Author Archives: CIRT Team



CIRT Team

Do we need a password manager ?
in Articles, English articles, News

Do we need a password manager ?

The proliferation of technology has paved way for us to consume various services from ordering food online, to communicating with our loved once via social media. As all of the services we access via the internet are usually separate entities, we need to provide password for every website. Although many sites allows us to access their services using a common authentication mechanism like OAuth but...

Read More

0
03 Sep 2020
in Security Advisories & Alerts

Cisco Security Advisory for DVMRP Vulnerability in IOS XR Software

DESCRIPTIONCisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild. IMPACTAn...

Read More

0
03 Sep 2020
in Security Advisories & Alerts

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities(CVE-2020-3566,CVE-2020-3569)

DESCRIPTION Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. IMPACT These vulnerabilities are due to the incorrect...

Read More

0
02 Sep 2020
in Security Advisories & Alerts

Multiple Vulnerabilities in Mozilla Firefox Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Firefox ESR, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary...

Read More

0
27 Aug 2020
in Security Advisories & Alerts

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

DESCRIPTION Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could...

Read More

0
27 Aug 2020
in Security Advisories & Alerts

Alert : FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks

North Korea’s BeagleBoyz are responsible for the sophisticated cyber-enabled ATM cash-out campaigns identified publicly as “FASTCash” in October 2018. Since 2016, the BeagleBoyz have perpetrated the FASTCash scheme, targeting banks’ retail payment system infrastructure (i.e., switch application servers processing International Standards Organization [ISO] 8583 messages, which is the standard for financial transaction messaging). The BeagleBoyz overlap to varying degrees with groups tracked by the cybersecurity...

Read More

0
27 Aug 2020
in Security Advisories & Alerts

Multiple Vulnerabilities in IBM Security Guardium Insights Could Allow for Program Compromise

DESCRIPTION Multiple vulnerabilities have been discovered in IBM Security Guardium Insights, the most severe of which could allow for the program to become compromised. IBM Security Guardium Insights is a program developed to monitor traffic traveling across the network to protect against data leakage and maintain data integrity. Successful exploitation of the most severe of these vulnerabilities could allow for a remote attacker to compromise...

Read More

0
25 Aug 2020
in Security Advisories & Alerts

A Vulnerability with Cisco Small Business, Smart, and Managed Switches Could Allow for Denial of Service

DESCRIPTION A vulnerability has been discovered in Cisco Small Business, Smart, and Managed Switches which could allow for a denial-of-service condition when the switch processes a specially crafted IPv6 address. The vulnerability occurs due to insufficient validation of incoming IPv6 traffic. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted IPv6 packet through an affected device. The vulnerability does not affect IPv4...

Read More

0
25 Aug 2020
Google Fixes Serious Security Bug Impacting Gmail, G Suite Users
in Articles, English articles, News

Google Fixes Serious Security Bug Impacting Gmail, G Suite Users

Google has patched a major security bug impacting the Gmail and G Suite email servers. The bug could have allowed a threat actor to send spoofed emails mimicking any Gmail or G Suite customer. The issue was identified and reported to Google in April, though the search giant took over four months in mitigation and ultimately released a patch on Wednesday (19th August). According to...

Read More

0
23 Aug 2020
Page 20 of 135« First...10...1819202122...304050...Last »