Friday, September 20, 2019
F5 Networks

glibc vulnerabilities CVE-2019-1010024, CVE-2019-1010025

glibc vulnerabilities CVE-2019-1010024, CVE-2019-1010025 Security Advisory Security Advisory Description CVE-2019-1010024 GNU Libc current is affected by: Mitigation bypass. The impact is: ...
Cisco

Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on...
Cisco

Cisco Data Center Network Manager Arbitrary File Upload and Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in affected DCNM software. An...
Cisco

Cisco Data Center Network Manager Arbitrary File Download Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to gain access to sensitive files on an affected device. The vulnerability is due to incorrect permissions settings on affected...
Cisco

Cisco Data Center Network Manager Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper session...
F5 Networks

Supermicro BMC vulnerability CVE-2019-9999

Supermicro BMC vulnerability CVE-2019-9999 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...
F5 Networks

*EMBARGOED* BIG-IP ASM vulnerability CVE-2019-6650

*EMBARGOED* BIG-IP ASM vulnerability CVE-2019-6650 Security Advisory Security Advisory Description *EMBARGOED* F5 BIG-IP ASM may expose sensitive information and allow the system configuration to ...
F5 Networks

**EMBARGOED** ConfigSync vulnerability CVE-2019-6649

**EMBARGOED** ConfigSync vulnerability CVE-2019-6649 Security Advisory Security Advisory Description F5 BIG-IP and Enterprise Manager may expose sensitive information and allow the system ...
DHS

Tridium Niagara

This advisory contains mitigations for information exposure and improper authorization vulnerabilities in Tridium's Niagara business application framework software.
DHS

WECON LeviStudioU (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-19-036-03 WECON LeviStudioU that was published February 5, 2019, on the ICS webpage on us-cert.gov. This advisory includes mitigations for stack-based buffer overflow, heap-based buffer overflow, and memory...

Google Releases Security Updates for Chrome

Original release date: September 19, 2019Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...
Cisco

Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this...
Cisco

Cisco HyperFlex Software Counter Value Injection Vulnerability

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit...
MSRC

Meet the BlueHat Content Advisory Board

We couldn’t do BlueHat without the Content Advisory Board, the brain trust reviewing submissions to the CFP. Representing both Microsoft and other parts of security community, the CAB applies their industry and speaker experience to create the BlueHat agenda...
Cisco

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web...
F5 Networks

CPU vulnerability CVE-2019-11184

CPU vulnerability CVE-2019-11184 Security Advisory Security Advisory Description A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an ...
Have I Been Pwned

Lumin PDF – 15,453,048 breached accounts

In April 2019, the PDF management service Lumin PDF suffered a data breach. The breach wasn't publicly disclosed until September when 15.5M records of user data appeared for download on a popular hacking forum. The data had been left...
F5 Networks

Linux kernel vulnerability CVE-2019-12615

Linux kernel vulnerability CVE-2019-12615 Security Advisory Security Advisory Description An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel ...
F5 Networks

Apache HTTPD vulnerability CVE-2019-10098

Apache HTTPD vulnerability CVE-2019-10098 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when ...

VMware Releases Security Updates for Multiple Products

Original release date: September 17, 2019VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users...
TechRepublic

Organizations struggle to manage cyberthreats without automation

Report details how many organizations lack faith in their security systems to manage an ever-expanding digital landscape.

News Wrap: Emotet’s Return, U.S. Vs. Snowden, Physical Pen Testers Arrested

Threatpost editors discuss the return of Emotet, a new lawsuit against Edward Snowden and more.
SecurityWeek

France Has ‘Not Changed Mind’ on Rejecting Snowden Asylum

France has not changed its mind on rejecting any asylum request from US surveillance whistleblower Edward Snowden, its foreign minister said Thursday, after the former CIA employee said he would like sanctuary in the country. read more
SecurityWeek

Two Indicted in $10 Million Tech Support Fraud Scheme

The United States Department of Justice this week announced the arrest of two individuals charged for participating in a long-term tech support fraud scheme. read more

IDG Contributor Network: Lessons learned through 15 years of SDL at work

Do a quick search on secure development and you’ll find pages and pages of advice and best practices. You could relatively quickly create a long checklist of best practices and how-tos covering everything from how to create a threat...