by taranis
Cisco NX-OS Software
Advisory ID: BGD-2019-0009 Version: 1.04 Probability: medium CVE ID: CVE-2019-1601(nx-os) Damage: medium Publication date: 2019-03-20 Description: A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability...
Read More
by CIRT Team
Microsoft Releases Security Update for Azure Linux Guest Agent
Description: Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804
by CIRT Team
Intel Releases Security Advisories on Multiple Products
Description: Intel has released security updates and recommendations to address vulnerabilities in multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.intel.com/content/www/us/en/security-center/default.html Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available....
Read More
by CIRT Team
WordPress Releases Security Update
Description: WordPress 5.1 and prior versions are affected by a vulnerability. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
by CIRT Team
NASA’s Poor Cybersecurity is Operational Threat [source: infosecurity-magazine]
Government inspectors have uncovered serious deficiencies in NASA’s information security program which they claim could threaten operations. The findings come from the latest Office of the Inspector General (OIG) review of the space agency for fiscal year 2018, under the Federal Information Security Modernization Act of 2014 (FISMA). The OIG tested the maturity of NASA’s infosec program via 61 metrics in five security function areas plus a...
Read More
by CIRT Team
Windows 10 closes in on Microsoft’s 1 billion device goal [source: theverge]
Windows 10 is now running on 800 million devices worldwide, Microsoft has announced. The figure includes not only traditional laptop and desktop PCs, but also hybrids like the Surface Pro, consoles like the Xbox One X, and any phones that are still running the end-of-life Windows 10 Mobile, which will finally stop receiving security updates at the end of this year. 800 million means Windows 10 is comfortably the most...
Read More
by CIRT Team
Owning the Smart Home with Logitech Harmony Hub [source: medium]
Logitech’s Harmony hub is a popular smart home device which enables communication with and control of all network connected devices in your house. It has an install base of millions of users across the globe and supports 270,000 devices from 6,000 brands. Tenable recently released critical, undisclosed vulnerabilities that allow an attacker remote root access without user interaction. The hub is a favorite among enthusiasts for its scripting...
Read More
by CIRT Team
The web just took a big step toward a password-free future [source: theverge]
Today, the World Wide Web Consortium (W3C) approved WebAuthn, a new authentication standard that aims to replace the password as a way of securing your online accounts. First announced last year, WebAuthn (which stands for Web Authentication) is already supported by most browsers, including Chrome, Firefox, Edge, and Safari. Its publication as an official web standard should pave the way for wider adoption by individual websites. At its core, WebAuthn is...
Read More
by taranis
Vulnerability \Advisory – Multiple Cisco Devices
Advisory ID: BGD-2019-0007 Version: 1.00 Probability: high CVE ID: CVE-2019-1663 Damage: high Publication date: 2019-03-12 Description: A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Impact: A remote attacker could exploit this vulnerability to...
Read More
by taranis
Vulnerability Advisory on Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router
Advisory ID: BGD-2019-0006 Version: 1.00 Probability: high CVE ID: CVE-2019-1663 Damage: high Publication date: 2019-03-11 Description: A vulnerability in the web-based management interface of the PRODUCT could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to CAUSE. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Product(s) affected: Vulnerable: Cisco...
Read More
