Wednesday, December 19, 2018
F5 Networks

Oracle Java SE vulnerability CVE-2018-2795

Oracle Java SE vulnerability CVE-2018-2795. Security Advisory. Security Advisory Description. Vulnerability in the Java ...
F5 Networks

Oracle Java SE vulnerability CVE-2018-2815

Oracle Java SE vulnerability CVE-2018-2815. Security Advisory. Security Advisory Description. Vulnerability in the Java ...
F5 Networks

MQTT vulnerability CVE-2018-15323

MQTT vulnerability CVE-2018-15323. Security Advisory. Security Advisory Description. In certain circumstances, when processing ...
F5 Networks

Oracle Java SE vulnerability CVE-2018-2783

Oracle Java SE vulnerability CVE-2018-2783. Security Advisory. Security Advisory Description. Vulnerability in the Java ...

AR18-352A: Quasar Open-Source Remote Administration Tool

Original release date: December 18, 2018Summary Quasar, a legitimate open-source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation.This Analysis Report provides information on Quasar’s...
WMware

New VMware Security Advisory VMSA-2018-0031

Today, VMware has released the following new security advisory: “VMSA-2018-0031 – vRealize Operations updates address a local privilege escalation vulnerability” This documents the remediation of an important severity local privilege escalation vulnerability (CVE-2018-6978) in vRealize Operations (vROps). The issue exists due...
Have I Been Pwned

Mappery – 205,242 breached accounts

In December 2018, the mapping website Mappery suffered a data breach that exposed over 205k unique email addresses. The incident also exposed usernames, the geographic location of the user and passwords stored as unsalted SHA-1 hashes. No response was...
DHS

ABB GATE-E2

This advisory provides mitigation recommendations for missing authentication for critical function and cross-site scripting vulnerabilities in ABB's GATE-E2 ethernet devices.
DHS

Advantech WebAccess/SCADA

This advisory provides mitigation recommendations for an improper input validation vulnerability identified in Advantech's WebAccess/SCADA software platform.
DHS

3S-Smart Software Solutions GmbH CODESYS Control V3 Products

This advisory provides mitigation recommendations for an improper access control vulnerability identified in the 3S-Smart Software Solutions CODESYS Control V3 products.
DHS

3S-Smart Software Solutions GmbH CODESYS V3 Products

This advisory provides mitigation recommendations for use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities identified in the 3S-Smart Software Solutions GmbH CODESYS V3 products.
DHS

Siemens TIM 1531 IRC Modules

This advisory provides mitigation recommendations for a missing authentication for critical function vulnerability in Siemens' TIM 1531 IRC modules.
DHS

ABB CMS-770

This advisory includes mitigations for an improper authentication vulnerability in the ABB CMS-770 software.
DHS

ABB M2M ETHERNET

This advisory includes mitigations for an improper authentication vulnerability in the ABB M2M Ethernet software.
F5 Networks

Linux kernel vulnerability CVE-2017-9074

Linux kernel vulnerability CVE-2017-9074. Security Advisory. Security Advisory Description. The IPv6 fragmentation implementation ...
F5 Networks

DHCP client vulnerability CVE-2018-5732

DHCP client vulnerability CVE-2018-5732. Security Advisory. Security Advisory Description. An out-of-bound memory access ...
F5 Networks

Apache Portable Runtime vulnerability CVE-2017-12613

Apache Portable Runtime vulnerability CVE-2017-12613. Security Advisory. Security Advisory Description. When apr_time_exp ...
F5 Networks

Linux kernel vulnerability CVE-2017-7889

Linux kernel vulnerability CVE-2017-7889. Security Advisory. Security Advisory Description. The mm subsystem in the Linux ...
F5 Networks

BIG-IP APM portal access vulnerability CVE-2018-15324

BIG-IP APM portal access vulnerability CVE-2018-15324. Security Advisory. Security Advisory Description. TMM may restart ...
F5 Networks

XSS vulnerability in undisclosed TMUI page CVE-2018-15314

XSS vulnerability in undisclosed TMUI page CVE-2018-15314. Security Advisory. Security Advisory Description. A reflected ...

Vote for Blockchain [Voting]

While the internet has been around for nearly two decades, our society has failed to devise a reliable, fraud-proof way to implement a digital voting system. As it stands, our current election process is not particularly conducive to the...

Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
TechRepublic

Why CXOs are leading the charge for AI-based security

While 73% of organizations already use some level of artificial intelligence, the technology comes with its own challenges, according to a ProtectWise report.
SecurityWeek

Servers Can Be Bricked Remotely via BMC Attack

Hackers could remotely brick servers by launching firmware attacks that involve the Baseboard Management Controller (BMC), researchers at firmware security company Eclypsium have demonstrated. read more

Threatpost Poll: Do You Hate Facebook?

Weigh in on Facebook and privacy in our short poll.