SOFTWARE: Sudo VENDOR LINK(s): https://www.sudo.ws/alerts/unescape_overflow.html CVEs: CVE-2021-3156 OFFICIAL CVSS: Unknown at this time, but presumed high TYPE: Privilege Escalation NOTES: Has existed in the software for 10 years and requires a local user account to run code to escalate to SUDO rights.
In a nice document by the NSA, the illustrate the positives and negatives of the new trend for browsers to have DNS encryption thru the browser. For those in the enterprise my take on it is simple: You are the boss. Manage the DNS in your enterprise. Configure desktops/laptops/clients to not use and even try […]
LINK I have only one comment here. Good for them…now fix your security holes.
LINK As one of the last acts of his Presidency, the US President has ordered a a complete security assessment of all drones from countries that are considered “foreign adversaries”.
Well the forums for OpenWRT were breached. I might even have credentials on those boards going back 5-10 years. Time to do the typical breach hygiene. Change passwords, Flush API keys etc…
SOFTWARE: DNSmasq SOFTWARE LINK(s): https://www.thekelleys.org.uk/dnsmasq/ CVEs: CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686 NOTES: Dnsmasq versions 2.78 to 2.82 were all found to be affected by the three flaws. Researchers are calling it DNSpooqI have a Raspberry Pi running the AD killing software called Pi-Hole – Its running DNSmasq. Simply put, there is a good chance this vulnerability […]
For those that don’t know, CISA publishes a list of vulnerabilities each week. In our chase for information and vulnerability information each week, I advise everyone to go thru the list top to bottom and look to see what is in your environment and take action as needed. Vulnerability Summary for the Week of January […]
Goto the Juniper Network vulnerability Listing to see if you have a product that needs to be updated LINK
Cisco has released a bunch of new vulnerabilities for numerous software products. LINK
There is a vulnerability in Microsoft Windows Defender product. Make sure to patch now. LINK CVE-2021-1647