While fuzzing may sound like just another buzzword in the cybersec landscape, it has continued to gain popularity over the last several years and shows no signs of going away. Development teams know that unless their developers all just came down from Mount Olympus, there are likely to be security holes in their applications - and they need tools that can be used by anyone to simulate real attacks...

On June 30th 2020, F5 disclosed a Remote Code Execution (RCE) (CVE-2020-5902) vulnerability in their Traffic Management User Interface (TMUI), also referred to as the Configuration Utility. The directory traversal vulnerability can allow execution of system commands, as well as reading and writing of files and execution of arbitrary Java code. This vulnerability has a CVSSv3 base score of 9.8. ...

CVE-2020-2021 Palo Alto Networks PAN-OSA critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication.On June 29, 2020, Palo Alto issued a security advisory for PAN-OS versions with SAML authentication enabled and the 'Validate Identity Provider Certificate' option disabled ...

Ripple20As of June 16th 2020, a total of 19 vulnerabilities, collectively called Ripple20, were found within an embedded TCP/IP stack software library. This library, developed by Treck, Inc. was used in the manufacturing chain across all industries and could affect several hundred million devices. Four vulnerabilities are considered critical and are tracked against CVE-2020-11896, CVE-2020-11897,...

Published on June 29th, 2020Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.Vulnerable Systems: Ping Identity PingID SSH before 4.0.14CVE Information: CVE-2020-10654Disclosure Timeline: Published Date:5/13/2020...

Published on June 29th, 2020A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled.Credit: The information has been provided by Stefan Schimanski. The original article can be found at:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706Details: This flaw allows an attacker with access to a backup to obtain OAuth...

Corporate and personal decisions are an important part of our daily life; many times they are made from our previous knowledge and lessons learned from similar events. To make a truly educated decision, the most complete information available is needed to quantify risks and estimate the potential returns of our actions.Unfortunately we don’t always have the answers to life’s unexpected challenges,...

Learn about cyber security, why it's important, and how to get started building a cyber security program in this installment of our Data Protection 101 series.

Coronavirus (COVID-19) has brought about unprecedented times. Let us help you maintain business as (sort of) usual.

Saltstack Remote Code Execution (RCE) Vulnerability For those that have implemented SaltStack in your cloud environment, please be aware of several vulnerabilities (CVE-2020-11651/CVE-2020-11652) that together allow a RCE condition, which could allow an attacker to take over your Master Salt server and then laterally move to your Salt minions. Please consider patching with release 3000.2 or...

As part of your defense against an external cyberattack, you’re ready to tackle the enormous task of securing all the data sitting on your servers, desktops and external drives.If you’re like most organizations, you’ve got tons of it because no one throws anything away these days. And if you’re working at an enterprise, it’s an exponentially larger...