Thursday, October 29, 2020

MAR-10310246-1.v1 – ZEBROCY Backdoor

Original release date: October 29, 2020Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse...

CISA and CNMF Identify a New Malware Variant: Zebrocy

Original release date: October 29, 2020Content: The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant—referred to as Zebrocy—used by a sophisticated cyber actor. In addition,...

CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT

Original release date: October 29, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber National Mission Force (CNMF) have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored...
DHS

Mitsubishi Electric MELSEC iQ-R, Q and L Series

This advisory contains mitigations for an Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric's MELSEC iQ-R, Q and L Series programmable logic controllers.
DHS

Mitsubishi Electric MELSEC iQ-R

This advisory contains mitigations for Improper Restriction of Operations within the Bounds of a Memory Buffer, Session Fixation, NULL Pointer Dereference, Improper Access Control, Argument Injection, and Resource Management Errors vulnerabilities in Mitsubishi Electric's iQ-R programmable logic controllers.

Upcoming Security Updates for Adobe Acrobat and Reader (APSB20-67)

A prenotification security advisory (APSB20-67) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, November 03, 2020. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well...
Have I Been Pwned

Reincubate – 68,744,762 breached accounts

In October 2020, the app data company Reincubate suffered a data breach which exposed a backup from November 2017 (the newest record in the data appeared several months earlier). The data included over 616k unique email addresses, names and...
F5 Networks

BIG-IP SSL/TLS ADH/DHE vulnerability CVE-2020-5929

BIG-IP SSL/TLS ADH/DHE vulnerability CVE-2020-5929 Security Advisory Security Advisory Description BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a virtual server configured ...
F5 Networks

Linux kernel vulnerability CVE-2019-13233

Linux kernel vulnerability CVE-2019-13233 Security Advisory Security Advisory Description In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an ...

Ransomware Activity Targeting the Healthcare and Public Health Sector

Original release date: October 28, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to...

Ransomware Activity Targeting the Healthcare and Public Health Sector

Original release date: October 28, 2020This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory was...
F5 Networks

BIG-IP MQTT iRule vulnerability CVE-2020-5935

BIG-IP MQTT iRule vulnerability CVE-2020-5935 Security Advisory Security Advisory Description When your system handles MQTT traffic through a BIG-IP virtual server associated with an MQTT profile, ...
F5 Networks

TMM vulnerability CVE-2020-5931

TMM vulnerability CVE-2020-5931 Security Advisory Security Advisory Description Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing ...
F5 Networks

BIG-IP Client SSL Security Advisory CVE-2020-5936

BIG-IP Client SSL Security Advisory CVE-2020-5936 Security Advisory Security Advisory Description The Traffic Management Microkernel (TMM) process may consume excessive resources when processing ...
F5 Networks

BIG-IP ASM XSS vulnerability CVE-2020-5932

BIG-IP ASM XSS vulnerability CVE-2020-5932 Security Advisory Security Advisory Description A cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and ...
F5 Networks

BIG-IP AFM vulnerability CVE-2020-5937

BIG-IP AFM vulnerability CVE-2020-5937 Security Advisory Security Advisory Description The Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral ...
F5 Networks

The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header

The BIG-IP ASM system may fail to properly mask the value of a configured sensitive positional parameter that appears in a Referer header Security Advisory Security Advisory Description The BIG-IP ...
F5 Networks

BIG-IP APM SAML SLO vulnerability CVE-2020-5934

BIG-IP APM SAML SLO vulnerability CVE-2020-5934 Security Advisory Security Advisory Description When multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are ...
F5 Networks

BIG-IP ASM Bot Defense may fail to block malicious requests when both the Bot Defense profile and DoS profile are associated with a virtual server

BIG-IP ASM Bot Defense may fail to block malicious requests when both the Bot Defense profile and DoS profile are associated with a virtual server Security Advisory Security Advisory Description
TechRepublic

How to install the FreeIPA identity and authorization solution on CentOS 8

Jack Wallen walks you through the process of installing an identity and authorization platform on CentOS 8.

I've Joined the 1Password Board of Advisers

Presently sponsored by: Make pwned passwords a thing of the past with safepass.me and pwncheckAlmost a decade ago now, I wrote what would become one of my most career-defining blog posts: The Only Secure Password is the One You...

Ransomware Wave Targets US Hospitals: What We Know So Far

A joint advisory from the CSIA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
SecurityWeek

Community College Continues to Investigate Cyberattack

A data breach at a North Carolina community college may have affected many of its current and former students. read more
The Register

Ryuk this for a game of soldiers: Ransomware-flingers actively targeting hospitals in the US, cyber agencies warn

And infosec firms say it's only got worse over this year Ryuk ransomware is being aggressively deployed to target US healthcare institutions, government cyber organisations in the US have warned.…