-based Authorization Strategy Plugin
  * Warnings Next Generation Plugin

Descriptions

Incorrect permission checks in Matrix Authorization Strategy Plugin may allow
accessing some items

SECURITY-2180 / CVE-2021-21623

Items (like jobs) can be organized hierarchically in Jenkins, using the Folders
Plugin or something similar. An item is expected to be accessible only if all
its ancestors are accessible as well.

Matrix Authorization Strategy Plugin 2.6.5 and earlier does not correctly
perform permission checks to determine whether an item should be accessible.

This allows attackers with Item/Read permission on nested items to access them,
even if they lack Item/Read permission for parent folders.

Matrix Authorization Strategy Plugin 2.6.6 requires Item/Read permission on
parent items to grant Item/Read permission on an individual item.

As a workaround in older releases, do not grant permissions on individual items
to users who do not have access to parent items.

In case of problems, the Java system property
hudson.security.AuthorizationMatrixProperty.checkParentPermissions can be set
to false, completely disabling this fix.

Incorrect permission checks in Role-based Authorization Strategy Plugin may
allow accessing some items

SECURITY-2182 / CVE-2021-21624

Items (like jobs) can be organized hierarchically in Jenkins, using the Folders
Plugin or something similar. An item is expected to be accessible only if all
its ancestors are accessible as well.

Role-based Authorization Strategy Plugin 3.1 and earlier does not correctly
perform permission checks to determine whether an item should be accessible.

This allows attackers with Item/Read permission on nested items to access them,
even if they lack Item/Read permission for parent folders.

Role-based Authorization Strategy Plugin 3.1.1 requires Item/Read permission on
parent items to grant Item/Read permission on an individual item.

As a workaround in older releases, do not grant permissions on individual items
to users who do not have access to parent items.

In case of problems, the Java system property
com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.checkParentPermissions can
be set to false, completely disabling this fix.

Missing permission checks in CloudBees AWS Credentials Plugin allows
enumerating credentials IDs

SECURITY-2032 / CVE-2021-21625

CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission
check in a helper method for HTTP endpoints.

This allows attackers with Overall/Read permission to enumerate credentials IDs
of AWS credentials stored in Jenkins if any of the following plugins are
installed:

  * Amazon Elastic Container Service (ECS) / Fargate

  * AWS Parameter Store Build Wrapper

  * AWS SAM

Further plugins may use this helper method as well without performing a
permission check themselves.

Credentials IDs obtained this way can be used as part of an attack to capture
the credentials using another vulnerability.

CloudBees AWS Credentials Plugin 1.28.1 performs permission checks in the
helper method for HTTP endpoints.

Missing permission checks in Warnings Next Generation Plugin allow listing
workspace contents

SECURITY-2041 / CVE-2021-21626

Warnings Next Generation Plugin 8.4.4 and earlier does not perform permission
checks in methods implementing form validation.

This allows attackers with Item/Read permission but without Item/Workspace or
Item/Configure permission to check whether attacker-specified file patterns
match workspace contents. A sequence of requests can be used to effectively
list workspace contents.

Warnings Next Generation Plugin 8.5.0 requires Item/Configure permission to
validate patterns with workspace contents.

CSRF vulnerability in Libvirt Agents Plugin

SECURITY-1764 / CVE-2021-21627

Libvirt Agents Plugin 1.9.0 and earlier does not require POST requests for a
form submission endpoint, resulting in a cross-site request forgery (CSRF)
vulnerability.

This vulnerability allows attackers to stop hypervisor domains.

Libvirt Agents Plugin 1.9.1 requires POST requests for the affected HTTP
endpoint.

Severity

  * SECURITY-1764: Medium
  * SECURITY-2032: Medium
  * SECURITY-2041: Medium
  * SECURITY-2180: Medium
  * SECURITY-2182: Medium

Affected Versions

  * CloudBees AWS Credentials Plugin up to and including 1.28
  * Libvirt Agents Plugin up to and including 1.9.0
  * Matrix Authorization Strategy Plugin up to and including 2.6.5
  * Role-based Authorization Strategy Plugin up to and including 3.1
  * Warnings Next Generation Plugin up to and including 8.4.4

Fix

  * CloudBees AWS Credentials Plugin should be updated to version 1.28.1
  * Libvirt Agents Plugin should be updated to version 1.9.1
  * Matrix Authorization Strategy Plugin should be updated to version 2.6.6
  * Role-based Authorization Strategy Plugin should be updated to version 3.1.1
  * Warnings Next Generation Plugin should be updated to version 8.5.0

These versions include fixes to the vulnerabilities described above. All prior
versions are considered to be affected by these vulnerabilities unless
otherwise indicated.

Credit

The Jenkins project would like to thank the reporters for discovering and
reporting these vulnerabilities:

  * Daniel Beck, CloudBees, Inc. for SECURITY-2032, SECURITY-2041,
    SECURITY-2182
  * Wadeck Follonier, CloudBees, Inc. for SECURITY-1764

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFQCcuNLKJtyKPYoAQiSyxAAlY1XMlol6sZtf9dAHK5i+gKJsN9SFXzs
uKGcGCfC1ONnPDTox/9MgvXcxnTdLrlKQ24BqNXMN18Pele2jrfGFuBAnvv7kHCh
Nz+T8vi1iku3V/mmtokae0WGy4DXhpNgRvP+Ks4Ecb9Mx9Bx+jVmRjhnfv8O5wrg
2z/WTSnG7oJ5ISnZcRWj8+cMjFWJioDWpUU8XlfebziAJW9cqZoBrWG0fCfQ2P81
zoeQQgBedKYN9fpYN90LZ51R43BH2FHfqboDvRM1Os6QzCK/araXx0y98mcT7iVl
71tNj+kvLwrsl+TIEKDOSBs1Lo1sJ7aKd4gOfpY0W+N8ZdPf1a9qaL8TxPu8tjZw
fduRiKpWn2AR2ohhaTXMWYhFzoNWk1gg3a50RJu8k+cxcFjPOHOwzMoMe78jrXtW
r53Tv9bw1UmcrXoRwAdA3mu09GVLCb+61GsxcC30ZUON8kcH/uGm0X2sL6Afs7Ug
n902eaicfmRjINEXryCFVfeRaILhLFkhVZvdXPa6l5bhq840oeh7RRfzQog5Ka9g
jaWvQV505HxesS6wPcZGzrZapUpQQBjYyXoCN2U3dkDVV7R31L3LigEfUCV2Pk7/
sxNLIFWyqRsZJeckUnDQ7dv7B3FsLnfny4RBfUJc3NNIBuTMUcjMGk0SwdffwwwC
LukcZ9mjGWY=
=uVlm
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0969 – [Win][UNIX/Linux] Jenkins plugins: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/esb-2021-0969-winunix-linux-jenkins-plugins-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0969-winunix-linux-jenkins-plugins-multiple-vulnerabilities

ESB-2021.0967 – [Win][UNIX/Linux][Debian] squid3: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0967
                          squid3 security update
                               19 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           squid3
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Access Confidential Data -- Existing Account
                   Unauthorised Access      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25097  

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2598

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running squid3 check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2598-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 19, 2021                              https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------

Package        : squid3
Version        : 3.5.23-5+deb9u6
CVE ID         : CVE-2020-25097
Debian Bug     : 985068

Due to improper input validation, Squid is vulnerable to an HTTP
Request Smuggling attack.

This problem allows a trusted client to perform HTTP Request
Smuggling and access services otherwise forbidden by Squid
security controls.

For Debian 9 stretch, this problem has been fixed in version
3.5.23-5+deb9u6.

We recommend that you upgrade your squid3 packages.

For the detailed security status of squid3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/squid3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBT0ZoACgkQgj6WdgbD
S5bEBRAAjzDwrHj/ieW95GhsAgSpNdxruHxF2NXRi1IqYhVvpQx2ApJU5sq3LvEM
qLdg7iNyNhPjqasuMWM8XTRHRU0tdMYiKijXYYa0nUyT8g/TkLddG+ySC2698EyJ
h6Ct8XJnvBzgT6rVyZ8zl6q5geTXhAHf0s/lyVBqXoLYimdZuY7+3Q27D72xZokQ
Pv4e9l9OuolaovudsNBOqP1PNmYsLyHrMqXOYbCi6p5Re/1HuSu4aCAg9w3ArR3z
+6fDmPjNEj3HeDBH7w989GEm3pIKjEp7Oe/qr133up9XWdxLtjKR2ZEByb4d56UM
Rlh2MSGgtVt+D+aWSURcU8e+5qL/82S2HSURzwxtBrdxgz0Cd9zsfAr/SNioUZqX
8dHMNbpx395TesEAmIeD8/FNu/hcKeYsq3/H6dmJARUSgNZ3tZ/VZwaG91Z/xfe4
v6+ieHIahFaJ/nwDqDLpYOJ74+30w7kM8P6fz9sQCmzWuWMRsN3pBdJ245o/RzKL
yFdnLUPYJjcVm6Z7rFjfRPgXNDQ3bwyw1KM3ktiHRg9rpgVhnqtyJltaN//MtcjF
PBTcubOOesHEwlW5szkhSwbZOfkiWAM3sbZzvJaK1z2JZS19NsmVOK1iLIqNUWQP
s7yjn3bRQ4S9+OWtpCm85I56sqxyiGuOSZnwM4lJUxObrjXKGuk=
=8i0g
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFP/TuNLKJtyKPYoAQgpKA/+M6KJCG4wCQrBLR0Cn0kahiGJBxAnnxyn
QTqrcomSon17ik/cYAS4Gpz7ZzSQ+8WrbwK2OrJcQfBg8eKd+w5UKf1K22q3YHWz
hrJgULRFoeaIw6YMa3ItKukcaHp+Lc/jmy6cGoaTUJh09t7d1i5eUHb5o3eCUshK
vQX+bcdsZG9PyN89mavQ0c9h+q+f9VnPEH0v1rk6t1QkncB8ER9f4q6CN/Vk07nu
xwcQ8tRSOi0uTS1EislUMJZI02+KgPrP0BnLsBjhj7o2wXZ17r0D24HljMbxMQQN
TWyaEdqBdKRW+CzITeU2Eo32+bEnqcAFkIq/iq+zaowqnPPk9q6VMSXTvmx+0kGb
CnDY8EvaTNsxP2U8FZgwQE0KhiIfvMRSv/yORcnJJJAjQdsVEvFI77QB6P8C0UwL
/OuZDbE0W+BMjssYduYZKF+USB2QlCpxdyoI+hcMAbHT/tqqlTNfHkvCbPqO0iy0
0ggZclkz0iedu5izfHc8dbRQXaQG6MD7al6ln9ISkNObo0UrLsoMm233clwJhZOG
eEfYpsgnmlqiOdp+5QjyrmVGSFACs/rmxe2liuJgK/L8jp+kOFBZ+g+aK2sOEyR3
ryQi4IbIZXGq4Dyu8Wo33R74ITb1WlXMYhF5m9c/RpMPPtc+vH3CbEOlHXiJ+t0A
uR+g8grb1w0=
=VBT4
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0967 – [Win][UNIX/Linux][Debian] squid3: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/esb-2021-0967-winunix-linuxdebian-squid3-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0967-winunix-linuxdebian-squid3-multiple-vulnerabilities

ESB-2021.0966 – [Linux][Virtual] Xen: Denial of service – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0966
                     HVM soft-reset crashes toolstack
                               19 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Xen
Publisher:         Xen
Operating System:  Linux variants
                   Xen
Impact/Access:     Denial of Service -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-28687  

Original Bulletin: 
   http://xenbits.xen.org/xsa/advisory-368.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

            Xen Security Advisory CVE-2021-28687 / XSA-368
                              version 3

                   HVM soft-reset crashes toolstack

UPDATES IN VERSION 3
====================

CVE assigned.

ISSUE DESCRIPTION
=================

libxl requires all data structures passed across its public interface
to be initialized before use and disposed of afterwards by calling a
specific set of functions.  Many internal data structures also require
this initialize / dispose discipline, but not all of them.

When the "soft reset" feature was implemented, the
libxl__domain_suspend_state structure didn't require any
initialization or disposal.  At some point later, an initialization
function was introduced for the structure; but the "soft reset" path
wasn't refactored to call the initialization function.  When a guest
nwo initiates a "soft reboot", uninitialized data structure leads to
an assert() when later code finds the structure in an unexpected
state.

The effect of this is to crash the process monitoring the guest.  How
this affects the system depends on the structure of the toolstack.

For xl, this will have no security-relevant effect: every VM has its
own independent monitoring process, which contains no state.  The
domain in question will hang in a crashed state, but can be destroyed
by `xl destroy` just like any other non-cooperating domain.

For daemon-based toolstacks linked against libxl, such as libvirt,
this will crash the toolstack, losing the state of any in-progress
operations (localized DoS), and preventing further administrator
operations unless the daemon is configured to restart automatically
(system-wide DoS).  If crashes "leak" resources, then repeated crashes
could use up resources, also causing a system-wide DoS.

IMPACT
======

A malicious guest can crash the management daemon, leading to at least
a localized, possibly system-wide denial-of-service.

VULNERABLE SYSTEMS
==================

Only Xen versions 4.12 through 4.14 are affected.  Earlier versions
are not affected.

The issue affects only systems with a guest monitoring process, which
is linked against libxl, and which is important other than simply for
the functioning of one particular guest.  libvirt is one common
toolstack affected.  Systems using the `xl` command-line tool should
generally suffer no security-relevant effects.

The xapi toolstack does not currently link against libxl, and so is
not affected.

MITIGATION
==========

Ensuring that any management daemons are restarted automatically after
a crash will partially mitigate the issue.

CREDITS
=======

This issue was discovered by Olaf Hering.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball.  Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.

xsa368.patch           xen-unstable
xsa368-4.14.patch      Xen 4.14.x
xsa368-4.13.patch      Xen 4.13.x - Xen 4.12.x

$ sha256sum xsa368*
e80f33c3ce45372fef7bd91ec71b2b66e557176b79f9771872ce111bfff34150  xsa368.meta
b82f2b110514cdf47a2688913ad5af68b01050751d56705a15ddf9a970b6fa0d  xsa368.patch
636df70ae5eaf00b50ef0b5ac219a2aeda771c66833fae88e7ee43b18ae889f4  xsa368-4.13.patch
55bbe59c75b69f493e364dfcf6cdbc7db4acd32dbf0b4d2466815b7c1f1823ce  xsa368-4.14.patch
$

DEPLOYMENT DURING EMBARGO
=========================

Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.

But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).

Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.


(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable.  This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)

For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
  http://www.xenproject.org/security-policy.html
- -----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmBTXAAMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZdgcH/RTW41tLPh8KHJ+82qefaI2EUBK3nmNnR5hnye3c
9GPP/QB7QdHp+JSIRTAZxOayBQeFEcYSX/5VxDypIiqT02wHS9hDr3jcpOfGLcdt
MiN9kB3vYqe353Lask0mN7AX3J5v3wvrYzBRx9ccaYcX/Jcubrx6Jy5laQSYpTUu
4GCeLZQ2tHI8N3ZHiKI7YUyxmn9vKgvFil1gyuk8L5x6npnW4ixdWF0MRyHe7wbS
dbZbug0g6bbJbs4CFZbm1CbQjGGOwznfT8z9ppmgPdi+33X+Cimz3wlbpXeJKpZk
/nJObobdPGk7ClChvUjntv0oaZ+2zFoUoe3Yc08aa+B29e8=
=Dehk
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYFP2TONLKJtyKPYoAQgPTQ//UGkS8IoLUJBvu2D2ssVBL1bfQqXfxm8i
4xEZjsJfGm1ZS01IuIN1o7XZXY7Gckzmv60cyFdFXatBbeJIhsnh2ufDVQdwwfp9
1ZsjoC5NjcIsKMi05upcr4zG1scjSLIqwRP/+Cy1WEyYkbNjMFr3N6+9KlbWi8J/
/yddgLQ5Ro6N5Ktf/u88VHS/BkZrx1VQyFyTnVZ+8LUfe/TBukUg4jrV2JVjY0gE
jXBubp1bIjzQqBVnKFFiT0zo17abSyRu6Vd9Rr/47ECnL8FvCC6kpT+wXUAjZ4XZ
S/fRM0LDcbfixhXhQwGwzdBjx11gOzIqaNVoaUbyfhnsyE+9FvmGArvmWQ50HHtD
Lu8qNe1mK4DUWrMNoN0TkAY57KRe0vvsdXj6pCwv4fBcHKYWaCsmo4sONBkuhDMz
0LpiftA68OKqKSg2UlXzBM7bFrWVzMAaAaeG0n8ne8JisqmKptGqQ0jdt1jLEyeW
q8g3l+IOFw1n3ckzEYNDqeURSJ+IyIj8HFM7vDN1WSPseGTx8IXxWDpe4v+w9c/r
t4akv0oLb1S+hF8EGp/3Z8euGsgpmt3+IZ/GOZjY7i5SfUOF6fxvnkisXz1qJPF0
LWBGrvQ7bLdiGVf0bFHdwsHhE9Ox8Zj7NPqz1GjOOGzyzCToY8Gl9clQ45is98dc
ARQIOglYbDg=
=nIh2
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0966 – [Linux][Virtual] Xen: Denial of service – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/esb-2021-0966-linuxvirtual-xen-denial-of-service-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0966-linuxvirtual-xen-denial-of-service-unknown-unspecified

Network Security News Summary for Friday March 19th, 2021

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Friday March 19th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/network-security-news-summary-for-friday-march-19th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-friday-march-19th-2021

Getting The Real Work Done With Plextrac – Dan DeCloss – PSW #687

Dan will run through some customer testimonials on how they are using Plextrac effectively to get the real work done in security!

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw687

The post Getting The Real Work Done With Plextrac – Dan DeCloss – PSW #687 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/getting-the-real-work-done-with-plextrac-dan-decloss-psw-687-2/?utm_source=rss&utm_medium=rss&utm_campaign=getting-the-real-work-done-with-plextrac-dan-decloss-psw-687-2

Getting The Real Work Done With Plextrac – Dan DeCloss – PSW #687

Dan will run through some customer testimonials on how they are using Plextrac effectively to get the real work done in security!

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw687

The post Getting The Real Work Done With Plextrac – Dan DeCloss – PSW #687 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/getting-the-real-work-done-with-plextrac-dan-decloss-psw-687/?utm_source=rss&utm_medium=rss&utm_campaign=getting-the-real-work-done-with-plextrac-dan-decloss-psw-687

2021-03-18 – Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511)

Read More

The post 2021-03-18 – Hancitor (Chanitor) activity (MAN1/Moskalvzapoe/TA511) appeared first on Malware Devil.

https://malwaredevil.com/2021/03/19/2021-03-18-hancitor-chanitor-activity-man1-moskalvzapoe-ta511-2/?utm_source=rss&utm_medium=rss&utm_campaign=2021-03-18-hancitor-chanitor-activity-man1-moskalvzapoe-ta511-2

Tinder, Schneider Electric, Chrome, Ulysses, Mirai, & Zero Days – Wrap Up – SWN #108

Dr. Doug talks Tinder, Schneider Electric, Chrome, Ulysses, Mirai, as well as his Favorite Threat of the Week, all the show Wrap Ups from this week, & more!

Time Stamps:

7:43 – Favorite threat of the Week!
14:45 – Operation DianXun targets Telcos and 5G
16:11 – Mirai botnet is now targetting D-Link, Netgear, and Sonicwall
19:09 – SMS is not secure, say it isn’t so
22:02 – Chrome Zero Day is the Third in Three Months
23:47 – Claroty finds vulnerabilities in Schneider Electric Smart Meters
25:53 – Ulysses Group claims they can track pretty much any vehicle, any time, any where
27:05 – Tinder adds Garbo as a background check for dates

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn108

The post Tinder, Schneider Electric, Chrome, Ulysses, Mirai, & Zero Days – Wrap Up – SWN #108 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/tinder-schneider-electric-chrome-ulysses-mirai-zero-days-wrap-up-swn-108/?utm_source=rss&utm_medium=rss&utm_campaign=tinder-schneider-electric-chrome-ulysses-mirai-zero-days-wrap-up-swn-108

Crypto is what keeps your critical data secure. Governance is what makes it effective.

Your business’s critical infrastructure most likely relies on several systems across your digital environment. Whatever those systems may be, there…

The post Crypto is what keeps your critical data secure. Governance is what makes it effective. appeared first on Entrust Blog.

The post Crypto is what keeps your critical data secure. Governance is what makes it effective. appeared first on Security Boulevard.

Read More

The post Crypto is what keeps your critical data secure. Governance is what makes it effective. appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/crypto-is-what-keeps-your-critical-data-secure-governance-is-what-makes-it-effective/?utm_source=rss&utm_medium=rss&utm_campaign=crypto-is-what-keeps-your-critical-data-secure-governance-is-what-makes-it-effective

Joy Of Tech® ‘A Chip Crisis’

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech®!

Permalink

The post Joy Of Tech® ‘A Chip Crisis’ appeared first on Security Boulevard.

Read More

The post Joy Of Tech® ‘A Chip Crisis’ appeared first on Malware Devil.

https://malwaredevil.com/2021/03/18/joy-of-tech-a-chip-crisis/?utm_source=rss&utm_medium=rss&utm_campaign=joy-of-tech-a-chip-crisis