The RSA Conference 2019, which is dedicated to addressing worldwide information security issues, was held in March 4–8. This year's RSA Conference took "Better" as its theme, aimed at exploring new cybersecurity development realms in a digital epoch and finding better security vendors, products, services, and solutions. In the past...
Year: 2019
Analysis of File Disclosure by APT34
1 About APT34 APT34, exposed to the public view in 2014, mainly targets Middle Eastern countries and some international organizations. APT34 attacks a variety of sectors mainly in the Middle East, but not limited to finance, government, energy, chemical engineer, and telecommunications. (more…)
Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert
1 Vulnerability Overview On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker...
IoT Agenda: Can California legislation save the world from IoT security risks?
IoT Agenda - I am known for railing against IoT devices because I consider them the eventual destroyers of the internet as we know it. They are not secure, most people that use them do not realize they are not secure, and most vendors that make them have done little...
Cisco IOS XR 64-Bit Critical Vulnerability (CVE-2019-1710) Threat Alert
Overview Cisco has released a security advisory to announce the fix of a vulnerability (CVE-2019-1710) in Cisco IOS XR 64-bit Software running on Cisco ASR 9000 Series Aggregation Services Routers. This vulnerability is the result of incorrect isolation of the secondary management interface from internal sysadmin applications. An unauthenticated attacker...
