Consumerization: a better way to answer cybersecurity challenges

A version of this article originally appeared in Forbes on February 12, 2020. Consumerization: The specific impact that consumer-originated technologies can have on enterprises. Gartner More and more, enterprises are coming to understand that they need to adopt the agile processes and product...

The vulnerability of the Windows device installation dispatcher allows a perpetrator to execute processes with elevated privileges.

The vulnerability of the Windows device management agent is related to errors in file operations. Exploiting this vulnerability allows an attacker to execute processes with elevated privileges using a specially created application...

[SECURITY] Fedora 31 Update: monit-5.26.0-1.fc31

monit is a utility for managing and monitoring, processes, files, directori es and devices on a UNIX system. Monit conducts automatic maintenance and repa ir and can execute meaningful causal actions in error situations...

Default configuration

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

CVE-2019-5149

The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs...

CVE-2019-17549

ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop kill ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack...

Design/Logic Flaw

ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop kill ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack...

CVE-2019-17549

ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop kill ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack...

[SECURITY] Fedora 30 Update: python-psutil-5.6.7-1.fc30

psutil is a module providing an interface for retrieving information on all running processes and system utilization CPU, memory, disks, network, user s in a portable way by using Python, implementing many functionalities offered by command line tools such as: ps, top, df, kill, free, lsof, free,...

Parent PID Spoofing

Monitoring the relationships between parent and child processes is very common technique for threat hunting teams to detect malicious activities. For example if PowerShell is… Continue reading - Parent PID Spoofing...

Design/Logic Flaw

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

UBUNTU-CVE-2019-12528

An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes...

Washington Privacy Act welcomed by corporate and nonprofit actors

The steady parade of US data privacy legislation continued last month in Washington with the introduction of an improved bill that would grant state residents the rights to access, control, delete, and port their data, as well as opting out of data sales. The bill, called the Washington Privacy...

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

Detect Unauthorized Processes Making Changes in Your Environment with Qualys File Integrity Monitoring

With the average cost of a data breach exceeding $3.5 million as per Cost of a Data Breach Report, almost all organizations these days adopt stringent policies in order to safeguard their confidential business and customer information. Strong RBAC-driven systems have certainly made it difficult f...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2019-1462)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ALPINE-CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Indicator of Compromise Scanner for CVE-2019-19781 This repos...

CVE-2019-15625

A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information...

CVE-2019-15625

A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information...