Managed Defense: The Analytical Mindset

When it comes to cyber security managed services or otherwise, you’re ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an...

Visionary security partners to be honored at the very first Microsoft Security 20/20 event

Microsoft Security 20/20 is nearly here and our team is putting the final touches on what we think will be a memorable event. Microsoft Security 20/20 will put the spotlight on companies and individuals with a clear-eyed view of the security challenges we face and smart solutions to help solve...

A week in security (January 27 – February 2)

Last week on Malwarebytes Labs, we looked at the strengths and weaknesses of the Zero Trust model, gave you the low-down on spear phishing, and took a delve into the world of securing the managed service provider MSP. Other cybersecurity news UN compromised via Sharepoint hack: An extraordinary...

Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup

Cisco Systems released security patches on Wednesday for high-severity vulnerabilities affecting over a half dozen of its small business switches. The flaws allow remote unauthenticated adversaries to access sensitive information and level denial-of-service DoS attacks against affected gear...

CVE-2020-3121

The CVE-2020-3121 issue affects Cisco Small Business Smart and Managed Switches’ web-based management interface, introduced by insufficient validation of user-supplied input. According to connected sources (NVD/CNVD/CVE records and the Cisco advisory), an unauthenticated, remote attacker could lu...

CVE-2020-3121 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient validation of user-suppli...

CVE-2018-5745

An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed b...

Nice Try: 501 (Ransomware) Not Implemented

An Ever-Evolving Threat Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit thi...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1822)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-2453)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Kubernetes: Half-Blind SSRF found in kube/cloud-controller-manager can be upgraded to complete SSRF (fully crafted HTTP requests) in vendor managed k8s service.

Hello, Who we are : We’re two French security researchers and our respective names are Brice Augras and Christophe Hauquiert, we worked and found the vulnerability together. Brice Augras from https://www.groupe-asten.fr/ company - https://hackerone.com/reeverzax Christophe Hauquiert -...

The vulnerability of microprogrammed software in printers such as LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed lies in insufficient data validation, allowing attackers to execute arbitrary codes.

The vulnerability of Microprogrammed Software for printers such as LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed is related to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Cisco Managed Services Accelerator web interface stems from insufficient protection of the WEB pages, allowing attackers to redirect users to arbitrary URL addresses.

The vulnerability of the Cisco Managed Services Accelerator web interface is related to insufficient protection of the WEB pages. Exploiting this vulnerability could allow a malicious actor to redirect users to any arbitrary URL address...

Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie

Summary A remote attacker is able to obtain sensitive information cause by the failure to set the HttpOnly and Secure attribute in the cookie. This allow attacker to intercept the transmission and obtain information from the cookie in clear text Vulnerability Details CVEID: CVE-2019-4214...

EulerOS 2.0 SP3 : bind (EulerOS-SA-2019-2557)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for us...

Unspecified Vulnerability in Ivanti Workspace Control

Ivanti Workspace Control RES One Workspace is a set of workspace control software from Ivanti, USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.3.180.0. A loc...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

Authentication flaw

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

CVE-2019-19675

In Ivanti Workspace Control before 10.3.180.0. a locally authenticated user with low privileges can bypass Managed Application Security by leveraging an unspecified attack vector in Workspace Preferences, when it is enabled. As a result, the attacker can start applications that should be blocked...

Calling Local Windows RPC Servers from .NET

Posted by James Forshaw, Project Zero As much as I enjoy finding security vulnerabilities in Windows, in many ways I prefer the challenge of writing the tools to make it easier for me and others to do the hunting. This blog post gives an overview of using some recent tooling I’ve released as part...