Tuesday, March 2, 2021
Splunk

Splunk Enterprise and Splunk Light address one vulnerability

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any...
Splunk

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities...
Splunk

Splunk Enterprise and Splunk Light address multiple vulnerabilities

Description Splunk Enterprise and Splunk Light address multiple vulnerabilities Cross Site Scripting in Splunk Web (CVE-2018-7427) Denial of Service (CVE-2018-7432) Path Traversal Vulnerability...
Splunk

Splunk response to CVE-2018-11409: Information Exposure

Description Splunk has completed a review of CVE-2018-11409: Information Exposure. Splunk Enterprise exposes system information through a REST endpoint as described by the vulnerability descriptions. Information Exposure in Splunk Enterprise ...
Splunk

Splunk response to CVE-2018-11409: Information Disclosure

Description Splunk has completed a review of CVE-2018-11409: Information Disclosure. Splunk Enterprise versions before 6.6.0 expose partial information about the host operating system, hardware and Splunk license over an unauthenticated REST endpoint. Splunk Enterprise 6.6.0 and later expose partial...
Splunk

Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user

Description Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user Potential Local Privilege Escalation through instructions to run Splunk as non-root user (SPL-144192) ...
Splunk

Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities

Description Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities. Multiple SAML implementation vulnerabilities in Splunk Enterprise (CVE-2017-17067) ...
Splunk

Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities

Description Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities Persistent Cross Site Scripting in Splunk Web (SPL-142874) Reflected Cross Site Scripting in Splunk Web (SPL-142877) At the time of...
Splunk

Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability

Description Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability Attacker Influenced Error Messages May Permit Social Engineering (SPL-135602) At the time of this announcement, Splunk is not aware...
Splunk

Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities

Description Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities Cross Site Scripting in Splunk Web (SPL-135650) Cross Site Scripting in Splunk Web (SPL-137327) Cross Site Scripting in Splunk Web (SPL-135341) ...
SecurityWeek

Dairy Giant Lactalis Targeted by Hackers

France-based dairy giant Lactalis revealed last week that it was targeted by hackers, but claimed that it had found no evidence of a data breach. The company said a malicious third party attempted to breach its computer network, but it...
Graham Cluley

Crypto firm Tether says it won’t pay $24 million ransom after being threatened with document leak

Controversial cryptocurrency developer Tether says it will not give in to extortionists who are demanding a 500 Bitcoin ransom payment (currently worth approximately US $24 million).
Bruce Schneier

Mysterious Macintosh Malware

This is weird: Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload...

What Did I Just Read? A Conversation With the Authors of '2034'

Elliot Ackerman and Admiral James Stavridis discuss their inspirations, personal experiences, and what keeps them up at night.

2034, Part VI: Crossing the Red Line

“Eventually, the Americans would find them. But by then it would be too late.”