β Forget BlueKeep: Beware the GoldBrute β
π Read
via "Threatpost".
A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days β and counting.π Read
via "Threatpost".
Threat Post
Forget BlueKeep: Beware the GoldBrute
A botnet has appeared that has attempted to brute-force 1.5 million RDP connections to Windows systems in the last few days β and counting.
ATENTIONβΌ New - CVE-2018-6185
π Read
via "National Vulnerability Database".
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for these commands are keytrustee.kms.acl.PURGE and keytrustee.kms.acl.UNDELETE respectively. The default value for the ACLs in Key Trustee KMS 5.12.0 and 5.13.0 is "*" which allows anyone with knowledge of the name of an encryption zone key and network access to the Key Trustee KMS to make those calls against known encryption zone keys. This can result in the recovery of a previously deleted, but not purged, key (undelete) or the deletion of a key in active use (purge) resulting in loss of access to encrypted HDFS data.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-5798
π Read
via "National Vulnerability Database".
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-5265
π Read
via "National Vulnerability Database".
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20135
π Read
via "National Vulnerability Database".
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20091
π Read
via "National Vulnerability Database".
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CDSW passwords (in the case of local authentication), API keys, and stored Kerberos keytabs.π Read
via "National Vulnerability Database".
π΄ Massive Changes to Tech and Platforms, But Cybercrime? Not So Much π΄
π Read
via "Dark Reading: ".
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.π Read
via "Dark Reading: ".
Darkreading
Massive Changes to Tech and Platforms, But Cybercrime? Not So Much
The still-relevant recommendation is to invest more in law enforcement, concludes an economic study of cybercrime.
ATENTIONβΌ New - CVE-2018-20014
π Read
via "National Vulnerability Database".
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19999
π Read
via "National Vulnerability Database".
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability, an attacker must have local access the the host running Serv-U, and a Serv-U administrator have an active management console session.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19860
π Read
via "National Vulnerability Database".
Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19802
π Read
via "National Vulnerability Database".
aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 2 of 3).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19801
π Read
via "National Vulnerability Database".
aubio v0.4.0 to v0.4.8 has a NULL pointer dereference (issue 1 of 6).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19800
π Read
via "National Vulnerability Database".
aubio v0.4.0 to v0.4.8 has a Buffer Overflow (issue 1 of 3).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19465
π Read
via "National Vulnerability Database".
Maccms through 8.0 allows XSS via the site_keywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/system_config.html, related to template/paody/html/vod_index.html.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19462
π Read
via "National Vulnerability Database".
admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19461
π Read
via "National Vulnerability Database".
admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL syntax to admin/admin.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19452
π Read
via "National Vulnerability Database".
A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19451
π Read
via "National Vulnerability Database".
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.π Read
via "National Vulnerability Database".
π 5 reasons why you should use a password manager π
π Read
via "Security on TechRepublic".
Need a reason to use a password manager? How about five?π Read
via "Security on TechRepublic".
TechRepublic
5 Reasons Why You Should Use a Password Manager
A password manager securely stores and auto-fills passwords. Learn why using a password manager boosts security, saves time, and protects accounts.
π΄ Vulnerability Found in Millions of Email Systems π΄
π Read
via "Dark Reading: ".
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability Found in Millions of Email Systems
The vuln could allow remote execution of code with root privilege in more than 4.1 million systems.
β Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover β
π Read
via "Threatpost".
Time's up on public disclosure of six serious bugs impacting the vendorβs IPM-721S model security camera.π Read
via "Threatpost".
Threat Post
Critical Flaws in Amcrest HDSeries Camera Allow Complete Takeover
Time's up on public disclosure of six serious bugs impacting the vendorβs IPM-721S model security camera.