Wednesday, December 8, 2021
F5 Networks

K00374275: Apache Traffic Server vulnerability CVE-2021-43082

Apache Traffic Server vulnerability CVE-2021-43082 Security Advisory Security Advisory Description Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats ...
DHS

Hitachi Energy RTU500 OpenLDAP

This advisory contains mitigations for Type Confusion, and Reachable Assertion vulnerabilities in Hitachi Energy RTU500 OpenLDAP firmware.
DHS

Hitachi Energy XMC20 and FOX61x

This advisory contains mitigations for Weak Password Requirements, and Missing Handler vulnerabilities in Hitachi Energy XMC20 and FOX61x multi-service network elements.
DHS

FANUC Robot Controllers

This advisory is a follow-up to the original advisory titled ICSA-21-243-02P FANUC Robot Controllers that was posted to the HSIN ICS library on August 31, 2021. This advisory contains mitigations for Integer Coercion Error, and Out-of-bounds Write vulnerabilities in...
F5 Networks

K23153696: Apache HTTPD vulnerability CVE-2020-1927

Apache HTTPD vulnerability CVE-2020-1927 Security Advisory Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self- ...
F5 Networks

K12705583: OpenSSH vulnerability CVE-2021-41617

OpenSSH vulnerability CVE-2021-41617 Security Advisory Security Advisory Description sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege ...
Cisco

Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...
Have I Been Pwned

Gravatar – 113,990,759 breached accounts

In October 2020, a security researcher published a technique for scraping large volumes of data from Gravatar, the service for providing globally unique avatars . The scraped data included 167 million names, usernames and MD5 hashes of email addresses...
F5 Networks

K50839343: NGINX ModSecurity WAF vulnerability CVE-2021-42717

NGINX ModSecurity WAF vulnerability CVE-2021-42717 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it ...
WMware

TigerRAT – Advanced Adversaries on the Prowl

Summary On September 5th, 2021, the Korea Internet & Security Agency (KISA) released a report on a new threat they dubbed TigerRAT. The newly found malware shares similarities with malware previously reported by Kaspersky and Malwarebytes. Kaspersky has previously attributed...
Cisco

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021

On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2.4.48 and earlier releases. For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section of the Apache HTTP Server 2.4...
DHS

Schneider Electric SESU

This advisory contains mitigations for an Insufficient Entropy vulnerability in the Schneider Electric Software Update. 
DHS

Johnson Controls Entrapass

This advisory contains mitigations for a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Johnson Controls Entrapass security management software.
TechRepublic

Cybersecurity: Organizations face key obstacles in adopting zero trust

Security pros surveyed by One Identity cited a lack of clarity, other priorities and a lack of resources as bumps on the road to Zero Trust.

5 Tips to Stay on the Offensive and Safeguard Your Attack Surface

New, global-scale attacks aren't a security problem; they're a big data problem requiring a data-led solution.

Emotet’s Behavior & Spread Are Omens of Ransomware Attacks

The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.

Google disrupts major malware distribution network Glupteba

Working with several internet infrastructure and hosting providers, including Cloudflare, Google disrupted the operation of an aggressive Windows botnet known as Glupteba that was being distributed through fake ads. It also served itself as a distribution network for additional...
SecurityWeek

Private Equity Firm Permira to Acquire Mimecast in $5.8 Billion Deal

Mimecast on Tuesday announced that private equity firm Permira wants to acquire it in an all-cash transaction that values the email security company at roughly $5.8 billion. Permira, which plans on taking Mimecast private, has entered into a definitive agreement...