PT-2020-5491 · Openssl +9 · Openssl +9

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.1.1 through 1.1.1h OpenSSL versions 1.0.2 through 1.0.2w Description: The issue is related to the GENERAL NAME cmp function in OpenSSL, which compares different instances of a GENERAL NAME to see if they are equal or not...

Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia

The malvertising-focused trojan known as Shlayer has burbled to the top of the malware heap when it comes to targeting Mac users. It made up 29 percent of all attacks on macOS devices in Kaspersky’s telemetry for 2019, making it the No. 1 Mac malware threat for the year. To spread, it has been...

Stripo Inc: subdomain takeover at status-stage0.stripo.email

The subdomain status-stage0.stripo.email was pointed at uptimerobot.com whereas it was not being used , but having Cname record as stats.uptimerobot.com . Hence anyone can takeover it. I have parked it with an account on uptimerobot.com note : this issue is similar to report but with another...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4605-1 : openjdk-11 - security update

Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

Threat Roundup for January 10 to January 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 10 and Jan. 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

CVE-2019-3686

openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security...

CVE-2019-9493

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain...

CVE-2019-9493

The CVE-2019-9493 vulnerability affects AutoMobility’s MyCar Controls mobile apps, where hard-coded admin credentials in the app could let a remote, unauthenticated attacker issue commands to a target MyCar unit and extract data (potential location disclosure or vehicle access). Affected versions...

[SECURITY] [DSA 4602-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4602-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 13, 2020 https://www.debian.org/security/faq -...

Inspecting TLS Web Traffic - Part 3

In the second part of this blog, I covered how HTTPS web content inspection is provided in Akamai's Enterprise Threat Protector ETP service using ETP proxy. In this final blog post I want to provide information about how Akamai generates, distributes and controls access to private keys including...

Denial of Service Vulnerability in Distribution Terminal PDZ833 of Nanjing Softcore Technology Co.(CNVD-2020-01590)

Nanjing Softcore Technology Co., Ltd. is a company dedicated to the industrialization and promotion of real-time intelligence technology, advanced control and real-time optimization technology, and 3D visualization technology, and mainly provides related products and solutions based on the above...

Denial of Service Vulnerability in Distribution Terminal PDZ833 of Nanjing Softcore Technology Co.(CNVD-2020-01589)

Nanjing Softcore Technology Co., Ltd. is a company dedicated to the industrialization and promotion of real-time intelligence technology, advanced control and real-time optimization technology, and 3D visualization technology, and mainly provides related products and solutions based on the above...

Denial of Service Vulnerability in Distribution Terminal PDZ833 of Nanjing Softcore Technology Co.

Nanjing Softcore Technology Co., Ltd. is a company dedicated to the industrialization and promotion of real-time intelligence technology, advanced control and real-time optimization technology, and 3D visualization technology, and mainly provides related products and solutions based on the above...

Denial-of-service vulnerability exists in PDZ833 of the distribution terminal of Nanjing Softcore Technology Co.

Nanjing Softcore Technology Co., Ltd. is a company dedicated to the industrialization and promotion of real-time intelligence technology, advanced control and real-time optimization technology, and 3D visualization technology, and mainly provides related products and solutions based on the above...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2590)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have...

Debian: Security Advisory (DSA-4585-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Inim SmartLAN Hardcoded Credentials (Telnet)

SmartLAN devices utilize hardcoded credentials within its Linux distribution image. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ransomware response—to pay or not to pay?

The increased connectivity of computers and the growth of Bring Your Own Device BYOD in most organizations is making the distribution of malicious software malware easier. Unlike other types of malicious programs that may usually go undetected for a longer period, a ransomware attack is usually...

[SECURITY] [DSA 4584-1] spamassassin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq -...