NewStart CGSL CORE 5.04 / MAIN 5.04 : evolution-data-server Vulnerability (NS-SA-2020-0075)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has evolution-data-server packages installed that are affected by a vulnerability: - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get...

NewStart CGSL CORE 5.05 / MAIN 5.05 : evolution Vulnerability (NS-SA-2020-0092)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has evolution packages installed that are affected by a vulnerability: - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid...

NewStart CGSL CORE 5.05 / MAIN 5.05 : evolution-data-server Vulnerability (NS-SA-2020-0114)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has evolution-data-server packages installed that are affected by a vulnerability: - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get...

NewStart CGSL CORE 5.05 / MAIN 5.05 : evolution-ews Vulnerability (NS-SA-2020-0086)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has evolution-ews packages installed that are affected by a vulnerability: - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential...

NewStart CGSL CORE 5.04 / MAIN 5.04 : evolution Vulnerability (NS-SA-2020-0062)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has evolution packages installed that are affected by a vulnerability: - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid...

The evolution of MFA authentication technology and what needs to change next

Authentication attacks are big business, and no one is immune from them. In fact, two men were recently arrested and charged in the Twitter employee account compromise that happened in July 2020. Using employee account credentials, the attackers took over several highly visible celebrity Twitter...

Js-X-Ray - JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting th...

RHEL 8 : evolution (RHSA-2020:1600)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1600 advisory. Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The...

How to address inefficiencies of using multiple cybersecurity systems

By Uzair Amir Much has changed in the field of cybersecurity after decades of evolving. Before, having an antivirus was considered adequate. Then came next-generation antivirus. This is a post from HackRead.com Read the original post: How to address inefficiencies of using multiple cybersecurity...

Denial of Service Vulnerability in LTE Digital Cellular Mobile Network MME Devices (CNVD-2020-67628)

LTE digital cellular mobile communication network MME equipment is an important network element of LTE core network, which is responsible for processing signaling. A denial of service vulnerability exists in LTE Digital Cellular Mobile Communications Network MME devices. An attacker can exploit t...

Oracle Linux 8 : evolution (ELSA-2020-4649)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4649 advisory. - Resolves: 1859141 CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3 evolution-mapi Tenable has extracted the preceding description block direct...

Targeted ransomware: it’s not just about encrypting your data!

When we talk about ransomware, we need to draw a line between what it used to be and what it currently is. Why? Because nowadays ransomware is not just about encrypting data – its primarily about data exfiltration. After that, its about data encryption and leaving convincing proof that the attack...

evolution security and bug fix update

bogofilter 1.2.5-2 - Bump version to have OSCI/gating tests rerun with updated tests 1.2.5-1 - Resolves: 1836279 Update to 1.2.5 evolution 3.28.5-14 - Related: 1817143 Add a small patch to behave better with WebKitGTK 2.28 3.28.5-13 - Resolves: 1836165 Cannot type the date of a meeting...

The Evolution of the Qualys Cloud Platform

The global pandemic has upended everything, and in the cyber security world in particular it has highlighted the need for organizations to have a cloud-based security and compliance platform, Qualys President and Chief Product Officer Sumedh Thakar said during his keynote Monday at the virtual QS...

TLS Response Injection

evolution-data-server is vulnerable to TLS response injection. When a server sends a 'begin TLS' response, eds reads additional data and evaluates it in a TLS context, aka "response injection" causing a STARTTLS buffering issue that affects SMTP and POP3...

Corporate Office and Kitchen Table: Securing the Future of Work, Part 1

The future of work is multi-modal, the future corporate office is a private coffee shop with great Wi-Fi, and the future of enterprise security is going to have to adapt rapidly. If there is a sliver of positivity that I can find in this devastating pandemic, it's that we are adapting and finding...

evolution-data-server: Response injection via STARTTLS in SMTP and POP3

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

Low: Red Hat Security Advisory: evolution security and bug fix update

An update for bogofilter, evolution, evolution-data-server, evolution-mapi, and openchange is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 8 : evolution (RHSA-2020:4649)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4649 advisory. Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The...

RLSA-2020:4649 Low: evolution security and bug fix update

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was...