MG Strategy+

Cybersecurity Data Services

 
  • Join Now-Sign Up
  • Log In

MGS+ Industrial Security Intelligence Data Platform 2019 – MGS+ Channel List Jan 2019

MGS+ Industrial Security Intelligence Data Platform 2019 – MGS+ Work Flow Content Map

  • Editor Paper Extracts
  • Editor Picks Articles
  • Editor Picks Maps
  • Editor Picks Reports
  • MGS+ EPCM Workgroup
  • MGS+ ICS Workgroup
  • MGS+ Operational Efficiencies Workgroup
  • MGS+ Partners
  • Uncategorized

001 MGS Alerts Advisories

  • Oracle Critical Patch Update Advisory – January 2021
    ... read more
  • [Control Systems] Siemens Security Advisory
    ... read more
  • SolarWinds supply chain attack explained: Need-to-know info
    ... read more
  • Malwarebytes said it was hacked by the same group who breached SolarWinds
    Malwarebytes becomes fourth major security firm targeted by attackers after Microsoft, FireEye, and CrowdStrike. ... read more
  • Stable Channel Update for Desktop
     The Chrome team is delighted to announce the promotion of Chrome 88 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.Chrome 88.0.4324.96 ... read more
  • Combine ML with human intelligence for your security strategy
    ... read more
  • FBI warns against vishing attacks targeting enterprises
    ... read more
  • 83.408
    Newly Added (1)Android/Agent.HBM!trModified (7)Adware/Ewind!AndroidAdware/Hiddad!AndroidAdware/MobiDash!AndroidAdware/SpyPhone!AndroidAndroid/Agent.XK!trAndroid/Hiddad.ACN!trAndroid/SmForw.FF!tr ]]> ... read more
  • jointjs Package up to 3.2.x util.setByPath code injection
    A vulnerability was found in jointjs Package up to 3.2.x and classified as critical. Affected by this issue is the function util.setByPath. Upgrading to version 3.3.0 eliminates this vulnerability. Applying ... read more
  • Files.com Fat Client 3.3.6 improper authentication [CVE-2021-3183]
    A vulnerability classified as critical was found in Files.com Fat Client 3.3.6. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested ... read more
  • D-Link DCS-5220 buffer overflow [CVE-2021-3182]
    A vulnerability classified as critical has been found in D-Link DCS-5220 (the affected version unknown). This affects some unknown processing. The problem might be mitigated by replacing the product with ... read more
  • Mutt up to 2.0.4 Email Message rfc822.c memory allocation
    A vulnerability was found in Mutt up to 2.0.4 (Mail Client Software). It has been rated as problematic. Affected by this issue is an unknown code block of the file ... read more
  • MISP 2.4.136 Galaxy Cluster View view.ctp cross site scripting
    A vulnerability was found in MISP 2.4.136. It has been classified as problematic. Affected is an unknown part of the file app/View/GalaxyClusters/view.ctp of the component Galaxy Cluster View. Applying a ... read more
  • socket.io Packet up to 2.3.x CORS unknown vulnerability [CVE-2020-28481]
    A vulnerability was found in socket.io Packet up to 2.3.x. It has been classified as critical. This affects an unknown functionality of the component CORS Handler. Upgrading to version 2.4.0 ... read more
  • MISP 2.4.136 Password weak password
    A vulnerability was found in MISP 2.4.136 and classified as critical. This issue affects some unknown functionality of the component Password Handler. Applying a patch is able to eliminate this ... read more
  • Micro Focus Application Lifecycle Management up to 12.60 Patch 5/15.0.1 Patch 2/15.5 xml external entity reference
    A vulnerability has been found in Micro Focus Application Lifecycle Management up to 12.60 Patch 5/15.0.1 Patch 2/15.5 and classified as critical. This vulnerability affects an unknown functionality. There is ... read more
  • Zoho ManageEngine Applications Manager sql injection [CVE-2020-27733]
    A vulnerability, which was classified as critical, was found in Zoho ManageEngine Applications Manager (Log Management Software) (version unknown). Affected is an unknown code block. Upgrading eliminates this vulnerability. ... read more
  • MISP 2.4.136 global_menu.ctp cross site scripting
    A vulnerability, which was classified as problematic, has been found in MISP 2.4.136. This issue affects an unknown functionality of the file app/View/Elements/global_menu.ctp. There is no information about possible countermeasures ... read more
  • IBM Planning Analytics 2.0 information disclosure [CVE-2020-4871]
    A vulnerability classified as problematic was found in IBM Planning Analytics 2.0. Affected by this vulnerability is an unknown code block. ... read more
  • Mautic up to 3.2.3 Social Monitoring cross site scripting
    A vulnerability classified as problematic has been found in Mautic up to 3.2.3. Affected is an unknown code of the component Social Monitoring. Upgrading to version 3.2.4 eliminates this vulnerability. ... read more
  • MISP 2.4.136 Galaxy Cluster Element index.ctp cross site scripting
    A vulnerability was found in MISP 2.4.136. It has been declared as problematic. Affected by this vulnerability is an unknown code of the file app/View/GalaxyElements/ajax/index.ctp of the component Galaxy Cluster ... read more
  • Mautic up to 3.2.3 Javascript File cross site scripting
    A vulnerability was found in Mautic up to 3.2.3. It has been rated as problematic. This issue affects an unknown part of the component Javascript File Handler. Upgrading to version ... read more
  • Pixelimity 1.0 admin/setting.php Password cross-site request forgery
    A vulnerability, which was classified as problematic, has been found in Pixelimity 1.0. This issue affects an unknown code of the file admin/setting.php. There is no information about possible countermeasures ... read more
  • fastify-csrf Package up to 3.0.0.0 query cookie without ‘httponly’ flag
    A vulnerability was found in fastify-csrf Package up to 3.0.0.0. It has been declared as critical. This vulnerability affects some unknown functionality. Upgrading to version 3.0.0.1 eliminates this vulnerability. Applying ... read more
  • IBM Planning Analytics 2.0 TLS Communication certificate validation
    A vulnerability, which was classified as problematic, was found in IBM Planning Analytics 2.0. This affects an unknown function of the component TLS Communication Handler. Upgrading eliminates this vulnerability. ... read more
  • IBM Planning Analytics 2.0 unknown vulnerability [CVE-2020-4873]
    A vulnerability, which was classified as critical, has been found in IBM Planning Analytics 2.0. Affected by this issue is some unknown processing. Upgrading eliminates this vulnerability. ... read more
  • jointjs Package up to 3.2.x unsetByPath denial of service
    A vulnerability has been found in jointjs Package up to 3.2.x and classified as problematic. Affected by this vulnerability is the function unsetByPath. Upgrading to version 3.3.0 eliminates this vulnerability. ... read more
  • Microsoft Taking Additional Steps to Address Zerologon Flaw
    Company Will Enforce Domain Controller Settings to Block ConnectionsMicrosoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could ... read more
  • OpenWRT Project Community Investigating Data Breach
    Open Source Development Project Asking Members to Reset PasswordsOpenWRT, an open source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data ... read more
  • Microchip Libraries for Applications 2018-11-26 PKCS information disclosure
    Una vulnerabilità di livello problematico è stata rilevata in Microchip Libraries for Applications 2018-11-26. Interessato da questa vulnerabilità è una funzione sconosciuta del componente PKCS Handler. Informazioni riguardo una possibile ... read more
  • CMS 0.12.7 edit.php cross site request forgery
    È stata rilevata una vulnerabilità di livello problematico in CMS 0.12.7 (Content Management System). Da questa vulnerabilità è interessato una funzione sconosciuta del file anchor/views/users/edit.php. Informazioni riguardo una possibile contromisura ... read more
  • jointjs Package fino 3.2.x unsetByPath denial of service
    Un punto critico di livello problematico è stato rilevato in jointjs Package fino 3.2.x. Interessato da questa vulnerabilità è la funzione unsetByPath. L'aggiornamento alla versione 3.3.0 elimina questa vulnerabilità. L'aggiornamento ... read more
  • Zoho ManageEngine Applications Manager sql injection [CVE-2020-27733]
    Una vulnerabilità di livello critico è stata rilevata in Zoho ManageEngine Applications Manager (Log Management Software). Riguarda una funzione sconosciuta. L'aggiornamento elimina questa vulnerabilità. ... read more
  • Pixelimity 1.0 admin/setting.php Password cross site request forgery
    In Pixelimity 1.0 stata rilevata una vulnerabilità di livello problematico. É interessato una funzione sconosciuta del file admin/setting.php. Informazioni riguardo una possibile contromisura non sono al momento disponibili. Si suggerisce ... read more
  • 83.407
    Modified (7)Adware/Generic_PUA_HJ!AndroidAdware/HiddenAd!AndroidAdware/MobiDash!AndroidAndroid/Agen.I!trAndroid/Agent.HAX!trAndroid/Boogr.GSH!trRiskware/Agent!Android ]]> ... read more
  • Google Chrome 88 released with no Flash, bringing an end to an era
    Besides removing Flash, Google has also removed support for FTP links (ftp://) as well. ... read more
  • Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
    In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this campaign ... read more
  • IVR Fraud: ‘A Fraudsters’ Playground’
    Pindrop's Mark Horne on How to Shift from Call-Centric to Account-Centric DefenseFraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' ... read more
  • Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
    A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, ... read more
  • The State of State Machines
    Posted by Natalie Silvanovich, Project ZeroOn January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect ... read more
  • VU#434904: Dnsmasq is vulnerable to memory corruption and cache poisoning
    Overview Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker ... read more
  • CVE-2021-23123 (joomla!)
    An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules. ... read more
  • CVE-2021-21013 (bridge)
    Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current ... read more
  • CVE-2021-21011 (captivate)
    Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the ... read more
  • CVE-2021-21012 (bridge)
    Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current ... read more
  • CVE-2021-21008 (animate)
    Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of ... read more
  • CVE-2021-21007 (illustrator)
    Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of ... read more
  • CVE-2021-21006 (photoshop)
    Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation ... read more
  • CVE-2020-9139 (emui, magic_ui)
    There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service. ... read more
  • CVE-2021-23124 (joomla!)
    An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks. ... read more
Older posts

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Tuesday, January 19, 2021

  • Disclaimer |
  • Terms |
  • Privacy
  • About-Services |
  • Blog-Reports
  • YouTube
  • Pinterest
  • LinkedIn
  • Twitter
  • LinkedIn
  • Twitter
  • Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?
Register Now

Hello

  • Your Account Type is
  • Your Mail Id is
  • Your Username is

PDF Library Search

Security Briefing Search

MGS+ Security Intelligence Data Platform Search

Reset Password

Reset Password

You have no permission to access this content