Security Pop Quiz! q272.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS
  • 4 Cyber Defense Tips for Finance Industry CISOs Tue, 17 Sep 2019 12:00:46 +0000

    By Sean Atkinson, Chief Information Security Officer When we think of a sector or industry most prone to cybercriminal activity, the financial sector comes to mind. With growing ransomware exploits and malware threats, financial sector organizations need to implement strict security controls to minimize risk. At the Center for Internet Security (CIS) we see the […]

    The post 4 Cyber Defense Tips for Finance Industry CISOs appeared first on CIS.

Malware Patrol SecList MySonicWall

Critical Infrastructure

Case Studies

Tools

Exploits

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

  • Ubuntu Security Notice USN-4128-2 Wed, 18 Sep 2019 21:22:58 GMT
    Ubuntu Security Notice 4128-2 - It was discovered that the Tomcat 9 SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat 9 did not address HTTP/2 connection window exhaustion on write while addressing CVE-2019-0199. An attacker could possibly use this issue to cause a denial of service.
  • Ubuntu Security Notice USN-4136-2 Wed, 18 Sep 2019 21:22:51 GMT
    Ubuntu Security Notice 4136-2 - USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service.
  • Ubuntu Security Notice USN-4136-1 Wed, 18 Sep 2019 21:22:46 GMT
    Ubuntu Security Notice 4136-1 - It was discovered that wpa_supplicant incorrectly handled certain management frames. An attacker could possibly use this issue to cause a denial of service.
  • Ubuntu Security Notice USN-4135-1 Wed, 18 Sep 2019 21:22:40 GMT
    Ubuntu Security Notice 4135-1 - Peter Pi discovered a buffer overflow in the virtio network backend implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4135-2 Wed, 18 Sep 2019 21:22:34 GMT
    Ubuntu Security Notice 4135-2 - Peter Pi discovered a buffer overflow in the virtio network backend implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service or possibly execute arbitrary code in the host OS. It was discovered that the Linux kernel on PowerPC architectures did not properly handle Facility Unavailable exceptions in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-2791-01 Tue, 17 Sep 2019 20:58:39 GMT
    Red Hat Security Advisory 2019-2791-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift-enterprise-console-operator container image for Red Hat OpenShift Container Platform 4.1.16.
  • Red Hat Security Advisory 2019-2792-01 Tue, 17 Sep 2019 20:58:29 GMT
    Red Hat Security Advisory 2019-2792-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift-enterprise-container container image for Red Hat OpenShift Container Platform 4.1.16. Issues addressed include a cross site request forgery vulnerability.
  • Red Hat Security Advisory 2019-2775-01 Tue, 17 Sep 2019 20:58:22 GMT
    Red Hat Security Advisory 2019-2775-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.
  • Red Hat Security Advisory 2019-2780-01 Tue, 17 Sep 2019 20:57:40 GMT
    Red Hat Security Advisory 2019-2780-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. A TLS man-in-the-middle vulnerability was addressed.
  • Ubuntu Security Notice USN-4113-2 Tue, 17 Sep 2019 16:48:23 GMT
    Ubuntu Security Notice 4113-2 - USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. Various other issues were also addressed.
  • Red Hat Security Advisory 2019-2804-01 Tue, 17 Sep 2019 16:47:39 GMT
    Red Hat Security Advisory 2019-2804-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include code execution, cross site request forgery, and deserialization vulnerabilities.
  • Debian Security Advisory 4524-1 Tue, 17 Sep 2019 16:47:28 GMT
    Debian Linux Security Advisory 4524-1 - Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons.
  • Slackware Security Advisory - expat Updates Tue, 17 Sep 2019 16:47:22 GMT
    Slackware Security Advisory - New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
  • Red Hat Security Advisory 2019-2779-01 Tue, 17 Sep 2019 16:46:38 GMT
    Red Hat Security Advisory 2019-2779-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. A TLS man-in-the-middle vulnerability was addressed.
  • Red Hat Security Advisory 2019-2778-01 Tue, 17 Sep 2019 16:45:52 GMT
    Red Hat Security Advisory 2019-2778-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. A TLS man-in-the-middle vulnerability was addressed.
  • Red Hat Security Advisory 2019-2777-01 Tue, 17 Sep 2019 16:45:02 GMT
    Red Hat Security Advisory 2019-2777-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. A TLS man-in-the-middle vulnerability was addressed.
  • Ubuntu Security Notice USN-4124-2 Mon, 16 Sep 2019 16:00:28 GMT
    Ubuntu Security Notice 4124-2 - USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Exim incorrectly handled certain decoding operations. A remote attacker could possibly use this issue to execute arbitrary commands. Various other issues were also addressed.
  • Debian Security Advisory 4523-1 Mon, 16 Sep 2019 16:00:11 GMT
    Debian Linux Security Advisory 4523-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.
  • Red Hat Security Advisory 2019-2774-01 Mon, 16 Sep 2019 15:56:49 GMT
    Red Hat Security Advisory 2019-2774-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Issues addressed include cross site scripting and use-after-free vulnerabilities.
  • Ubuntu Security Notice USN-4134-1 Mon, 16 Sep 2019 15:56:34 GMT
    Ubuntu Security Notice 4134-1 - Simon McVittie discovered that IBus did not enforce appropriate access controls on its private D-Bus socket. A local unprivileged user who discovers the IBus socket address of another user could exploit this to capture the key strokes of the other user.
  • Ubuntu Security Notice USN-4133-1 Mon, 16 Sep 2019 15:53:09 GMT
    Ubuntu Security Notice 4133-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
  • Debian Security Advisory 4522-1 Mon, 16 Sep 2019 15:52:44 GMT
    Debian Linux Security Advisory 4522-1 - Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced Audio Coder. These vulnerabilities might allow remote attackers to cause denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC files are processed.
  • Ubuntu Security Notice USN-4129-2 Thu, 12 Sep 2019 20:42:18 GMT
    Ubuntu Security Notice 4129-2 - USN-4129-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Thomas Vegas discovered that curl incorrectly handled memory during TFTP transfers. A remote attacker could use this issue to crash curl, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4132-2 Thu, 12 Sep 2019 20:42:12 GMT
    Ubuntu Security Notice 4132-2 - USN-4132-1 fixed a vulnerability in Expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
  • Ubuntu Security Notice USN-4132-1 Thu, 12 Sep 2019 20:42:05 GMT
    Ubuntu Security Notice 4132-1 - It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.