🕴 The Realities of Extended Detection and Response (XDR) Technology 🕴
📖 Read
via "Dark Reading".
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.📖 Read
via "Dark Reading".
Dark Reading
The Realities of Extended Detection and Response (XDR) Technology
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
‼ CVE-2021-21974 ‼
📖 Read
via "National Vulnerability Database".
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11988 ‼
📖 Read
via "National Vulnerability Database".
Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21972 ‼
📖 Read
via "National Vulnerability Database".
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27224 ‼
📖 Read
via "National Vulnerability Database".
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7836 ‼
📖 Read
via "National Vulnerability Database".
VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerability caused by improper bound checking parameter given by attack. It finally leads to a stack-based buffer overflow via access to crafted web page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11987 ‼
📖 Read
via "National Vulnerability Database".
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21973 ‼
📖 Read
via "National Vulnerability Database".
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4931 ‼
📖 Read
via "National Vulnerability Database".
IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authenticated user to cause a denial of service due to an issue processing messages. IBM X-Force ID: 191747.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22667 ‼
📖 Read
via "National Vulnerability Database".
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).📖 Read
via "National Vulnerability Database".
🕴 Kaseya Buys Managed SOC Provider 🕴
📖 Read
via "Dark Reading".
Purchase extends offerings for MSP and SMB customers📖 Read
via "Dark Reading".
Dark Reading
Kaseya Buys Managed SOC Provider
Purchase extends offerings for MSP and SMB customers
🔏 IRS Warns of EFIN Tax Phishing Scam 🔏
📖 Read
via "Digital Guardian".
It's that time of the year again: The IRS and Security Summit Partners are warning about a new phishing scam aiming to steal client data and tax preparers' identities.📖 Read
via "Digital Guardian".
Digital Guardian
IRS Warns of EFIN Tax Phishing Scam
It's that time of the year again: The IRS and Security Summit Partners are warning about a new phishing scam aiming to steal client data and tax preparers' identities.
🕴 Google Invests in Linux Kernel Developers to Focus on Security 🕴
📖 Read
via "Dark Reading".
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.📖 Read
via "Dark Reading".
Dark Reading
Google Invests in Linux Kernel Developers to Focus on Security
Google will fund two full-time Linux kernel developers to maintain and improve Linux security in the long term.
❌ Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking ❌
📖 Read
via "Threat Post".
Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.📖 Read
via "Threat Post".
Threat Post
Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking
Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.
‼ CVE-2021-1450 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending one or more crafted IPC messages to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. Note: The process under attack will automatically restart so no action is needed by the user or admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1368 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted Cisco UDLD protocol packets to a directly connected, affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco UDLD process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The UDLD feature is disabled by default, and the conditions to exploit this vulnerability are strict. The attacker needs full control of a directly connected device. That device must be connected over a port channel that has UDLD enabled. To trigger arbitrary code execution, both the UDLD-enabled port channel and specific system conditions must exist. In the absence of either the UDLD-enabled port channel or the system conditions, attempts to exploit this vulnerability will result in a DoS condition. It is possible, but highly unlikely, that an attacker could control the necessary conditions for exploitation. The CVSS score reflects this possibility. However, given the complexity of exploitation, Cisco has assigned a Medium Security Impact Rating (SIR) to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1230 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a routing process to crash, which could lead to a denial of service (DoS) condition. This vulnerability is due to an issue with the installation of routes upon receipt of a BGP update. An attacker could exploit this vulnerability by sending a crafted BGP update to an affected device. A successful exploit could allow the attacker to cause the routing process to crash, which could cause the device to reload. This vulnerability applies to both Internal BGP (IBGP) and External BGP (EBGP). Note: The Cisco implementation of BGP accepts incoming BGP traffic from explicitly configured peers only. To exploit this vulnerability, an attacker would need to send a specific BGP update message over an established TCP connection that appears to come from a trusted BGP peer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1393 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. For more information about these vulnerabilities, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1227 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker could exploit this vulnerability by persuading a user of the NX-API to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. The attacker could view and modify the device configuration. Note: The NX-API feature is disabled by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1387 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-1231 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic.📖 Read
via "National Vulnerability Database".