An Inside Look at CISA’s Supply Chain Task Force

When one mentions supply chains these days, we tend to think of microchips from China causing delays in automobile manufacturing or toilet paper disappearing from store shelves. Sure, there are some chips in the communications infrastructure, but the cyber supply chain is mostly about virtual...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2036888 Security Fixes: kernel: improper initialization of the "flags" member of the new pipebuffer CVE-2022-0847 kernel: U...

Akamai Wins Brandon Hall Award for Best Learning Technology

The Technical Enablement and Education team, part of Akamai’s Global Services organization, has won a coveted Brandon Hall Group silver medal for “Excellence in Technology,” for their automatic hands-on Lab Validation System LVS. The automatic LVS is used throughout Global Service training course...

Siemens SIMATIC Improper Certificate Validation (CVE-2012-3037)

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate. This plugin only works with Tenable.ot. Plea...

Get Lifetime Access to Cybersecurity Certification Prep Courses

You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many...

PECB Certified Lead Ethical Hacker: Take Your Career to the Next Level

Cybercrime is increasing exponentially and presents devastating risks for most organizations. According to Cybercrime Magazine, global cybercrime damage is predicted to hit $10.5 trillion annually as of 2025. One of the more recent and increasingly popular forms of tackling such issues by...

Certification body rebrands to Coalfire Certification

Were excited about our new name. It reflects what we do and where we are headed. We share this excitement with our clients and our teams and extend thanks to everyone that helped push the certification body to this level of framework coverage as Coalfire Certification enters this next period of...

CVE-2020-7882

Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charactersie. '../../../'...

Path traversal

Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charactersie. '../../../'...

CVE-2020-7882 anySign directory traversal vulnerability

Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal charactersie. '../../../'...

CVE-2020-7882

CVE-2020-7882 involves a path traversal in the getPFXFolderList parameter that can expose authorization certificate information and allow file deletion. Concrete details across connected sources confirm the vulnerability, including affected behavior and impact indicators (high confidentiality/int...

PT-2021-7397 · Pgbouncer +3 · Pgbouncer +3

Name of the Vulnerable Software and Affected Versions: PgBouncer versions prior to 1.16.1 Description: The issue is related to the handling of initial message request data in PgBouncer, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a...

Account Persistence – Certificates

It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities users, computers etc. or utilize it for… Continue reading - Account Persistence - Certificates...

Account Persistence – Certificates

It is not uncommon organizations to implement an internal certification authority in order to establish trust between entities users, computers etc. or utilize it for… Continue reading - Account Persistence - Certificates...

OpenSSL: ECDSA Private Key Leak (CVE-2011-1945) - Linux

OpenSSL leaks ECDSA private key through a remote timing attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

How to prepare for CMMC compliance as a defense industrial base supplier using the Microsoft cloud

In 2020, the US Department of Defense DoD began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base DIB. This new Cybersecurity Maturity Model Certification1 CMMC system requires regular audits that will bolster the security of the DIB,...

Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses

Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers. Sounds like an exciting career, right? If the comic-book comparisons aren't working for you, perhaps some figures will. According to ZipRecruiter, the average...

kernel security, bug fix, and enhancement update

4.18.0-305.12.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

A week in security (July 26 – August 1)

Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...