Security Pop Quiz! q486.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com
    Quick Heal Threat Post Naked Security ESET CIS
    • Why TikTok is the Latest Security Threat Thu, 06 Aug 2020 14:30:48 +0000

      TikTok is a widely-popular social media platform owned by the Chinese technology company ByteDance. Though its stated intention is to share short dance and lip-sync videos, it has become a substantial player in the targeted advertising business in recent years. TikTok and Data Collection TikTok gained an edge through its ability to collect sensitive data […]

      The post Why TikTok is the Latest Security Threat appeared first on CIS.

    Malware Patrol SecList
    • Spam and phishing in Q2 2020
      In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points from the previous reporting period.
    MySonicWall

    Critical Infrastructure

    Case Studies

    Tools

    Exploits

    Last 20 Website Defacements - Zone-h

    Press Play to hear the answer!

    Advisories

    • Ubuntu Security Notice USN-4451-2 Thu, 06 Aug 2020 17:07:08 GMT
      Ubuntu Security Notice 4451-2 - USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-3358-01 Thu, 06 Aug 2020 17:07:01 GMT
      Red Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
    • Red Hat Security Advisory 2020-3345-01 Thu, 06 Aug 2020 17:06:54 GMT
      Red Hat Security Advisory 2020-3345-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-3344-01 Thu, 06 Aug 2020 17:06:47 GMT
      Red Hat Security Advisory 2020-3344-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-3341-01 Thu, 06 Aug 2020 17:06:39 GMT
      Red Hat Security Advisory 2020-3341-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-3342-01 Thu, 06 Aug 2020 17:06:31 GMT
      Red Hat Security Advisory 2020-3342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-3343-01 Thu, 06 Aug 2020 17:06:24 GMT
      Red Hat Security Advisory 2020-3343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Issues addressed include a use-after-free vulnerability.
    • Ubuntu Security Notice USN-4453-1 Thu, 06 Aug 2020 17:06:16 GMT
      Ubuntu Security Notice 4453-1 - Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. Philippe Arteau discovered that OpenJDK 8 incorrectly verified names in TLS server's X.509 certificates. An attacker could possibly use this issue to obtain sensitive information. It was discovered that OpenJDK 8 incorrectly handled exceptions in DerInputStream class and in the DerValue.equals method. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-3328-01 Wed, 05 Aug 2020 15:24:34 GMT
      Red Hat Security Advisory 2020-3328-01 - Red Hat Ansible Tower 3.7.2-1 has addressed for security issues.
    • Red Hat Security Advisory 2020-3329-01 Wed, 05 Aug 2020 15:22:32 GMT
      Red Hat Security Advisory 2020-3329-01 - Red Hat Ansible Tower has had multiple bug fixes addressed including a security issue.
    • Ubuntu Security Notice USN-4441-2 Wed, 05 Aug 2020 15:21:26 GMT
      Ubuntu Security Notice 4441-2 - USN-4441-1 fixed vulnerabilities in MySQL. The new upstream version changed compiler options and caused a regression in certain scenarios. This update fixes the problem. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues.
    • Red Hat Security Advisory 2020-3184-01 Wed, 05 Aug 2020 15:21:19 GMT
      Red Hat Security Advisory 2020-3184-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
    • Red Hat Security Advisory 2020-3183-01 Wed, 05 Aug 2020 15:21:11 GMT
      Red Hat Security Advisory 2020-3183-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
    • Ubuntu Security Notice USN-4432-2 Wed, 05 Aug 2020 15:21:04 GMT
      Ubuntu Security Notice 4432-2 - USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems , preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4452-1 Wed, 05 Aug 2020 15:20:55 GMT
      Ubuntu Security Notice 4452-1 - Trent Shea discovered that the libvirt package set incorrect permissions on the UNIX domain socket. A local attacker could use this issue to access libvirt and escalate privileges.
    • Ubuntu Security Notice USN-4450-1 Wed, 05 Aug 2020 15:20:41 GMT
      Ubuntu Security Notice 4450-1 - Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A local attacker could use this issue to cause Whoopsie to consume memory, resulting in a denial of service. Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files. A local attacker could use this issue to cause Whoopsie to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4451-1 Wed, 05 Aug 2020 15:19:37 GMT
      Ubuntu Security Notice 4451-1 - Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code.
    • Ubuntu Security Notice USN-4448-1 Wed, 05 Aug 2020 15:19:31 GMT
      Ubuntu Security Notice 4448-1 - It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain environments where Tomcat is located behind a reverse proxy, a remote attacker could possibly use this issue to perform HTTP Request Smuggling. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4449-1 Wed, 05 Aug 2020 15:19:24 GMT
      Ubuntu Security Notice 4449-1 - Ryota Shiga discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. Ryota Shiga discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4447-1 Wed, 05 Aug 2020 15:19:18 GMT
      Ubuntu Security Notice 4447-1 - It was discovered that libssh incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service.
    • Red Hat Security Advisory 2020-3247-01 Tue, 04 Aug 2020 14:26:33 GMT
      Red Hat Security Advisory 2020-3247-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. Issues addressed include code execution and cross site scripting vulnerabilities.
    • Red Hat Security Advisory 2020-3308-01 Tue, 04 Aug 2020 14:26:05 GMT
      Red Hat Security Advisory 2020-3308-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
    • Red Hat Security Advisory 2020-3306-01 Tue, 04 Aug 2020 14:25:59 GMT
      Red Hat Security Advisory 2020-3306-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.3.2 serves as a replacement for Red Hat JBoss Web Server 5.3.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a denial of service vulnerability.
    • Red Hat Security Advisory 2020-3305-01 Tue, 04 Aug 2020 14:25:52 GMT
      Red Hat Security Advisory 2020-3305-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
    • Red Hat Security Advisory 2020-3303-01 Tue, 04 Aug 2020 14:25:46 GMT
      Red Hat Security Advisory 2020-3303-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 10 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.