IoT Agenda: Can California legislation save the world from IoT security risks?
maio 2, 2019
IoT Agenda – I am known for railing against IoT devices because I consider them the eventual destroyers of the internet as we know it. They are not secure, most people that use them do not realize they are not secure, and most vendors that make them have done little knowing they are not secure.
Cisco IOS XR 64-Bit Critical Vulnerability (CVE-2019-1710) Threat Alert
maio 2, 2019
Overview
Cisco has released a security advisory to announce the fix of a vulnerability (CVE-2019-1710) in Cisco IOS XR 64-bit Software running on Cisco ASR 9000 Series Aggregation Services Routers. This vulnerability is the result of incorrect isolation of the secondary management interface from internal sysadmin applications. An unauthenticated attacker could exploit this vulnerability to log in to an affected device remotely or cause a denial of service. (mais…)
A Look into RSA 2019: Finding a New Balance Between Efficiency and Security in Incident Response
maio 1, 2019
Incident Response Is Changing The enterprise security market has seen fast incorporation of more and more cloud, Internet of Things (IoT), and mobile devices into enterprise security environments, which traditionally abound with servers, workstations, and networking and security devices. In this context, enterprises are faced with decentralized services and products from a variety of service […]
Oracle April 2019 Critical Patch Update for All Product Families Threat Alert
abril 30, 2019
Overview
On April 16, 2019, local time, Oracle released its security advisory of the Critical Patch Update (CPU) for the second quarter. The CPU fixes 297 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (mais…)
Cisco Common Service Platform Collector Default Password Vulnerability (CVE-2019-1723) Threat Alert
abril 29, 2019
Overview
Cisco officially released a security advisory, announcing the fix of a vulnerability (CVE-2019-1723) existing in the Cisco Common Service Platform Collector (CSPC).
This vulnerability exists because the affected software has a default account with a fixed password. An attacker could exploit this vulnerability to remotely access an affected device by using this account. This account does not have administrative privileges. (mais…)
Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232) Threat Alert
abril 26, 2019
Overview
On April 10, local time, Apache Software Foundation officially released a security advisory, announcing the fix of a remote code execution vulnerability (CVE-2019-0232). The Java Runtime Environment (JRE), when running on a Windows system with enableCmdLineArguments enabled, passes command-line parameters to Windows in an incorrect manner. This leads to the CGI servlet susceptible to remote code execution attacks. By default, the CGI servlet is disabled. (mais…)
Siemens Multiple Products Vulnerabilities Threat Alert
abril 25, 2019
Overview
On April 9, local time, Siemens officially released a security advisory, announcing the fix of vulnerabilities of different risk levels in a spectrum of products such as SIMATIC WinCC Open Architecture (SIMATIC WinCC OA), Spectrum Power, and RUGGEDCOM RXO II. Of all these vulnerabilities, two have a CVSS v3.0 base score of 10. (mais…)
IP Reputation Report-04192019
abril 24, 2019
Top 10 countries in attack counts: The above diagram shows the top 10 regions with the most malicious IP addresses from the NSFOCUS IP Reputation databases at April 19, 2019. Top 10 countries in attack percentage: The country Suriname (SR) has been in the first place for three weeks. The Laos is still in […]
