Default credentials

Jfrog Artifactory uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0...

CVE-2019-17444 JFrog Artifactory does not enforce default admin password change

Jfrog Artifactory uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0...

CVE-2020-15061

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values...

Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach

The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...

CVE-2020-2034

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if...

TAU Threat Discovery: Conti Ransomware

Conti is a new family of ransomware observed in the wild by the Carbon Black Threat Analysis Unit TAU. Unlike most ransomware, Conti contains unique features that separate it in terms of performance and focus on network-based targets. Conti uses a large number of independent threads to perform...

Authentication flaw

When Security Assertion Markup Language SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...

CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication

When Security Assertion Markup Language SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...

PAN-OS: Authentication Bypass in SAML Authentication

When Security Assertion Markup Language SAML authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...

CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication

When Security Assertion Markup Language SAML authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...

IndigoDrop spreads via military-themed lures to deliver Cobalt Strike

By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes military-themed malicious Microsoft Office documents maldocs to spread Cobalt Strike beacons containing full-fledged RAT capabilities. These maldocs use malicious macros to deliver a multistage and highly modular...

CVE-2020-14301

An information disclosure vulnerability was found in libvirt. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw could allow a malicious user with a read-only connection to access potentially sensitive information in the domain configuration...

Huawei FusionAccess Input Validation Error Vulnerability

Huawei FusionAccess is a virtual desktop application based on Huawei Cloud Platform from Huawei China. An input validation error vulnerability exists in Huawei FusionAccess versions prior to 6.5.1.SPC002, which stems from insufficient validation of specific input by the program. An attacker can...

Upgraded Aggah malspam campaign delivers multiple RATs

By Asheer Malhotra Cisco Talos has observed an upgraded version of a malspam campaign known to distribute multiple remote access trojans RATs.The infection chain utilized in the attacks is highly modularized.The attackers utilize publicly available infrastructure such as Bitly and Pastebin spread...

CVE-2020-2853

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation

A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card LFC allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS...

Design/Logic Flaw

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passwordless ftp ssh user. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

Key Findings from the 2020 Cyberthreat Defense Report

The new 2020 Cyberthreat Defense Report CDR released this week. Now in its seventh year, the annual report provides a look at how global cybersecurity professionals perceive threats and plan to defend against them. The CDR enables cybersecurity professionals to benchmark their company’s security...

Cisco IOS Software Network-Based Application Recognition Denial of Service Vulnerabilities

According to its self-reported version, Cisco IOS Software is affected by following multiple vulnerabilities - Multiple vulnerabilities in the Network-Based Application Recognition NBAR feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to caus...

Open redirect

An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request...