Vulnerability

tripwire

Instagram photo flaw could have helped malicious hackers spy via users' cameras and microphones

A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security hole, which has been patched by Instagram owner Facebook, could be exploited by a malicious hacker simply sending their intended victim a boobytrapped malicious image file via SMS, WhatsApp, email or any other messaging service.

wandera

Critical vulnerability in Windows Server discovered

A critical vulnerability has been discovered in Windows Server, allowing unauthenticated attackers to compromise all Active Directory identity services. The severity of this exploit has been rated at a 10/10 by security experts. The U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) believe that “active exploitation of this vulnerability is occurring in the wild”.

cloudpassage

Zerologon: Windows Netlogon Vulnerability CVE-2020-1472

On August 11, 2020, Microsoft released a software update to mitigate a critical vulnerability in Windows Server operating systems (CVE-2020-1472). The vulnerability in Microsoft Windows Netlogon Remote Protocol (MS-NRPC), a core authentication component of Active Directory, could allow an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services.

haproxy

CVE-2020-15598: HAProxy Enterprise Unaffected Due to ModSecurity Hardening Measures!

The OWASP ModSecurity Core Rule Set team has reported a Denial of Service vulnerability in ModSecurity version 3.x that allows an attacker to send a crafted payload that exploits a flaw in how regular expressions are matched within the software. A CVE (CVE-2020-15598) was assigned to this vulnerability and it has been rated with a CVSSv3 score of 7.5 (high).

humio

How to detect Zerologon attacks in your Windows infrastructure

Zerologon is arguably the most dangerous Windows vulnerability the security industry has seen. Organizations want to know with no uncertainty whether they’ve been attacked. That assurance doesn’t come from searching 30 days or even 90 days’ worth of Windows logs. It comes from a comprehensive search of all your Windows logs. Humio customers can get the certainty they need in a matter of seconds. Last month, Microsoft issued a patch for Zerologon.

splunk

Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range

The recent disclosure of CVE-2020-1472 vulnerability by Microsoft showcases the need for tools that allow defenders to quickly replicate published exploit code, register attack data, and create signatures or other mitigations against released exploits with a high likelihood of exploitation against popular infrastructure or operating systems.

NNT Vulnerability Tracker - Online Demo

Vulnerability scanning is an essential foundational security control and vital for every organization. Cyber attacks such as WannaCry and Petya, left many asking the question: How can we stay safely ahead of the next threat? Using NNT Vulnerability Tracker™ will ensure that any known vulnerabilities can be identified within your IT infrastructure before they are exploited.
tripwire

The History of Common Vulnerabilities and Exposures (CVE)

During the late 1990s, security professionals were using information assurance tools in concert with vulnerability scanners to detect and remove vulnerabilities from the systems for which they are responsible. There’s just one problem – each security vendor has its own database with little to no crossover.

sysdig

Detecting CVE-2020-14386 with Falco and mitigating potential container escapes

On September 14, CVE-2020-14386 was reported as a “high” severity threat. This CVE is a kernel security vulnerability that enables an unprivileged local process to gain root access to the system. CVE-2020-14386 is a result of a bug found in the packet socket facility in the Linux kernel. It allows a bad actor to trigger a memory corruption that can be exploited to hijack data and resources and in the most severe case, completely take over the system.