CVE-2021-29937

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

Memory corruption

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

CVE-2021-29937

CVE-2021-29937 affects the Rust telemetry crate (through 2021-02-17). The issue is a drop of uninitialized memory if a value.clone() panics inside misc::vec_with_size(), as described across multiple sources (e.g., Red Hat, OSV, GHSA). The vulnerability details consistently identify the root cause...

CVE-2021-29937

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone call panics within misc::vecwithsize...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in telemetry crate for Rust 2021-02-17 and earlier versions, which stems from the loss of uninitialized memory if panics is called using misc::vecwithsize. No details of the...

Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out

Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt out of sharing telemetry data – they do anyway. “Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” wrote researcher Douglas...

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43%...

MDR Vendor Must-Haves, Part 1: Deep Observation of Real-Time Endpoint Data

This blog post is part of an ongoing series about evaluating Managed Detection and Response MDR providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.” Assessing Managed Detection and Response MDR vendors is no easy task. However, evaluating each based on...

XDR: Up-Leveling Security Integration

A single source of attack telemetry just won’t cut it anymore. See why IDC analyst Michael Suby believes that an XDR platform is a must-have for securing your enterprise...

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...

atomic_cell (=0.1.0) potentially affected by CVE-2021-29937 via telemetry (=0.1.3)

telemetry CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on telemetry and may be impacted: - atomiccell =0.1.0 Source cves: CVE-2021-29937 Source advisory: OSV:RUSTSEC-2021-0046...

Racom 路径遍历漏洞

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A directory traversal vulnerability exists in RACOM M!DGE firmware version 4.4.40.105. An attacker could exploit this vulnerability t...

Racom 跨站脚本漏洞

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A cross-site scripting vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabilit...

Racom 安全漏洞

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. An OS command injection vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabili...

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 +1 more via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...

What’s New in InsightIDR: Q4 2020 in Review

Throughout the year, we’ve provided roundups of what’s new in InsightIDR, our cloud-based SIEM tool see the H1 recap post, and our most recent Q3 2020 recap post. As we near the end of 2020, we wanted to offer a closer look at some of the recent updates and releases in InsightIDR from Q4 2020...

eslint-plugin-mozilla (>=2.7.0 <=2.9.2), gatsby (>=2.24.6-telemetry-test.19 <=2.24.6-telemetry-test.20) +3 more potentially affected by CVE-2020-28448 via multi-ini (=2.1.0)

multi-ini NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on multi-ini and may be impacted: - eslint-plugin-mozilla =2.7.0, =2.24.6-telemetry-test.19, =2.12.64-telemetry-test.19, =0.1.54-telemetry-test.19, =1.3.21-telemetry-test.19,...

thunderbird security update

78.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.4.0-1 - Update to 78.4.0 build1 - Disabled telemetry 78.3.1-1 - Update to 78.3.1 build1...

thunderbird security update

78.4.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.4.0-1 - Update to 78.4.0 build1 - Disabled telemetry 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot ship it in RHEL 78.2.1-1 -...

EDR Solutions Require Comprehensive Telemetry to Fend Off Multi-Vector Attacks

Endpoint devices are under increasingly aggressive and sophisticated attacks, so protecting them effectively from cyber criminals has become a thorny and vexing challenge as the threat landscape expands. It doesn’t help that endpoint protection today fluctuates between two strategies that are...