Security Pop Quiz! q490.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber
    securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS
    • Protecting Privacy Using the CIS Controls Privacy Guide Thu, 27 Jan 2022 17:19:23 +0000

      The CIS Controls Privacy Guide provides best practices and guidance for implementing the CIS Critical Security Controls (CIS Controls) while considering the privacy impacts on the workforce, customers, and third-party organizations such as contractors. The Privacy Guide supports the objectives of the CIS Controls by aligning privacy principles and highlighting potential privacy concerns that may […]

      The post Protecting Privacy Using the CIS Controls Privacy Guide appeared first on CIS.

    Malware Patrol SecList
    • MoonBounce: the dark side of UEFI firmware
      At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.
    MySonicWall

    Critical Infrastructure

    Case Studies

    Tools

    Exploits

    Last 20 Website Defacements - Zone-h

    Press Play to hear the answer!

    Advisories

    • Ubuntu Security Notice USN-5247-1 Thu, 27 Jan 2022 14:57:18 GMT
      Ubuntu Security Notice 5247-1 - It was discovered that vim incorrectly handled parsing of filenames in its search functionality. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu 21.10. It was discovered that vim incorrectly handled memory when opening and searching the contents of certain files. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service, or possibly achieve code execution with user privileges. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.10.
    • Gentoo Linux Security Advisory 202201-01 Thu, 27 Jan 2022 14:50:56 GMT
      Gentoo Linux Security Advisory 202201-1 - A vulnerability in polkit could lead to local root privilege escalation. Versions less than 0.120-r2 are affected.
    • SAP Enterprise Portal XSLT Injection Thu, 27 Jan 2022 14:48:35 GMT
      SAP Enterprise Portal with ENGINEAPI versions 7.10, 7.30, 7.31, 7.40, and 7.50 suffers from an XSLT injection vulnerability.
    • Red Hat Security Advisory 2022-0181-05 Thu, 27 Jan 2022 14:47:51 GMT
      Red Hat Security Advisory 2022-0181-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.54. Issues addressed include a code execution vulnerability.
    • SAP CommonCryptoLib Null Pointer Dereference Thu, 27 Jan 2022 14:46:14 GMT
      SAP CommonCryptoLib suffers from a null pointer dereference vulnerability. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error causing the system to crash and remain unavailable.
    • SAP Enterprise Portal Open Redirect Thu, 27 Jan 2022 14:44:33 GMT
      SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from an open redirection vulnerability.
    • Red Hat Security Advisory 2022-0303-02 Thu, 27 Jan 2022 14:43:52 GMT
      Red Hat Security Advisory 2022-0303-02 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2022-0288-02 Thu, 27 Jan 2022 14:41:16 GMT
      Red Hat Security Advisory 2022-0288-02 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a buffer overflow vulnerability.
    • Red Hat Security Advisory 2022-0289-04 Thu, 27 Jan 2022 14:40:52 GMT
      Red Hat Security Advisory 2022-0289-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
    • SAP Enterprise Portal iviewCatcherEditor Server-Side Request Forgery Thu, 27 Jan 2022 14:38:59 GMT
      SAP Enterprise Portal with EP-RUNTIME component versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 suffer from a iviewCatcherEditor server-side request forgery vulnerability.
    • Red Hat Security Advisory 2022-0291-04 Thu, 27 Jan 2022 14:36:31 GMT
      Red Hat Security Advisory 2022-0291-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
    • SAP Enterprise Portal RunContentCreation Cross Site Scripting Thu, 27 Jan 2022 14:34:49 GMT
      SAP Enterprise Portal with EP-RUNTIME component versions 7.30, 7.31, 7.40, and 7.50 suffer from a RunContentCreation cross site scripting vulnerability.
    • Red Hat Security Advisory 2022-0294-04 Thu, 27 Jan 2022 14:32:12 GMT
      Red Hat Security Advisory 2022-0294-04 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
    • SAP Enterprise Portal NavigationReporter Cross Site Scripting Thu, 27 Jan 2022 14:28:54 GMT
      SAP Enterprise Portal with EP-RUNTIME component versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 suffer from a NavigationReporter cross site scripting vulnerability.
    • Red Hat Security Advisory 2022-0290-06 Thu, 27 Jan 2022 14:25:55 GMT
      Red Hat Security Advisory 2022-0290-06 - Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot using the Memory Mapped Value machinery for extremely lightweight instrumentation. Issues addressed include code execution, deserialization, and remote SQL injection vulnerabilities.
    • Red Hat Security Advisory 2022-0296-03 Thu, 27 Jan 2022 14:23:56 GMT
      Red Hat Security Advisory 2022-0296-03 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.12.0 serves as an update to Red Hat Process Automation Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
    • Red Hat Security Advisory 2022-0297-01 Thu, 27 Jan 2022 14:23:31 GMT
      Red Hat Security Advisory 2022-0297-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.12.0 serves as an update to Red Hat Decision Manager 7.11.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution, denial of service, deserialization, and traversal vulnerabilities.
    • Polkit pkexec Local Privilege Escalation Wed, 26 Jan 2022 15:11:49 GMT
      Qualys discovered a local privilege escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution.
    • Ubuntu Security Notice USN-5193-2 Wed, 26 Jan 2022 15:09:34 GMT
      Ubuntu Security Notice 5193-2 - USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
    • Red Hat Security Advisory 2022-0268-03 Wed, 26 Jan 2022 15:08:08 GMT
      Red Hat Security Advisory 2022-0268-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
    • Red Hat Security Advisory 2022-0274-03 Wed, 26 Jan 2022 15:08:01 GMT
      Red Hat Security Advisory 2022-0274-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
    • Red Hat Security Advisory 2022-0273-02 Wed, 26 Jan 2022 15:07:52 GMT
      Red Hat Security Advisory 2022-0273-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
    • Red Hat Security Advisory 2022-0265-03 Wed, 26 Jan 2022 15:07:41 GMT
      Red Hat Security Advisory 2022-0265-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
    • Red Hat Security Advisory 2022-0270-02 Wed, 26 Jan 2022 15:07:34 GMT
      Red Hat Security Advisory 2022-0270-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
    • Red Hat Security Advisory 2022-0272-02 Wed, 26 Jan 2022 15:07:27 GMT
      Red Hat Security Advisory 2022-0272-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.