Photo by Tim Mossholder on Unsplash
Image by David Mark from PixabayCVE-2020-5902 F5 Big-IP – K52145254: TMUI RCE vulnerability
Published: 2020-07-01MITRE CVE-2020-5902 “The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.” “This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create […]
CVE-2020-11996 Apache Tomcat HTTP/2 Denial of Service
Published: 2020-06-25MITRE CVE-2020-11996 “A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.” CVSS Base score: 7.5 (or 5.9 if Attack Complexity turns out to be High)CVSS Temporal Score: 6.5 as of […]
"Soldier Holding Rifle" at PixabayAerospace and military companies in the crosshairs
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT) ESET researchers are warning about targeted phishing attacks agains high-profile aerospace and military companies in Europe. The attacker will approach individual personnel about possible job vacancies, some file-sharing then commences with the pretense of […]
Zoom continues to face security issues
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT) Zoom has become very popular as people are working from home and unable to travel, but faced backlash after multiple security vulnerabilities was discovered earlier this year. Now Cisco Talos discovered two more security […]
Thunderbolt interface makes millions of PC’s in danger
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT) It wasn’t really a news that Thunderbolt technology (USB-C) was vulnerable from years before, but now we got a demo from researcher which shows how Thunderbolt flaw allows access to a PC’s data in […]
Zero click bugs in Apple operating systems
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). According to Google’s project zero there are vulnerabilities in Apples operating systems media managements. The vulnerabilities could let an attacker gain access by sending a specially crafted image or video to a target and […]
Image by OpenClipart-Vectors from PixabayCVE-2020-4415 – Stack-based Buffer Overflow vulnerability in IBM Spectrum Protect Server
Published: 2020-04-24 MITRE CVE-2020-4415 “IBM Spectrum Protect server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash.” […]
Image by Niek Verlaan from PixabayUnassisted iOS Attacks via MobileMail in the wild
There has been discovered a vulnerability in the default mail application (MobileMail) for iOS. The vulnerability allows an attacker to send an email to a victim (you) and without any action from you, the email will launch code prepared by the attacker on your device. The fix for this is not released yet, it has […]
Zoom faces a privacy and security backlash
This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). The use of the Zoom video conference application has exploded in popularity amid the ongoing coronavirus pandemic but this has lead to the importance of scrutiny from a security and privacy perspective which as […]