LINK to a NSA PDF doc I suggest everyone who is not read up on this, read this document. The Zero Trust Security Model as written is a set of principles that should be applied to access/assets/services/processes/etc. A good document to live by.
LINK to Threatpost Take a look if you have intersite policy manager software or what looks any other Cisco switch/device. Assume you need to fix it now.
LINK As usual, Mozilla foundation releases some needed updates. Goto the CISA link above for them all.
LINK VMware has released some high profile updates. Get on it.
LINK The MDBR service, powered by systems maintained by CIS and Akamai, automatically blocks domains associated with cyber threats including ransomware, malware, and phishing after the organizations switch their DNS provider to Akamai’s DNS server.
Time to dig into your patching process! Links Microsoft Apple Adobe
LINK What a great place to investigate upstream opensource vulnerabilities LINK to OSV Website.
LINK Ziggy Ransomware has called it quits and released a tool to create all the decryption keys.
SOFTWARE/COMPANY:Fortinet SOFTWARE LINK(s):https://www.fortiguard.com/psirt/FG-IR-20-229ehttps://www.fortiguard.com/psirt/FG-IR-20-232https://www.fortiguard.com/psirt/FG-IR-20-125https://www.fortiguard.com/psirt/FG-IR-20-177https://www.fortiguard.com/psirt/FG-IR-20-123https://www.fortiguard.com/psirt/FG-IR-20-126https://www.fortiguard.com/psirt/FG-IR-20-124 NEWS LINK(s):https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-vulnerabilities-in-ssl-vpn-and-web-firewall/ CVEs:CVE-2018-13383 – DoS, RCE – FortiProxy SSL VPNCVE-2018-13381 – DoS – FortiProxy SSL VPNCVE-2020-29015 – SQL Injection – FortiWebCVE-2020-29016 – RCE – FortiWeb 6.3.5CVE-2020-29017 – RCE – FortiDeceptorCVE-2020-29018 – RCE – FortiWebCVE-2020-29019 – DoS – FortiWeb NOTES:Two of these vulnerabilitiesw had dates for their publishing back to 2019, the rest […]
SOFTWARE:Realtek SOFTWARE LINK(s):no link from software vendor at this time NEWS Link(s):https://securityaffairs.co/wordpress/114280/security/realtek-rtl8195a-flaws.html CVEs:VD-1406 (CVE-2020-9395) – Stack-based buffer overflow vulnerabilityVD-1407 (CVE-2020-25853) – Read out of bounds vulnerabilityVD-1408 (CVE-2020-25854) – Stack-based buffer overflow vulnerability;VD-1409 (CVE-2020-25855) – Stack-based buffer overflow vulnerabilityVD-1410 (CVE-2020-25856) – Stack-based buffer overflow vulnerabilityVD-1411 (CVE-2020-25857) – Stack-based buffer overflow vulnerability NOTES:RTL8195A Wi-Fi module looks to […]