🛡 Cybersecurity & Privacy 🛡 - News

2021-10-29 19:18:13 CVE-2021-41186

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).

Read

via "National Vulnerability Database". Open / Comment

2021-10-29 18:48:09 All Day DevOps 2021: Securing the software supply chain with ephemerality and the least-privilege principle

‘The new boundary for systems engineering is how ephemeral can you make any given process with a privilege’

Read

via "The Daily Swig". Open / Comment

2021-10-29 18:37:42 What Exactly Is Secure Access Service Edge (SASE)?

Any company that supports a hybrid workforce should at least be familiar with this relatively new security approach.

Read

via "Dark Reading". Open / Comment

2021-10-29 18:33:58 Google Chrome is Abused to Deliver Malware as ‘Legit’ Win 10 App

Malware delivered via a compromised website on Chrome browsers can bypass User Account Controls to infect systems and steal sensitive data, such as credentials and cryptocurrency.

Read

via "Threat Post". Open / Comment

2021-10-29 17:37:39 A Treehouse of Security Horrors

True-life horrors from conversations with software engineers and developers. D'oh!

Read

via "Dark Reading". Open / Comment

2021-10-29 17:18:13 CVE-2021-22038

On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This temporary location is not randomized and does not restrict access to Administrators only so a potential attacker could plant a binary to replace the copied binary right before it gets called, thus gaining Administrator privileges (if the original uninstaller was executed as Administrator). The vulnerability only affects Windows installers.

Read

via "National Vulnerability Database". Open / Comment

2021-10-29 17:18:11 CVE-2021-22037

Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the search path until a binary can be identified. This makes the installer/uninstaller vulnerable to Path Interception by Search Order Hijacking, potentially allowing an attacker to plant a malicious reg.exe command so it takes precedence over the system command. The vulnerability only affects Windows installers.

Read

via "National Vulnerability Database". Open / Comment

2021-10-29 17:18:10 CVE-2021-3662

Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS).

Read

via "National Vulnerability Database". Open / Comment

2021-10-28 22:36:01 Stop Zero-Day Ransomware Cold With AI

AI can help recognize ransomware attacks and stop them at computer speed.

Read

via "Dark Reading". Open / Comment

2021-10-28 22:36:00 US to Create Diplomatic Bureau to Lead Cybersecurity Policy

As part of its modernization initiative, the Department of State will increase its IT budget by 50% and add a new bureau to lead cybersecurity and digital policy.

Read

via "Dark Reading". Open / Comment