CVE-2021-2031 vulnerabilities

Vulnerabilities for packages: mysql...

Russia’s SolarWinds Attack and Software Security

The information that is emerging about Russias extensive cyberintelligence operation against the United States and other countries should be increasingly alarming to the public. The magnitude of the hacking, now believed to have affected more than 250 federal agencies and businesses -- ­primarily...

Insider Threats: What Are They, Really?

What an insider threat really is The idea of an “insider threat” sounds like some sort of double agent hiding away in a cubicle—someone hired to steal company secrets and take you down. That sounds pretty exciting, but it’s not very accurate. When we talk about insider threats, in reality, we’re...

Code42 Incydr Series: Why Most Companies Can’t Stop Departing Employee Data Theft

Here’s the single clearest sign of insider risk: an employee’s resignation letter. A 2019 study found that 72% of employees take company data when they leave, according to Infosecurity Magazine. Fortunately, you don’t need fancy technology to figure out who these risky users are — they tell you!...

The TLS 1.2 Deadline is Looming, Do You Have Your Act Together?

In the pantheon of security configuration duties for organizations running internet assets, maintaining the latest TLS encryption protocols to keep the cryptographic apparatus at full strength is one of the most fundamental. TLS provides cover for the most sensitive personal and financial...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications. The bug CVE-2019-15126 stems from the use of an all-zero encryption key in chips made by...

Report to Your Management with the Definitive ‘IR Management and Reporting’ presentation Template

The realistic approach to security is that incidents occur. While ideally, the CISO would want to prevent all of them, in practice some will succeed to a certain degree—making the ability to efficiently manage an incident response process a mandatory skill for any CISO. Moreover, apart from the...

CVE-2011-4931

gpw generates shorter passwords than required...

Adobe Acrobat and Reader Security Bypass (APSB19-49: CVE-2019-8226)

A security bypass vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...

Imperva Security Update

Hi everyone, Please find below a detailed update on the security incident from Kunal Anand, our Chief Technology Officer. From the moment we discovered this incident, we established and have held ourselves to the following key principles: To do the right thing for all of our constituents, To be...

CVE-2019-2786

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

Fails and Fixes with IoT

After nearly 6 years of tearing apart 'internet of things' devices, here's a look at the high level fails that we keep seeing. We're not going to go in to point issues such as Wi-Fi credential leakage and Bluetooth compromise: our blog is littered with those! What are the root issues and what can...

Microsoft Internet Explorer Security Feature Bypass (CVE-2019-0768)

A security bypass vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...

Microsoft Edge Security Feature Bypass (CVE-2019-0612)

A security bypass vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability would allow remote attackers to bypass security tests and protocols on the affected system...

Linux.org Redirected to NSFW Page Spewing Racial Epithets

The Linux organization said late Friday that its main domain, Linux.org, was hacked and defaced in a DNS hijacking incident. The group said that someone was able to compromise the registrar account for the domain and point its DNS to another server — as well as lock administrators out from changi...

SSL Insecure Protocols

The remote server offers insecure SSL protocol version which can lead to vulnerability exploitation. No source data...

Travel Breaches Hit Air Canada and Asia-Pac Hotelier

It’s been a busy week on the data breach front. First, Air Canada said that a breach of around 20,000 mobile app users had exposed passport information. At the same time, millions have been affected by an information heist targeting a Chinese hotel group with 3,500 properties across the...

Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities

Most manufacturers have connected their operational technology – including industrial control systems and robotic equipment –to the internet, yet the lack of basic security protocols leave these companies open to cyberattacks. Industrial security company Malcrawler pinpointed these dangers at...

Moderate: Red Hat Bug Fix Advisory: openssl bug fix and enhancement update

An update for openssl is now available for Red Hat Enterprise Linux 7. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. For detailed information on changes in this release...