by CIRT Team
Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability
Description: A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit...
Read More
by CIRT Team
Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
Description: A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Impact: The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in...
Read More
by CIRT Team
Cisco AMP for Endpoints Static Key Vulnerability
Description: On October 20th, 2017, Cisco PSIRT was notified by the internal product team of a security vulnerability in the Cisco AMP for Endpoints application that would allow an authenticated, local attacker to access a static key value stored in the local application software. Impact: The vulnerability is due to the use of a static key value stored in the application used to encrypt the...
Read More
by CIRT Team
Microsoft Releases October 2017 Security Update
Description: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with...
Read More
by CIRT Team
ব্লু হোয়েল : প্রয়োজনীয় সতর্কতা
ব্লু হোয়েল কী? ব্লু হোয়েল সোশ্যাল মিডিয়াভিত্তিক একটি ডিপওয়েব গেম। যেসব কম বয়সী ছেলেমেয়ে অবসাদে ভোগে তারাই সাধারণত এতে আসক্ত হয়ে পড়েন। ভারতে ব্লু হোয়েলে আসক্ত হয়ে আত্মঘাতী কয়েক তরুণের সুইসাইডাল নোটে লেখা হয়েছে, ব্লু হোয়েলে ঢোকা যায়, বের হওয়া যায় না। জানা যায়, ব্লু হোয়েল গেমে ৫০টি ধাপ রয়েছে। ৫০টি ধাপ ৫০ দিনে অতিক্রম করতে হয়। প্রথমদিকের ধাপগুলোতে সহজ কিছু থাকে। এর প্রতিটি ধাপ...
Read More
by CIRT Team
Google to enforce HTTPS on TLDs it controls [source : helpnetsecurity]
In its sustained quest to bring encryption to all existing Web sites, Google has announced that it will start enforcing HTTPS for the 45 Top-Level Domains it operates. How will it do that? You may or may not know that, since 2015, Google has been offering domain name registration services, and it operates domains such as .google, .how, and .dev (among others). And now, Google will start adding...
Read More
by CIRT Team
Report Reveals the Most Popular and Top Blacklisted Mobile Apps on Enterprise [bleepingcomputer]
WhatsApp has the honor of being the most popular app on iOS enterprise devices, but also the most blacklisted app on enterprise networks. This is one of the findings of the Appthority Enterprise Mobile Security Pulse Report for Q3 2017; a report put together by scanning millions of devices running the company’s mobile security solutions. The gathered data allowed Appthority insight into the most popular apps...
Read More
by CIRT Team
6,000 Indian Enterprises’ Data Offered for Sale on DarkNet [source : tripwire]
An unidentified hacker is attempting to sell information pertaining to more than 6,000 Indian enterprises on a DarkNet forum. Researchers at Seqrite, the enterprise security brand of IT security firm Quick Heal, found an advertisement for the data on DarkNet. As of this writing, whoever is behind the posting is currently offering the information, which includes corporate usernames, passwords, and billing documents, for sale at 15 Bitcoins...
Read More
by CIRT Team
Amazon’s Whole Foods Investigating Payment Card Breach [source: securityweek]
Whole Foods Market, the supermarket chain acquired recently by Amazon for $13.7 billion, informed customers this week that it has launched an investigation after learning that some of its point-of-sale (PoS) systems may have been hacked. The company has provided only few details as the investigation is ongoing. However, it said the incident appears to impact taprooms and full table-service restaurants located within some of...
Read More
by CIRT Team
Some MacOS Users Aren’t Getting the Firmware Security Patches [source : motherboard.vice]
Do you know if your Mac’s low-level firmware is up to date with the latest patches? You might not be able to, researchers say. Apple’s security updates for macOS sometime include patches for serious vulnerabilities in the firmware that runs beneath the operating system. So you might think you’re safe if you keep your OS version up to date, but that’s not always the case....
Read More
