The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of November – December 2019.
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of October 2019.
In an ideal world, organizations would patch every new vulnerability once it’s discovered. In real-life, this is impossible. Security analysts responsible for vulnerability management activities face multiple challenges that result in what the industry calls “The Patching Paradox” – common sense tells you to keep every system up to date in order to be protected, but this is not possible due to limited resources, existence...
Read More
Cybersecurity firm Comparitech and researcher Bob Diachenko say they’ve found a database containing the Facebook IDs, phone numbers, and names of 267 million users on the web. The database, they claim, was entirely exposed on the internet and did not require a password or any other form of authentication to access. They posit that the origins of the database probably lie in Facebook API abuse by criminals...
Read More
Google had to force-stop the rollout of the Chrome 79 update to Android devices over the weekend following the discovery of a destructive bug that is obliterating user data on mobile applications; unfortunately the update for Android has already been offered to 50 percent of the user base. The bug discovery comes after the release last week of Chrome 79 – a major update for...
Read More
A critical vulnerability fixed in mid-2018 has been resurrected recently in denial-of-service and information disclosure attempts against Cisco’s appliances Adaptive Security (ASA) and Firepower. The company is issuing a warning to its customers urging them to follow recommendations for proper mitigation actions. DoS and sensitive info Tracked as CVE-2018-0296, the vulnerability can be leveraged by an unauthenticated, remote attacker to cause the appliance to reload...
Read More
Description: Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: SA-CORE-2019-012 SA-CORE-2019-011 SA-CORE-2019-010 SA-CORE-2019-009
Description: Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1491 https://support.microsoft.com/en-us/help/20191210/security-update-deployment-information-december-10-2019
Description: WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
Description: Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Xcode 11.3 watchOS 5.3.4 watchOS 6.1.1 tvOS 13.3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra Safari 13.0.4 iOS 12.4.4 iOS 13.3 and iPadOS 13.3 iTunes 12.10.3 for Windows iCloud for Windows 7.16...
Read More
