Tuesday, May 26, 2020
Splunk

Splunk Enterprise and Splunk Light address one vulnerability

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any...
Splunk

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities...
Splunk

Splunk Enterprise and Splunk Light address multiple vulnerabilities

Description Splunk Enterprise and Splunk Light address multiple vulnerabilities Cross Site Scripting in Splunk Web (CVE-2018-7427) Denial of Service (CVE-2018-7432) Path Traversal Vulnerability...
Splunk

Splunk response to CVE-2018-11409: Information Exposure

Description Splunk has completed a review of CVE-2018-11409: Information Exposure. Splunk Enterprise exposes system information through a REST endpoint as described by the vulnerability descriptions. Information Exposure in Splunk Enterprise ...
Splunk

Splunk response to CVE-2018-11409: Information Disclosure

Description Splunk has completed a review of CVE-2018-11409: Information Disclosure. Splunk Enterprise versions before 6.6.0 expose partial information about the host operating system, hardware and Splunk license over an unauthenticated REST endpoint. Splunk Enterprise 6.6.0 and later expose partial...
Splunk

Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user

Description Splunk response to Potential Local Privilege Escalation through instructions to run Splunk as non-root user Potential Local Privilege Escalation through instructions to run Splunk as non-root user (SPL-144192) ...
Splunk

Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities

Description Splunk Enterprise 7.0.0.1/7.0.1, 6.6.3.2/6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities. Multiple SAML implementation vulnerabilities in Splunk Enterprise (CVE-2017-17067) ...
Splunk

Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities

Description Splunk Enterprise 6.6.3 and Splunk Light 6.6.3 address multiple vulnerabilities Persistent Cross Site Scripting in Splunk Web (SPL-142874) Reflected Cross Site Scripting in Splunk Web (SPL-142877) At the time of...
Splunk

Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability

Description Splunk Enterprise 6.3.11 and Splunk Light 6.5.3 address one vulnerability Attacker Influenced Error Messages May Permit Social Engineering (SPL-135602) At the time of this announcement, Splunk is not aware...
Splunk

Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities

Description Splunk Enterprise 6.4.7 and Splunk Light 6.5.3 address multiple vulnerabilities Cross Site Scripting in Splunk Web (SPL-135650) Cross Site Scripting in Splunk Web (SPL-137327) Cross Site Scripting in Splunk Web (SPL-135341) ...

How To Achieve Balance Between Cybersecurity And The User Experience

Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.

Determining Liability For Security Breaches Isn’t Black And White

Between the volume of successful cyberattacks and the rising cost of the fallout from those attacks, it's understandable for companies and individuals to want to hold someone responsible.

Why Your Approach To Cybersecurity May Require Shifting Your Mindset

Leaders must redefine the concept of a strong cyber posture and relegate event-based security to its rightful place — as an inferior approach to managing cyber risks and threats.

Trump’s New Intelligence Chief Spells Trouble

John Ratcliffe is the least-qualified director of national intelligence in history—and a staunch partisan as well.
SecurityWeek

Jailbreak Tool Updated to Unlock iPhones Running iOS 13.5

The unc0ver jailbreaking tool has been updated with support for the latest iOS releases, courtesy of a zero-day vulnerability, the team behind the utility announced. read more