K00374275: Apache Traffic Server vulnerability CVE-2021-43082
Apache Traffic Server vulnerability CVE-2021-43082 Security Advisory Security Advisory Description Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats ...
Hitachi Energy RTU500 OpenLDAP
This advisory contains mitigations for Type Confusion, and Reachable Assertion vulnerabilities in Hitachi Energy RTU500 OpenLDAP firmware.
Hitachi Energy XMC20 and FOX61x
This advisory contains mitigations for Weak Password Requirements, and Missing Handler vulnerabilities in Hitachi Energy XMC20 and FOX61x multi-service network elements.
FANUC Robot Controllers
This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC Robot Controllers that was posted to the HSIN ICS library on August 31, 2021. This advisory contains mitigations for Integer Coercion Error, and Out-of-bounds Write vulnerabilities in...
K23153696: Apache HTTPD vulnerability CVE-2020-1927
Apache HTTPD vulnerability CVE-2020-1927 Security Advisory Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self- ...
K12705583: OpenSSH vulnerability CVE-2021-41617
OpenSSH vulnerability CVE-2021-41617 Security Advisory Security Advisory Description sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege ...
Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following:
Execute code on the affected device or cause it to reload unexpectedly
Cause LLDP database...
Gravatar – 113,990,759 breached accounts
In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing globally unique avatars . The scraped data included 167 million names, usernames and MD5 hashes of email addresses...
K50839343: NGINX ModSecurity WAF vulnerability CVE-2021-42717
NGINX ModSecurity WAF vulnerability CVE-2021-42717 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it ...
TigerRAT – Advanced Adversaries on the Prowl
Summary
On September 5th, 2021, the Korea Internet & Security Agency (KISA) released a report on a new threat they dubbed TigerRAT. The newly found malware shares similarities with malware previously reported by Kaspersky and Malwarebytes. Kaspersky has previously attributed...
Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021
On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases.
For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section of the Apache HTTP Server 2.4...
Schneider Electric SESU
This advisory contains mitigations for an Insufficient Entropy vulnerability in the Schneider Electric Software Update.
Johnson Controls Entrapass
This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Johnson Controls Entrapass security management software.
Cybersecurity: Organizations face key obstacles in adopting zero trust
Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.
5 Tips to Stay on the Offensive and Safeguard Your Attack Surface
New, global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
Google disrupts major malware distribution network Glupteba
Working with several internet infrastructure and hosting providers, including Cloudflare, Google disrupted the operation of an aggressive Windows botnet known as Glupteba that was being distributed through fake ads. It also served itself as a distribution network for additional...
Private Equity Firm Permira to Acquire Mimecast in $5.8 Billion Deal
Mimecast on Tuesday announced that private equity firm Permira wants to acquire it in an all-cash transaction that values the email security company at roughly $5.8 billion.
Permira, which plans on taking Mimecast private, has entered into a definitive agreement...
