GIXnews

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could …

Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability Read More »

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI …

Cisco Integrated Management Controller CLI Command Injection Vulnerability Read More »

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading …

Cisco Integrated Management Controller Arbitrary File Write Vulnerability Read More »

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. …

Cisco Enterprise Chat and Email Attachment Download Vulnerability Read More »

A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted …

Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability Read More »

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster …

Cisco DNA Center Authentication Bypass Vulnerability Read More »

Microsoft has released Windows 10 Insider Preview Build 18922 to Insiders in the Fast ring. This build includes various fixes as well as a redesigned Language settings screen and a “similar feedback” feature for the Windows 10 Feedback Hub. […] Source:: BleepingComputer

Every day, Macworld brings you the essential daily news and other info about all things Apple. But staying on top of that torrent of information can be a constant challenge. One solution: the Macworld digital magazine. In the July issue The July issue features 11 little-known iPhone features you should start using. We give our …

Macworld’s July Digital Magazine: Hidden iPhone Tips Read More »

A cryptomining dropper malware has been spotted by security researchers while gaining persistence on Linux hosts by adding cron jobs to reinfect the compromised machines after being removed. […] Source:: BleepingComputer

In today’s business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which organisation A provides services to organization B, it’s imperative for the …

Gain the Trust of Your Business Customers With SOC 2 Compliance Read More »

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, and AD Connector are now available in the AWS Europe (Stockholm) Region. Source:: Amazon AWS

Amazon MQ is now available in 14 regions, with the addition of the Asia Pacific (Mumbai) and EU (Paris) regions. Source:: Amazon AWS

You can now configure Amazon Neptune to publish audit logs to Amazon CloudWatch Logs. Source:: Amazon AWS

Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs. The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. “By clicking the icon, you’re now able to …

Google asks Chrome users for help in spotting deceptive sites Read More »

A new modular backdoor malware strain capable of mining cryptocurrencies and of spreading to other machines on the local network with the help of SMB and UPnP plugins has been detected by Kaspersky security researchers. […] Source:: BleepingComputer

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a …

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now Read More »

Amazon Elastic Kubernetes Service (EKS) now supports Kubernetes version 1.13.7 for all clusters. Additionally, you can use ECR PrivateLink and Kubernetes PodSecurityPolicies with your EKS clusters. Source:: Amazon AWS

The success of a company is often defined by two key factors: how your customers feel about you and how your employees feel about you. We’re excited to share that recently we’ve had some great validation by both! Customer validation We’re very honored to work with a variety of innovative companies that are breaking the …

Validation vibes: How we’ve won the praise of customers and employees alike Read More »

Google has mistakenly sent out a confidential Google-only dogfood build of their upcoming July 2019 security update to a Pixel owner. These builds are meant to be used internally by Google employees and are not meant to be pushed out to normal users. […] Source:: BleepingComputer

The Department of Human Services (DHS) in Oregon today started notifying over half a million of its clients that their personal information was exposed to an unauthorized party in a data breach incident announced earlier this year. […] Source:: BleepingComputer