β Cisco Warns of Critical Nexus 9000 Data Center Flaw β
π Read
via "Threatpost".
Part of a slew of patches from the networking vendor, the CVSS 9.8 bug allows remote takeover of a vulnerable device.π Read
via "Threatpost".
Threat Post
Cisco Warns of Critical Nexus 9000 Data Center Flaw
Part of a slew of patches from the networking vendor, the CVSS 9.8 bug allows remote takeover of a vulnerable device.
π 6 ways to strengthen your password π
π Read
via "Security on TechRepublic".
Make an effort to secure your digital life with these helpful, easy-to-follow password tips.π Read
via "Security on TechRepublic".
TechRepublic
6 ways to strengthen your password
Make an effort to secure your digital life with these helpful, easy-to-follow password tips.
π NIST Sets New Standard for Data Encryption Testing π
π Read
via "Subscriber Blog RSS Feed ".
NIST has updated the Federal Information Processing Standard, or FIPS, to align with the international standard, ISO 19790 for the first time,π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NIST Sets New Standard for Data Encryption Testing
NIST has updated the Federal Information Processing Standard, or FIPS, to align with the international standard, ISO 19790 for the first time,
ATENTIONβΌ New - CVE-2018-14559 (ac10_firmware, ac7_firmware, ac9_firmware)
π Read
via "National Vulnerability Database".
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the list parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14557 (ac10_firmware, ac7_firmware, ac9_firmware)
π Read
via "National Vulnerability Database".
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A buffer overflow vulnerability exists in the router's web server (httpd). When processing the page parameters for a post request, the value is directly written with sprintf to a local variable placed on the stack, which overrides the return address of the function, a causing buffer overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12244 (endpoint_protection)
π Read
via "National Vulnerability Database".
SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 RU1 may be susceptible to a CSV/DDE injection (also known as formula injection) vulnerability, which is a type of issue whereby an application or website allows untrusted input into CSV files.π Read
via "National Vulnerability Database".
π΄ Real-World Use, Risk of Open Source Code π΄
π Read
via "Dark Reading: ".
Organizations are using more open source software than ever before, but managing that code remains a challenge.π Read
via "Dark Reading: ".
Dark Reading
Real-World Use, Risk of Open Source Code
Organizations are using more open source software than ever before, but managing that code remains a challenge.
β Dell Security Support Tool Harbors High-Severity Flaws β
π Read
via "Threatpost".
Dell has patched two high-severity vulnerabilities in its SupportAssist software meant to aid security issues for customers.π Read
via "Threatpost".
Threat Post
Dell Security Support Tool Harbors High-Severity Flaws
Dell has patched two high-severity vulnerabilities in its software meant to support hardware issues for customers.
β Ladders, SkyMed Leak Employment, Medical Data for Millions β
π Read
via "Threatpost".
One of the misconfigured Elasticsearch databases showed evidence of a ransomware attack.π Read
via "Threatpost".
Threat Post
Ladders, SkyMed Leak Employment, Medical Data for Millions
One of the misconfigured Elasticsearch databases showed evidence of a ransomware attack.
ATENTIONβΌ New - CVE-2017-18374
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18373
π Read
via "National Vulnerability Database".
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18372
π Read
via "National Vulnerability Database".
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18371
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18370
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18369
π Read
via "National Vulnerability Database".
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18368
π Read
via "National Vulnerability Database".
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.π Read
via "National Vulnerability Database".
π΄ Security Depends on Careful Design π΄
π Read
via "Dark Reading: ".
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.π Read
via "Dark Reading: ".
Darkreading
Security Depends on Careful Design
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
β D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream β
π Read
via "Threatpost".
Researchers warn customers to reconsider the use of the cameraβs remote access feature if the device is monitoring highly sensitive areas of their household or company.π Read
via "Threatpost".
Threat Post
D-Link Cloud Camera Flaw Gives Hackers Access to Video Stream
Researchers warn customers to reconsider the use of the cameraβs remote access feature if the device is monitoring highly sensitive areas of their household or company.
π΄ Security Doesn't Trust IT - and IT Doesn't Trust Security π΄
π Read
via "Dark Reading: ".
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.π Read
via "Dark Reading: ".
Darkreading
Security Doesn't Trust IT β and IT Doesn't Trust Security
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.
π΄ Misconfigured Ladders Database Exposed 13M User Records π΄
π Read
via "Dark Reading: ".
Job-hunting site Ladders leaves job seeker data exposed on the Internet.π Read
via "Dark Reading: ".
Darkreading
Misconfigured Ladders Database Exposed 13M User Records
Job-hunting site Ladders leaves job seeker data exposed on the Internet.
π How to use the Enpass Password Audit tools π
π Read
via "Security on TechRepublic".
If Enpass is your password manager of choice, there are three handy audit tools you should be using. Jack Wallen explains.π Read
via "Security on TechRepublic".