5470 matches found
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
This blog post was authored by Hossein Jazi and Jérôme Segura On June 10, we found a malicious Word document disguised as a resume that uses template injection to drop a .Net Loader. This is the first part of a multi-stage attack that we believe is associated to an APT attack. In the last stage,...
Debian: Security Advisory (DLA-2247-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2020-0258 Updated libreoffice packages fix security vulnerability
This update increase Libreoffice to version 6.4.4.2 It fixes Security issues and add kf5 support. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If...
Updated libreoffice packages fix security vulnerability
This update increase Libreoffice to version 6.4.4.2 It fixes Security issues and add kf5 support. If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If...
[SECURITY] [DLA 2247-1] thunderbird security update
Package : thunderbird Version : 1:68.9.0-1deb8u2 CVE ID : CVE-2020-12398 CVE-2020-12399 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410 Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the...
CVE-2020-3929 GeoVision Door Access Control Device - Shared cryptographic keys
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages...
Debian DSA-4702-1 : thunderbird - security update
Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Debian: Security Advisory (DSA-4702-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4702-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4702-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 11, 2020 https://www.debian.org/security/faq -...
OPENSUSE-SU-2020:0786-1 Security update for libreoffice
This update for libreoffice to 6.4.4.2 fixes the following issues: Security issue fixed: - CVE-2020-12801: Fixed an issue with encrypted MSOffice documents that could be accidentally saved unencrypted bsc1171997. Non-security issues fixed: - Elements on title page mixed up bsc1160687. - Image...
SUSE-SU-2020:1530-1 Security update for libreoffice
This update for libreoffice to 6.4.4.2 fixes the following issues: Security issue fixed: - CVE-2020-12801: Fixed an issue with encrypted MSOffice documents that could be accidentally saved unencrypted bsc1171997. Non-security issues fixed: - Elements on title page mixed up bsc1160687. - Image...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
Code injection
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
CVE-2020-2198
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...
Cycldek: Bridging the (air) gap
Key findings While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into it...
CVE-2020-3645
Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...
CVE-2020-3645
Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...
CVE-2020-3645
CVE-2020-3645 affects Qualcomm/Qualcomm-based WLAN firmware used across Snapdragon Compute, Connectivity, Consumer Electronics Connectivity, Consumer IoT, Industrial IoT, Mobile, and related SoCs (e.g., IPQ6018, IPQ8074, Kamorta, Nicobar, QCA63xx, QCN7xxx, SC7xxx, SDM8xx, SXR1x0, etc.). The vulne...
Joomla Resources Directory (JRD) Portal Suffers Data Breach
Joomla, one of the most popular Open-source content management systems CMS, last week announced a new data breach impacting 2,700 users who have an account with its resources directory JRD website, i.e., resources.joomla.org. The breach exposed affected users' personal information, such as full...
Home Chef Serves Up Data Breach for 8 Million Records
Mail-order meal kits have become even more popular as the coronavirus pandemic has kept people home and cooking on a regular basis. Unfortunately, one of these, the popular Kroger’s Home Chef service, recently served up a side of data breach along with its perfectly measured ingredients. Accordin...