Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
On May 11, 2021, the research paper Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation was made public. This paper discusses 12 vulnerabilities in the 802.11 standard. One vulnerability is in the frame aggregation functionality, two vulnerabilities are...
MacOS Local Privilege Escalation Exploitable through Cisco AnyConnect Secure Mobility Client
On May 26, 2020, Apple released a security update for MacOS Catalina, Mojave, and High Sierra. Part of this update addressed a local privilege escalation vulnerability (CVE-2020-9817).
Cisco has determined that Cisco AnyConnect Secure Mobility Client releases 4.10.00093 and earlier could be...
BIG-IP APM SAML SLO vulnerability CVE-2020-5934
BIG-IP APM SAML SLO vulnerability CVE-2020-5934 Security Advisory Security Advisory Description When multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are ...
BIG-IP HTTP compression profile vulnerability CVE-2020-5933
BIG-IP HTTP compression profile vulnerability CVE-2020-5933 Security Advisory Security Advisory Description When a BIG-IP system that has a virtual server configured with an HTTP compression ...
BIG-IP MQTT iRule vulnerability CVE-2020-5935
BIG-IP MQTT iRule vulnerability CVE-2020-5935 Security Advisory Security Advisory Description When your system handles MQTT traffic through a BIG-IP virtual server associated with an MQTT profile, ...
BIG-IP Client SSL Security Advisory CVE-2020-5936
BIG-IP Client SSL Security Advisory CVE-2020-5936 Security Advisory Security Advisory Description The Traffic Management Microkernel (TMM) process may consume excessive resources when processing ...
BIG-IP AFM vulnerability CVE-2020-5937
BIG-IP AFM vulnerability CVE-2020-5937 Security Advisory Security Advisory Description The Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral ...
F5 IPsec vulnerability CVE-2020-5938
F5 IPsec vulnerability CVE-2020-5938 Security Advisory Security Advisory Description When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key ...
BIG-IP VE network interface vulnerability CVE-2020-5939
BIG-IP VE network interface vulnerability CVE-2020-5939 Security Advisory Security Advisory Description BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface ...
BIG-IP TMUI vulnerability CVE-2020-5940
BIG-IP TMUI vulnerability CVE-2020-5940 Security Advisory Security Advisory Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic ...
BIG-IP AVRD vulnerability CVE-2020-27728
BIG-IP AVRD vulnerability CVE-2020-27728 Security Advisory Security Advisory Description Under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and ...
BIG-IQ HA vulnerability CVE-2021-22997
BIG-IQ HA vulnerability CVE-2021-22997 Security Advisory Security Advisory Description BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport ...
BIG-IQ DCD vulnerability CVE-2021-22996
BIG-IQ DCD vulnerability CVE-2021-22996 Security Advisory Security Advisory Description When set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an ...
BIG-IQ HA vulnerability CVE-2021-22995
BIG-IQ HA vulnerability CVE-2021-22995 Security Advisory Security Advisory Description BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form ...
Critical Infrastructure Remains at Risk Following Ransomware Attack
Critical infrastructure has increasingly become a top target for cybercriminals. Over the weekend, we learned of the ransomware attack against a U.S. fuel company, Colonial Pipeline, that carries nearly half the fuel consumed along the U.S. East Coast. This...
Blessed are the cryptographers, labelling them criminal enablers is just foolish
Preserving privacy is hard. I know because when I tried, I quickly learned not to play with weapons Column Nearly a decade ago I decided to try my hand as a cryptographer. It went about as well as you...
Ransomware Gang Leaks Metropolitan Police Data After Failed Negotiations
The cybercrime syndicate behind Babuk ransomware has leaked more personal files belonging to the Metropolitan Police Department (MPD) after negotiations with the DC Police broke down, warning that they intend to publish all data ransom demands are not met.
"The...
NSA and ODNI analyze potential risks to 5G networks
U.S. Intelligence agencies warn of weaknesses in 5G networks that could be exploited by crooks and nation-state actors for intelligence gathering.
The U.S. National Security Agency (NSA), along with the DHS Cybersecurity and Infrastructure Security Agency (CISA), and the Office...
Alert: Hackers Exploit Adobe Reader 0-Day Vulnerability in the Wild
Adobe has released Patch Tuesday updates for the month of May with fixes for multiple vulnerabilities spanning 12 different products, including a zero-day flaw affecting Adobe Reader that's actively exploited in the wild.
The list of updated applications includes Adobe Experience Manager,...
Beijing twirls ban-hammer at 84 more apps it says need to stop slurping excess data
Online lending apps and more given fifteen days to ‘rectify’ behaviour China’s Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to “rectify” their code.…
