Description: The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information....
Read More
Introduction The Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Errors (CWE Top 25) is a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software. These weaknesses are often easy to find and exploit. They are dangerous because they will frequently allow adversaries to completely take over execution of software, steal data, or prevent the software...
Read More
Description: Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. watchOS 5.3.1 iOS 12.4.1 macOS Mojave 10.14.6 tvOS 12.4.1 Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more...
Read More
Description: WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
Description: Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://exim.org/static/doc/security/CVE-2019-15846.txt https://kb.cert.org/vuls/id/672565/
Intel_Acquisition_Team New Phishing Campaign Bypasses Microsoft ATP to Deliver Adwind to Utilities Industry (Aug 19, 2019) A new phishing campaign has been identified by Cofense that delivers the Adwind malware, a cross-platform malware program. Using an attachment, the phishing campaign has been targeting national grid utilities infrastructure with and email informing the user they need to sign and return a copy of the remittance advice. While...
Read More
Google’s cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie Silvanovich of Google Project Zero, which the company patched just last week...
Read More
New research has revealed the truly shocking state of Android phone security. The source of that security problem may well come as a surprise: antivirus apps designed to protect devices and users. Researchers at testing specialists Comparitech found that apps with more than 28 million installs between them were presenting attack paths and opportunities to threat actors looking to exploit vulnerabilities on the Android platform....
Read More
Side-channel attacks are some of the scariest exploits ever. They don’t usually exploit vulnerabilities in code, they exploit the fundamental implementation of computer systems themselves. Therefore, they’re often hardware-based. Dynamic random-access memory, or DRAM for short, is one of the most common types of memory found in modern computers used by both consumers and businesses. For example, the memory in an x86-64 based PC, such...
Read More
Cisco published last week four guides designed to help incident responders in investigating Cisco gear they suspect has been hacked or otherwise compromised. The guides include step-by-step tutorials on how to extract forensic information from the hacked gear while keeping the data integrity’s intact. Four guides have been made available, for four of Cisco’s major software platforms: Cisco ASA (Adaptive Security Appliance) — software running on...
Read More
![2019 CWE Top 25 Most Dangerous Software Errors [mitre]](https://www.cirt.gov.bd/wp-content/uploads/2019/09/2019CWETop25.png)
