CVE-2020-8602

A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution...

CVE-2020-15601

If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this...

CVE-2020-8602

CVE-2020-8602 affects Trend Micro Deep Security 10.0–12.0 and Trend Micro Vulnerability Protection 2.0 SP2. The issue is in the management consoles where an authenticated attacker with full control privileges can bypass file integrity checks, leading to remote code execution. The NVD entry lists ...

CVE-2020-15601

Summary: CVE-2020-15601 concerns an LDAP authentication bypass in Trend Micro Deep Security Manager (versions 10.x–12.x). When LDAP authentication is enabled, an unauthenticated attacker with prior knowledge of the targeted organization could bypass manager authentication. The vulnerability is mi...

Trend Micro Deep Security Manager Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Deep Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Deep Security Manager console. The issue results from the lack of...

Prototype Pollution

Overview deep-get-set is a Set and get values on objects via dot-notation strings. Affected versions of this package are vulnerable to Prototype Pollution via the main function. POC: const deep = require'deep-get-set'; deep, 'proto', 'polluted', true; console.logpolluted; Details Prototype...

Trend Micro™ Deep Security™ 20 is Here

Chuck Losh, Solutions Architect, takes us through the deployment of Trend Micro™ Deep Security™ 20 software in Microsoft® Azure® and runs through how to connect the database element to the Azure SQL Database...

Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity

Most of us know ‘Improv’ through film, theatre, music or even live comedy. It may surprise you to learn that the skills required for improvisational performance art, can also make you a good hacker? In cybersecurity, while quite a bit of focus is on the technology that our adversaries use, we mus...

OkCupid Dating App Flaws Could've Let Hackers Read Your Private Messages

Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts. According to a report shared with The Hacker...

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as across domains, machine learning...

keycloak: missing input validation in IDP authorization URLs

A flaw was found in Keycloak, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients...

Cisco SD-WAN vEdge 5000 Series Routers and SD-WAN vEdge Cloud Router Denial of Service Vulnerability

Cisco SD-WAN vEdge 5000 Series Routers are Cisco's SD-WAN solution routing devices. A denial-of-service vulnerability in the deep packet inspection DPI engine in Cisco SD-WAN vEdge 5000 Series Routers and SD-WAN vEdge Cloud Router, which stems from the program's failure to properly handle FTP...

Cisco SD-WAN vEdge 5000 Series Routers and SD-WAN vEdge Cloud Routers Denial of Service Vulnerability

Cisco SD-WAN vEdge 5000 Series Routers are Cisco's SD-WAN solution routing devices. A denial-of-service vulnerability exists in the deep packet inspection DPI engine in Cisco SD-WAN vEdge 5000 Series Routers and SD-WAN vEdge Cloud Routers, which stems from the program's failure to adequately hand...

CVE-2020-3385

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could...

CVE-2020-3369

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this...

Design/Logic Flaw

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this...

Design/Logic Flaw

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could...

CVE-2020-3385 Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could...

CVE-2020-3385 Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could...

Cisco SD-WAN vEdge Routers Denial of Service Vulnerability

A vulnerability in the deep packet inspection DPI engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could...