“Ready Player One” – Are you Ready to Protect Your Endpoints from the Bad Guys?

At times it can feel like a game as you watch the cyber-breach scorecards. Yahoo 3 billion users, Equifax 143 million consumers, Uber 57 million users, Imgur 1.7 million users are just a sample of the companies that have released new information on large breaches in the last few months...

Keyexchange error on Linux managed server after updating the kernel

Challenge Steps to correct Keyexchange errors on newly updated Linux managed server Cause Veeam SSH client caches both the Key and the encryption method. If the Linux kernel depreciates an encryption method when the kernel updates, connections to the managed server may fail with error such as...

CVE-2017-16836

Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...

CVE-2017-16836

Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...

Popular ‘Circle with Disney’ Parental Control System Riddled With 23 Vulnerabilities

The makers of the popular parental control system called Circle with Disney patched 23 vulnerabilities over the weekend. The bugs ran the gamut from memory corruption and denial of service, to SSL validation vulnerabilities and impact all devices managed on a network. Circle with Disney is a $90...

Code injection

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp...

CVE-2015-5164

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp...

CVE-2017-5531

Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative contro...

Buffer overflow

Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative contro...

CVE-2017-5531

Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative contro...

CVE-2017-5531

Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative contro...

Cisco Small Business 500 Series Stackable Managed Switches Detection (SNMP)

This script performs SNMP based detection of Cisco Small Business 500 Series Stackable Managed Switches. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2017-6720

A vulnerability in the Secure Shell SSH subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service DoS condition. The vulnerability is due to improper processing of SSH...

CVE-2017-6720

A vulnerability in the Secure Shell SSH subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service DoS condition. The vulnerability is due to improper processing of SSH...

CVE-2017-6720

The CVE-2017-6720 issue affects Cisco Small Business Managed Switches (300, 500, 350, 350X, 550X series and ESW2 line) where the SSH subsystem mishandles SSH messages, allowing an authenticated remote attacker to trigger a reload and cause a DoS. Root cause: improper processing of SSH connections...

Cisco Small Business Managed Switches Denial of Service Vulnerability

Cisco Small Business 300 Series Managed Switches and so on are the switch equipment of the American Cisco Cisco company. the Secure Shell SSH subsystem is one of the data encryption transmission subsystems. A denial of service vulnerability exists in the SSH subsystem in several Cisco products,...

Cisco Small Business Managed Switches Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service DoS condition. The vulnerability is due to improper processing of SSH...

Akamai Prioritizes People Safety and Continuity of Service during Hurricane Irma

Written by Mani Sundaram, SVP Global Services & Support; Francis Trentley, VP Security Services & Support; Roger Barrango, Director Global Security Operations. Hurricane Irma affected millions this week. As always here at Akamai, taking care of people comes first, and the wellbeing of our team wa...

September 12, 2017—KB4038783 (OS Build 10586.1106)

September 12, 2017—KB4038783 OS Build 10586.1106 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updates to Internet Explorer 11’s navigation bar with search box. Addressed issue in Intern...

Choose Your Own Infosec Adventure

I often reflect on how difficult choices in our industry can be. Do we invest more in prevention, detection or response? Do we automate or add more staff? Do we use a managed service or keep it in house? These represent some of the strategic decisions defenders are faced with on a yearly basis...