Security Pop Quiz! q417.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS
  • CIS Controls v8 at (Virtual) RSA Conference 2021! Tue, 04 May 2021 20:13:57 +0000

    The Center for Internet Security (CIS) is excited to be part of RSA Conference 2021 – the world’s leading information security conference and exposition. In fact, we’ll be launching CIS Controls Version 8 during the conference, and there are many opportunities to learn more about the updates. Due to the ongoing pandemic, this year’s RSA […]

    The post CIS Controls v8 at (Virtual) RSA Conference 2021! appeared first on CIS.

Malware Patrol SecList
  • Spam and phishing in Q1 2021
    In terms of spam and phishing, in Q1 2021, we largely saw a continuation of the 2020 trends: exploitation of COVID-19 theme, hunting corporate account credentials and spoofing of online store websites.
MySonicWall

Critical Infrastructure

Case Studies

Tools

Exploits

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

  • Red Hat Security Advisory 2021-1509-01 Thu, 06 May 2021 01:15:36 GMT
    Red Hat Security Advisory 2021-1509-01 - Jetty is a 100% Java HTTP Server and Servlet Container. Issues addressed include a resource exhaustion vulnerability.
  • Red Hat Security Advisory 2021-1429-01 Thu, 06 May 2021 01:15:29 GMT
    Red Hat Security Advisory 2021-1429-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include an XML injection vulnerability.
  • Red Hat Security Advisory 2021-1499-01 Thu, 06 May 2021 01:15:18 GMT
    Red Hat Security Advisory 2021-1499-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include code execution and denial of service vulnerabilities.
  • Red Hat Security Advisory 2021-1366-01 Thu, 06 May 2021 01:14:39 GMT
    Red Hat Security Advisory 2021-1366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.9. Issues addressed include a denial of service vulnerability.
  • Gentoo Linux Security Advisory 202105-01 Thu, 06 May 2021 01:14:30 GMT
    Gentoo Linux Security Advisory 202105-1 - Multiple vulnerabilities have been found in Exim, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.94.2 are affected.
  • Ubuntu Security Notice USN-4935-1 Tue, 04 May 2021 19:16:18 GMT
    Ubuntu Security Notice 4935-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed access control. A local attacker could use this issue to cause a denial of service, expose sensitive information, or escalate privileges. It was discovered that the NVIDIA GPU display driver for the Linux kernel incorrectly performed reference counting. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.
  • Apple Security Advisory 2021-05-03-3 Tue, 04 May 2021 19:16:10 GMT
    Apple Security Advisory 2021-05-03-3 - watchOS 7.4.1 addresses a code execution vulnerability.
  • Apple Security Advisory 2021-05-03-4 Tue, 04 May 2021 16:23:57 GMT
    Apple Security Advisory 2021-05-03-4 - macOS Big Sur 11.3.1 addresses code execution and integer overflow vulnerabilities.
  • Apple Security Advisory 2021-05-03-1 Tue, 04 May 2021 16:23:46 GMT
    Apple Security Advisory 2021-05-03-1 - iOS 14.5.1 and iPadOS 14.5.1 addresses code execution and integer overflow vulnerabilities.
  • Apple Security Advisory 2021-05-03-2 Tue, 04 May 2021 16:23:31 GMT
    Apple Security Advisory 2021-05-03-2 - iOS 12.5.3 addresses buffer overflow, code execution, integer overflow, and use-after-free vulnerabilities.
  • Ubuntu Security Notice USN-4934-1 Tue, 04 May 2021 16:23:23 GMT
    Ubuntu Security Notice 4934-1 - It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code remotely, obtain sensitive information, or escalate local privileges.
  • Ubuntu Security Notice USN-4932-1 Tue, 04 May 2021 16:23:12 GMT
    Ubuntu Security Notice 4932-1 - It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.
  • Ubuntu Security Notice USN-4933-1 Tue, 04 May 2021 16:21:27 GMT
    Ubuntu Security Notice 4933-1 - It was discovered that OpenVPN incorrectly handled certain data channel v2 packets. A remote attacker could possibly use this issue to inject packets using a victim's peer-id. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that OpenVPN incorrectly handled deferred authentication. When a server is configured to use deferred authentication, a remote attacker could possibly use this issue to bypass authentication and access control channel data. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4918-3 Tue, 04 May 2021 16:21:20 GMT
    Ubuntu Security Notice 4918-3 - USN-4918-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan in some situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled parsing Excel documents. A remote attacker could possibly use this issue to cause ClamAV to hang, resulting in a denial of service. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4931-1 Tue, 04 May 2021 16:21:11 GMT
    Ubuntu Security Notice 4931-1 - Steven French discovered that Samba incorrectly handled ChangeNotify permissions. A remote attacker could possibly use this issue to obtain file name information. Bas Alberts discovered that Samba incorrectly handled certain winbind requests. A remote attacker could possibly use this issue to cause winbind to crash, resulting in a denial of service. Francis Brosnan Blázquez discovered that Samba incorrectly handled certain invalid DNS records. A remote attacker could possibly use this issue to cause the DNS server to crash, resulting in a denial of service. Various other issues were also addressed.
  • Kernel Live Patch Security Notice LSN-0076-1 Mon, 03 May 2021 20:47:52 GMT
    It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
  • Red Hat Security Advisory 2021-1478-01 Mon, 03 May 2021 20:26:27 GMT
    Red Hat Security Advisory 2021-1478-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
  • Red Hat Security Advisory 2021-1477-01 Mon, 03 May 2021 20:26:19 GMT
    Red Hat Security Advisory 2021-1477-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
  • Red Hat Security Advisory 2021-1479-01 Mon, 03 May 2021 20:26:11 GMT
    Red Hat Security Advisory 2021-1479-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
  • Red Hat Security Advisory 2021-1475-01 Mon, 03 May 2021 20:26:04 GMT
    Red Hat Security Advisory 2021-1475-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
  • Red Hat Security Advisory 2021-1476-01 Mon, 03 May 2021 20:25:55 GMT
    Red Hat Security Advisory 2021-1476-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
  • Gentoo Linux Security Advisory 202104-10 Mon, 03 May 2021 20:25:46 GMT
    Gentoo Linux Security Advisory 202104-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 88.0 are affected.
  • Gentoo Linux Security Advisory 202104-09 Mon, 03 May 2021 20:25:39 GMT
    Gentoo Linux Security Advisory 202104-9 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.10.0 are affected.
  • Gentoo Linux Security Advisory 202104-08 Mon, 03 May 2021 20:25:29 GMT
    Gentoo Linux Security Advisory 202104-8 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 90.0.4430.93 are affected.
  • Gentoo Linux Security Advisory 202104-07 Mon, 03 May 2021 20:25:20 GMT
    Gentoo Linux Security Advisory 202104-7 - A vulnerability in ClamAV could lead to a Denial of Service condition. Versions less than 0.103.2 are affected.