Entries by Hans-Petter Fjeld

CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

Published: 02/11/2020 | Last Updated : 02/11/2020 MITRE CVE-2020-0688 “A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, […]

CVE-2020-1938 – Apache Tomcat AJP Request Injection and potential Remote Code Execution

Published by Apache: 2020-02-24 MITRE CVE-2020-3158 “When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may […]

CVE-2020-3158 – Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability

Published by Cisco: 2020-02-19 MITRE CVE-2020-3158 “A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.” The vulnerability has a CVSS Base score of 9.8, Critical. Basefarm has triaged this vulnerability and found […]

VMSA-2020-0003 vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)

Published by VMware: 2020-02-18 MITRE CVE-2020-3943 “vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.” “vRealize Operations for Horizon Adapter has an improper trust store configuration […]

CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability

Published by Microsoft: 02/11/2020 MITRE CVE-2020-0618 “A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.” There exists a proof of concept and write-up. Basefarm considers this a […]

Cloud security is voodoo?

“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.” “Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.” Read […]

DNSpionage and how to mitigate DNS tunneling

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Cisco Talos has published details regarding an APT campaign using DNS redirection and a malware they call DNSpionage. The malware supports both regular HTTP and also DNS tunneling as a way of communicating back […]

Russia accused of Energy Sector Siege

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly […]