MG Strategy+ - Foundation LogoSEC

MG Strategy+

Cybersecurity Data Services

Join Now-Sign Up
Log In

SEC

Editor Paper Extracts
Editor Picks Articles
Editor Picks Maps
Editor Picks Reports
MGS+ EPCM Workgroup
MGS+ ICS Workgroup
MGS+ Operational Efficiencies Workgroup
MGS+ Partners
Uncategorized

001 MGS Alerts Advisories

Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 88 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.Chrome 88.0.4324.96 ... read more
FBI warns against vishing attacks targeting enterprises
... read more
Combine ML with human intelligence for your security strategy
... read more
83.408
Newly Added (1)Android/Agent.HBM!trModified (7)Adware/Ewind!AndroidAdware/Hiddad!AndroidAdware/MobiDash!AndroidAdware/SpyPhone!AndroidAndroid/Agent.XK!trAndroid/Hiddad.ACN!trAndroid/SmForw.FF!tr ]]> ... read more
MISP 2.4.136 Galaxy Cluster Element index.ctp cross site scripting
A vulnerability was found in MISP 2.4.136. It has been declared as problematic. Affected by this vulnerability is an unknown code of the file app/View/GalaxyElements/ajax/index.ctp of the component Galaxy Cluster ... read more
Mautic up to 3.2.3 Javascript File cross site scripting
A vulnerability was found in Mautic up to 3.2.3. It has been rated as problematic. This issue affects an unknown part of the component Javascript File Handler. Upgrading to version ... read more
Pixelimity 1.0 admin/setting.php Password cross-site request forgery
A vulnerability, which was classified as problematic, has been found in Pixelimity 1.0. This issue affects an unknown code of the file admin/setting.php. There is no information about possible countermeasures ... read more
fastify-csrf Package up to 3.0.0.0 query cookie without ‘httponly’ flag
A vulnerability was found in fastify-csrf Package up to 3.0.0.0. It has been declared as critical. This vulnerability affects some unknown functionality. Upgrading to version 3.0.0.1 eliminates this vulnerability. Applying ... read more
IBM Planning Analytics 2.0 TLS Communication certificate validation
A vulnerability, which was classified as problematic, was found in IBM Planning Analytics 2.0. This affects an unknown function of the component TLS Communication Handler. Upgrading eliminates this vulnerability. ... read more
IBM Planning Analytics 2.0 unknown vulnerability [CVE-2020-4873]
A vulnerability, which was classified as critical, has been found in IBM Planning Analytics 2.0. Affected by this issue is some unknown processing. Upgrading eliminates this vulnerability. ... read more
jointjs Package up to 3.2.x unsetByPath denial of service
A vulnerability has been found in jointjs Package up to 3.2.x and classified as problematic. Affected by this vulnerability is the function unsetByPath. Upgrading to version 3.3.0 eliminates this vulnerability. ... read more
jointjs Package up to 3.2.x util.setByPath code injection
A vulnerability was found in jointjs Package up to 3.2.x and classified as critical. Affected by this issue is the function util.setByPath. Upgrading to version 3.3.0 eliminates this vulnerability. Applying ... read more
Files.com Fat Client 3.3.6 improper authentication [CVE-2021-3183]
A vulnerability classified as critical was found in Files.com Fat Client 3.3.6. This vulnerability affects an unknown function. There is no information about possible countermeasures known. It may be suggested ... read more
D-Link DCS-5220 buffer overflow [CVE-2021-3182]
A vulnerability classified as critical has been found in D-Link DCS-5220 (the affected version unknown). This affects some unknown processing. The problem might be mitigated by replacing the product with ... read more
Mutt up to 2.0.4 Email Message rfc822.c memory allocation
A vulnerability was found in Mutt up to 2.0.4 (Mail Client Software). It has been rated as problematic. Affected by this issue is an unknown code block of the file ... read more
MISP 2.4.136 Galaxy Cluster View view.ctp cross site scripting
A vulnerability was found in MISP 2.4.136. It has been classified as problematic. Affected is an unknown part of the file app/View/GalaxyClusters/view.ctp of the component Galaxy Cluster View. Applying a ... read more
socket.io Packet up to 2.3.x CORS unknown vulnerability [CVE-2020-28481]
A vulnerability was found in socket.io Packet up to 2.3.x. It has been classified as critical. This affects an unknown functionality of the component CORS Handler. Upgrading to version 2.4.0 ... read more
MISP 2.4.136 Password weak password
A vulnerability was found in MISP 2.4.136 and classified as critical. This issue affects some unknown functionality of the component Password Handler. Applying a patch is able to eliminate this ... read more
Micro Focus Application Lifecycle Management up to 12.60 Patch 5/15.0.1 Patch 2/15.5 xml external entity reference
A vulnerability has been found in Micro Focus Application Lifecycle Management up to 12.60 Patch 5/15.0.1 Patch 2/15.5 and classified as critical. This vulnerability affects an unknown functionality. There is ... read more
Zoho ManageEngine Applications Manager sql injection [CVE-2020-27733]
A vulnerability, which was classified as critical, was found in Zoho ManageEngine Applications Manager (Log Management Software) (version unknown). Affected is an unknown code block. Upgrading eliminates this vulnerability. ... read more
MISP 2.4.136 global_menu.ctp cross site scripting
A vulnerability, which was classified as problematic, has been found in MISP 2.4.136. This issue affects an unknown functionality of the file app/View/Elements/global_menu.ctp. There is no information about possible countermeasures ... read more
IBM Planning Analytics 2.0 information disclosure [CVE-2020-4871]
A vulnerability classified as problematic was found in IBM Planning Analytics 2.0. Affected by this vulnerability is an unknown code block. ... read more
Mautic up to 3.2.3 Social Monitoring cross site scripting
A vulnerability classified as problematic has been found in Mautic up to 3.2.3. Affected is an unknown code of the component Social Monitoring. Upgrading to version 3.2.4 eliminates this vulnerability. ... read more
Microsoft Taking Additional Steps to Address Zerologon Flaw
Company Will Enforce Domain Controller Settings to Block ConnectionsMicrosoft is alerting customers that starting Feb. 9, it will enforce domain controller settings within Active Directory to block connections that could ... read more
OpenWRT Project Community Investigating Data Breach
Open Source Development Project Asking Members to Reset PasswordsOpenWRT, an open source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data ... read more
Microchip Libraries for Applications 2018-11-26 PKCS information disclosure
Una vulnerabilità di livello problematico è stata rilevata in Microchip Libraries for Applications 2018-11-26. Interessato da questa vulnerabilità è una funzione sconosciuta del componente PKCS Handler. Informazioni riguardo una possibile ... read more
CMS 0.12.7 edit.php cross site request forgery
È stata rilevata una vulnerabilità di livello problematico in CMS 0.12.7 (Content Management System). Da questa vulnerabilità è interessato una funzione sconosciuta del file anchor/views/users/edit.php. Informazioni riguardo una possibile contromisura ... read more
jointjs Package fino 3.2.x unsetByPath denial of service
Un punto critico di livello problematico è stato rilevato in jointjs Package fino 3.2.x. Interessato da questa vulnerabilità è la funzione unsetByPath. L'aggiornamento alla versione 3.3.0 elimina questa vulnerabilità. L'aggiornamento ... read more
Zoho ManageEngine Applications Manager sql injection [CVE-2020-27733]
Una vulnerabilità di livello critico è stata rilevata in Zoho ManageEngine Applications Manager (Log Management Software). Riguarda una funzione sconosciuta. L'aggiornamento elimina questa vulnerabilità. ... read more
Pixelimity 1.0 admin/setting.php Password cross site request forgery
In Pixelimity 1.0 stata rilevata una vulnerabilità di livello problematico. É interessato una funzione sconosciuta del file admin/setting.php. Informazioni riguardo una possibile contromisura non sono al momento disponibili. Si suggerisce ... read more
83.407
Modified (7)Adware/Generic_PUA_HJ!AndroidAdware/HiddenAd!AndroidAdware/MobiDash!AndroidAndroid/Agen.I!trAndroid/Agent.HAX!trAndroid/Boogr.GSH!trRiskware/Agent!Android ]]> ... read more
Google Chrome 88 released with no Flash, bringing an end to an era
Besides removing Flash, Google has also removed support for FTP links (ftp://) as well. ... read more
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this campaign ... read more
IVR Fraud: ‘A Fraudsters’ Playground’
Pindrop's Mark Horne on How to Shift from Call-Centric to Account-Centric DefenseFraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' ... read more
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, ... read more
The State of State Machines
Posted by Natalie Silvanovich, Project ZeroOn January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect ... read more
VU#434904: Dnsmasq is vulnerable to memory corruption and cache poisoning
Overview Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker ... read more
CVE-2021-21612 (tracetronic_ecu-test)
Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the ... read more
CVE-2021-23123 (joomla!)
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules. ... read more
CVE-2021-21013 (bridge)
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current ... read more
CVE-2021-21011 (captivate)
Adobe Captivate 2019 version 11.5.1.499 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the ... read more
CVE-2021-21012 (bridge)
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current ... read more
CVE-2021-21008 (animate)
Adobe Animate version 21.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of ... read more
CVE-2021-21007 (illustrator)
Adobe Illustrator version 25.0 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of ... read more
CVE-2021-21006 (photoshop)
Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation ... read more
CVE-2020-9139 (emui, magic_ui)
There is a improper input validation vulnerability in some Huawei Smartphone.Successful exploit of this vulnerability can cause memory access errors and denial of service. ... read more
CVE-2021-23124 (joomla!)
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks. ... read more
CVE-2020-9138 (emui, magic_ui)
There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating. ... read more
83.406
Modified (7)Adware/Ewind!AndroidAdware/Hiddad!AndroidAdware/Kuguo!AndroidAdware/Loead!AndroidAdware/MobiDash!AndroidAndroid/Boogr.GSH!trAndroid/Zniu.C!tr ]]> ... read more
83.405
Newly Added (1)Android/Agent.HBK!trModified (13)Adware/Android_Dowgin!AndroidAdware/FoneSpy!AndroidAdware/HiddenAd!AndroidAdware/Kuguo!AndroidAdware/Masplot!AndroidAdware/MobiDash!AndroidAndroid/Boogr.GSH!trAndroid/Hiddad.APT!trAndroid/Hiddad.BL!trAndroid/Hiddad.SJ!trAndroid/Hqwar.DR!trAndroid/SmsSpy.LA!tr.spyAndroid/Triada.AJ!tr ]]> ... read more

MG Strategy+ Industrial Control Systems Group @2019

KAVI MGS iSTRACIN Platform v 02.25 Tuesday, January 19, 2021

Disclaimer |
Terms |
Privacy
About-Services |
Blog-Reports
YouTube
Pinterest
LinkedIn
Twitter
LinkedIn
Twitter
Connect-Contact

Login

Login to integratus systems Exchange Platform Services

Forgot password?

Hello

Your Account Type is
Your Mail Id is
Your Username is

PDF Library Search

Security Briefing Search

Foundation Logo Search

Reset Password

Reset Password

You have no permission to access this content