Security Pop Quiz! q471.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com
    Quick Heal Threat Post Naked Security ESET CIS
    • September 2020 Top 10 Malware Tue, 20 Oct 2020 12:00:57 +0000

      In September 2020, we had 3 malware return to the Top 10: CoinMiner, CryptoWall, and Emotet. The Top 10 Malware variants composed 87% of Total Malware activity in September 2020, up from 78% in August 2020. This increase is largely due to the recent Shlayer campaign ramping up, as the education year begins for universities […]

      The post September 2020 Top 10 Malware appeared first on CIS.

    Malware Patrol SecList
    • On the trail of the XMRig miner
      As protection methods improve, the developers of miners have had to enhance their own creations, often turning to non-trivial solutions. Several such solutions (previously unseen by us) were detected during our analysis of the open source miner XMRig.
    MySonicWall

    Critical Infrastructure

    Case Studies

    Tools

    Exploits

    Last 20 Website Defacements - Zone-h

    Press Play to hear the answer!

    Advisories

    • Ubuntu Security Notice USN-4599-1 Fri, 23 Oct 2020 13:11:09 GMT
      Ubuntu Security Notice 4599-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.
    • Gentoo Linux Security Advisory 202010-07 Fri, 23 Oct 2020 13:11:03 GMT
      Gentoo Linux Security Advisory 202010-7 - A buffer overflow in FreeType might allow remote attacker(s) to execute arbitrary code. Versions less than 2.10.3-r1 are affected.
    • Ubuntu Security Notice USN-4601-1 Thu, 22 Oct 2020 23:56:16 GMT
      Ubuntu Security Notice 4601-1 - It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack.
    • Red Hat Security Advisory 2020-4317-01 Thu, 22 Oct 2020 23:56:11 GMT
      Red Hat Security Advisory 2020-4317-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-4316-01 Thu, 22 Oct 2020 23:56:03 GMT
      Red Hat Security Advisory 2020-4316-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
    • Ubuntu Security Notice USN-4600-1 Thu, 22 Oct 2020 23:55:57 GMT
      Ubuntu Security Notice 4600-1 - It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information.
    • Red Hat Security Advisory 2020-4315-01 Thu, 22 Oct 2020 23:55:51 GMT
      Red Hat Security Advisory 2020-4315-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-4310-01 Thu, 22 Oct 2020 23:55:44 GMT
      Red Hat Security Advisory 2020-4310-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-4312-01 Thu, 22 Oct 2020 17:19:48 GMT
      Red Hat Security Advisory 2020-4312-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include an XML injection vulnerability.
    • Red Hat Security Advisory 2020-4311-01 Thu, 22 Oct 2020 17:19:42 GMT
      Red Hat Security Advisory 2020-4311-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
    • Red Hat Security Advisory 2020-4307-01 Thu, 22 Oct 2020 17:19:35 GMT
      Red Hat Security Advisory 2020-4307-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
    • Ubuntu Security Notice USN-4598-1 Thu, 22 Oct 2020 17:19:28 GMT
      Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
    • Ubuntu Security Notice USN-4597-1 Thu, 22 Oct 2020 17:18:38 GMT
      Ubuntu Security Notice 4597-1 - Fran
    • Red Hat Security Advisory 2020-4304-01 Thu, 22 Oct 2020 17:18:18 GMT
      Red Hat Security Advisory 2020-4304-01 - RHACM 2.0.4 images Red Hat Advanced Cluster Management provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include a bypass vulnerability.
    • Red Hat Security Advisory 2020-4305-01 Thu, 22 Oct 2020 17:17:28 GMT
      Red Hat Security Advisory 2020-4305-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
    • Red Hat Security Advisory 2020-4306-01 Thu, 22 Oct 2020 17:17:18 GMT
      Red Hat Security Advisory 2020-4306-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
    • Red Hat Security Advisory 2020-4223-01 Thu, 22 Oct 2020 17:17:11 GMT
      Red Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
    • Ubuntu Security Notice USN-4588-1 Wed, 21 Oct 2020 21:38:19 GMT
      Ubuntu Security Notice 4588-1 - It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.
    • Ubuntu Security Notice USN-4586-1 Wed, 21 Oct 2020 21:38:14 GMT
      Ubuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.
    • Ubuntu Security Notice USN-4587-1 Wed, 21 Oct 2020 21:38:07 GMT
      Ubuntu Security Notice 4587-1 - Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4596-1 Wed, 21 Oct 2020 15:52:39 GMT
      Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-4295-01 Wed, 21 Oct 2020 15:52:31 GMT
      Red Hat Security Advisory 2020-4295-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
    • Red Hat Security Advisory 2020-4264-01 Wed, 21 Oct 2020 15:40:32 GMT
      Red Hat Security Advisory 2020-4264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
    • Ubuntu Security Notice USN-4595-1 Wed, 21 Oct 2020 15:40:07 GMT
      Ubuntu Security Notice 4595-1 - It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code.
    • Ubuntu Security Notice USN-4594-1 Wed, 21 Oct 2020 15:38:42 GMT
      Ubuntu Security Notice 4594-1 - It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service.