GIXnews

Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could …

Cisco Integrated Management Controller Cross-Site Request Forgery Vulnerability Read More »

Cisco Integrated Management Controller CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploit this vulnerability by authenticating with the administrator password via the CLI …

Cisco Integrated Management Controller CLI Command Injection Vulnerability Read More »

Cisco Integrated Management Controller Arbitrary File Write Vulnerability

A vulnerability in the configuration import utility of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attacker could exploit this vulnerability by crafting a malicious file and uploading …

Cisco Integrated Management Controller Arbitrary File Write Vulnerability Read More »

Cisco Enterprise Chat and Email Attachment Download Vulnerability

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could exploit this vulnerability by sending a crafted request to the API. …

Cisco Enterprise Chat and Email Attachment Download Vulnerability Read More »

Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability

A vulnerability in the GZIP decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validation of GZIP-formatted files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted …

Cisco Email Security Appliance GZIP Content Filter Bypass Vulnerability Read More »

Cisco DNA Center Authentication Bypass Vulnerability

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster …

Cisco DNA Center Authentication Bypass Vulnerability Read More »

Windows 10 Insider Build 18922 With an Updated Feedback Hub

Microsoft has released Windows 10 Insider Preview Build 18922 to Insiders in the Fast ring. This build includes various fixes as well as a redesigned Language settings screen and a “similar feedback” feature for the Windows 10 Feedback Hub. […] Source:: BleepingComputer

Gain the Trust of Your Business Customers With SOC 2 Compliance

In today’s business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which organisation A provides services to organization B, it’s imperative for the …

Gain the Trust of Your Business Customers With SOC 2 Compliance Read More »

Modular Plurox Malware Is a Wormable Backdoor Cryptominer

A new modular backdoor malware strain capable of mining cryptocurrencies and of spreading to other machines on the local network with the help of SMB and UPnP plugins has been detected by Kaspersky security researchers. […] Source:: BleepingComputer

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a …

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now Read More »

Validation vibes: How we’ve won the praise of customers and employees alike

The success of a company is often defined by two key factors: how your customers feel about you and how your employees feel about you. We’re excited to share that recently we’ve had some great validation by both! Customer validation We’re very honored to work with a variety of innovative companies that are breaking the …

Validation vibes: How we’ve won the praise of customers and employees alike Read More »

Google Pushes Confidential Android Security Update to Pixel User

Google has mistakenly sent out a confidential Google-only dogfood build of their upcoming July 2019 security update to a Pixel owner. These builds are meant to be used internally by Google employees and are not meant to be pushed out to normal users. […] Source:: BleepingComputer

Phishing Attack Exposes Data of 645,000 Oregon DHS Clients

The Department of Human Services (DHS) in Oregon today started notifying over half a million of its clients that their personal information was exposed to an unauthorized party in a data breach incident announced earlier this year. […] Source:: BleepingComputer