Author Archives: CIRT Team



CIRT Team

in Security Advisories & Alerts

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities(CVE-2020-3566,CVE-2020-3569)

DESCRIPTION Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. IMPACT These vulnerabilities are due to the incorrect...

Read More

0
02 Sep 2020
in Security Advisories & Alerts

Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary...

Read More

0
27 Aug 2020
in Security Advisories & Alerts

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...

Read More

0
27 Aug 2020
in Security Advisories & Alerts

Alert : FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks

North Korea’s BeagleBoyz are responsible for the sophisticated cyber-enabled ATM cash-out campaigns identified publicly as “FASTCash” in October 2018. Since 2016, the BeagleBoyz have perpetrated the FASTCash scheme, targeting banks’ retail payment system infrastructure (i.e., switch application servers processing International Standards Organization [ISO] 8583 messages, which is the standard for financial transaction messaging). The BeagleBoyz overlap to varying degrees with groups tracked by the cybersecurity...

Read More

0
27 Aug 2020
in Security Advisories & Alerts

Multiple Vulnerabilities in IBM Security Guardium Insights Could Allow for Program Compromise

DESCRIPTION Multiple vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. IBM Security Guardium Insights is a program developed to monitor traffic traveling across the network to protect against data leakage and maintain data integrity. Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise...

Read More

0
25 Aug 2020
in Security Advisories & Alerts

A Vulnerability with Cisco Small Business, Smart, and Managed Switches Could Allow for Denial of Service

DESCRIPTION A vulnerability has been discovered in Cisco Small Business, Smart, and Managed Switches which could allow for a denial-of-service condition when the switch processes a specially crafted IPv6 address. The vulnerability occurs due to insufficient validation of incoming IPv6 traffic. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. The vulnerability does not affect IPv4...

Read More

0
25 Aug 2020
Google Fixes Serious Security Bug Impacting Gmail, G Suite Users
in Articles, English articles, News

Google Fixes Serious Security Bug Impacting Gmail, G Suite Users

Google has patched a major security bug impacting the Gmail and G Suite email servers. The bug could have allowed a threat actor to send spoofed emails mimicking any Gmail or G Suite customer. The issue was identified and reported to Google in April, though the search giant took over four months in mitigation and ultimately released a patch on Wednesday (19th August). According to...

Read More

0
23 Aug 2020
in Security Advisories & Alerts

Command Injection Vulnerability in FusionCompute (CVE-2020-9242)

Description FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. Impact Successful exploit could allow an authenticated attacker to launch a command injection attack. Mitigation Huawei has released software updates to fix this vulnerability. Product Name Affected Version Resolved Product and Version FusionCompute...

Read More

0
20 Aug 2020
in Security Advisories & Alerts

A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

DESCRIPTION A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application...

Read More

0
20 Aug 2020
Page 20 of 134« First...10...1819202122...304050...Last »