Operations | Monitoring | ITSM | DevOps | Cloud

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

Earlier this month, security researchers at Promon, a Norwegian firm that specializes in in-app security, uncovered a unique vulnerability in Android devices that allows malicious apps to masquerade as legitimate apps and prompt for intrusive permissions that allow them to: Listen to the user through the microphone, Take photos using the camera, and a lot more.

In the current digital era, enterprises across the world heavily rely on information systems for day-to-day operations and for accessing business-related data. In essential institutions, such as banking and financial, health, and government, protecting information is critical and any security mishap could disrupt daily operations. The intention of attackers is to either deny services until a ransom is paid or breach security to gain access to critical information.

A critical vulnerability in sudo has been disclosed, that when exploited, enables users to bypass security restrictions and execute commands as the root user. This security flaw has to be swiftly remediated as sudo is one of the most integral and commonly used functionalities in Linux operating systems.

A recent flaw, CVE-2019-14287, has been found in sudo. In this blogpost, we are going to show you how to use Falco or Sysdig Secure, to detect any exploit attempts against this vulnerability. sudo allows users to run commands with other user privileges. It is typically used to allow unprivileged users to execute commands as root. The issue exists in the way sudo has implemented running commands with an arbitrary user ID in versions earlier than 1.8.28.

The past few months have seen both Android and iOS fall prey to various security attacks, with more malware attacks and exploits being uncovered on a daily basis. First, let’s look at the newest zero-day Android vulnerability. This vulnerability leverages the ”use-after-free” memory flaw to wreak havoc on mobile devices. In layperson terms, the use-after-free flaw allows access to memory recently freed (after performing some operation) to execute malicious code.

We are releasing a recommended security update via Mattermost Team Edition 5.9.1, 5.8.2 and 4.10.9 (ESR) and Mattermost Enterprise Edition 5.9.1, 5.8.2 and 4.10.9 (ESR). This security update addresses a high-level vulnerability discovered during a security research review by Leandro Chaves.

This week CVE-2019-3874 was discovered which details a flaw in the Linux kernel where an attacker can circumvent cgroup memory isolation using the SCTP socket buffer. In containerised environments, this has the potential for a container running as root to create a DoS.

Recently, a new Kubernetes related vulnerability was announced that affected the kube-apiserver. This was a denial of service vulnerability where authorized users with write permissions could overload the API server as it is handling requests. The issue is categorized as a medium severity (CVSS score of 6.5) and can be resolved by upgrading the kube-apiserver to v1.11.8, v1.12.6, or v1.13.4.

Amp up your endpoint security game with ManageEngine’s all-new Vulnerability Manager Plus. Pinpoint, prioritize, and eliminate vulnerabilities with ease. Attackers are constantly coming up with new ways to carry out exploits, making it even harder for your organization to reduce its attack surface and keep its endpoints secure.