Saturday, December 5, 2020
F5 Networks

Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949

Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949 Security Advisory Security Advisory Description CVE-2020-28948 Archive_Tar through 1.4.10 allows an unserialization attack because ...
F5 Networks

QEMU vulnerability CVE-2020-27617

QEMU vulnerability CVE-2020-27617 Security Advisory Security Advisory Description eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can ...
F5 Networks

Jetty vulnerability CVE-2019-10247

Jetty vulnerability CVE-2019-10247 Security Advisory Security Advisory Description In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running ...
F5 Networks

Intel CPU vulnerability CVE-2020-0591

Intel CPU vulnerability CVE-2020-0591 Security Advisory Security Advisory Description Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to ...
F5 Networks

Intel CPU vulnerability CVE-2020-0592

Intel CPU vulnerability CVE-2020-0592 Security Advisory Security Advisory Description Out of bounds write in BIOS firmware for some Intel(R) Processors may allow an authenticated user to ...
F5 Networks

The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it

The BIG-IP system may not interpret an HTTP request the same way the target web server interprets it Security Advisory Security Advisory Description This issue occurs when all of the following ...
F5 Networks

systemd vulnerability CVE-2018-15686

systemd vulnerability CVE-2018-15686 Security Advisory Security Advisory Description A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re- ...
F5 Networks

Intel software vulnerabilities CVE-2020-8754, CVE-2020-8757, CVE-2020-8760, CVE-2020-12356

Intel software vulnerabilities CVE-2020-8754, CVE-2020-8757, CVE-2020-8760, CVE-2020-12356 Security Advisory Security Advisory Description CVE-2020-8754 Out-of-bounds read in subsystem for Intel(R ...
F5 Networks

Intel software vulnerabilities CVE-2020-8750 CVE-2020-12355

Intel software vulnerabilities CVE-2020-8750 CVE-2020-12355 Security Advisory Security Advisory Description CVE-2020-8750 Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1. ...
F5 Networks

Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756

Intel software vulnerabilities CVE-2020-8705, CVE-2020-8744, CVE-2020-8745, CVE-2020-8756 Security Advisory Security Advisory Description CVE-2020-8705 Insecure default initialization of resource ...
F5 Networks

Intel software vulnerabilities CVE-2020-8746, CVE-2020-8747, CVE-2020-8749, CVE-2020-8752, CVE-2020-8753

Intel software vulnerabilities CVE-2020-8746, CVE-2020-8747, CVE-2020-8749, CVE-2020-8752, CVE-2020-8753 Security Advisory Security Advisory Description CVE-2020-8746 Integer overflow in subsystem ...
F5 Networks

Intel software vulnerabilities CVE-2020-12297, CVE-2020-12304, CVE-2020-12354

Intel software vulnerabilities CVE-2020-12297, CVE-2020-12304, CVE-2020-12354 Security Advisory Security Advisory Description CVE-2020-12297 Improper access control in Installer for Intel(R) CSME ...
F5 Networks

Intel software vulnerabilities CVE-2020-8751, CVE-2020-8755, CVE-2020-8761, CVE-2020-12303

Intel software vulnerabilities CVE-2020-8751, CVE-2020-8755, CVE-2020-8761, CVE-2020-12303 Security Advisory Security Advisory Description CVE-2020-8751 Insufficient control flow management in ...
F5 Networks

Intel SSD vulnerabilities CVE-2020-0584, CVE-2020-12309, CVE-2020-12310, CVE-2020-12311

Intel SSD vulnerabilities CVE-2020-0584, CVE-2020-12309, CVE-2020-12310, CVE-2020-12311 Security Advisory Security Advisory Description CVE-2020-0584 Buffer overflow in firmware for Intel(R) SSD ...
F5 Networks

The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control

The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control Security Advisory Security ...
F5 Networks

Linux kernel vulnerabilities CVE-2020-8694 and CVE-2020-8695

Linux kernel vulnerabilities CVE-2020-8694 and CVE-2020-8695 Security Advisory Security Advisory Description CVE-2020-8694 Insufficient access control in the Linux kernel driver for some Intel(R) ...
F5 Networks

iControl REST vulnerability CVE-2020-5943

iControl REST vulnerability CVE-2020-5943 Security Advisory Security Advisory Description When a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated ...
F5 Networks

TMM FastL4 vulnerability CVE-2019-6680

TMM FastL4 vulnerability CVE-2019-6680 Security Advisory Security Advisory Description While processing traffic through a standard virtual server that targets a FastL4 virtual server (VIP on VIP), ...
F5 Networks

BIG-IQ system interface vulnerability CVE-2020-5944

BIG-IQ system interface vulnerability CVE-2020-5944 Security Advisory Security Advisory Description Accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns ...
F5 Networks

The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant)

The BIG-IP system may fail to properly parse HTTP headers that are prepended by whitespace (non RFC2616 compliant) Security Advisory Security Advisory Description The BIG-IP system may fail to ...

Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021

What 20 Leading Cybersecurity Experts Are Predicting For 2021
SecurityWeek

Italy Says Two Arrested for Defense Data Theft

Two people have been arrested for stealing defense data from the Italian aerospace and electronics group Leonardo, the interior ministry said on Saturday. The company has a wide range of activities from naval electronics, network and protection systems, electronic warfare...

The US Used the Patriot Act to Justify Logging Website Users

Plus: Better Twitter two-factor, a Spotify hack, and more of the week’s top security news.
ZDNet

Ransomware hits helicopter maker Kopter

Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
ZDNet

Ransomware gangs are now cold-calling victims if they restore from backups without paying

Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.