Password managers are a useful way to keeping your internet accounts safe. But the software that runs them isn’t always perfect. According to new research, four popular password managers for Windows 10 can actually leak your login credentials to the PC’s memory. That’s bad news in the event your computer has been secretly taken over by malware; a hacker could potentially snatch up the sensitive data when the password...
Read More
Description: Adobe has released security updates to address a vulnerability in ColdFusion. These updates resolve a critical vulnerability that could lead to arbitrary code execution in the context of the running ColdFusion service. Adobe is aware of a report that CVE-2019-7816 has been exploited in the wild. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the...
Read More
Description: Cisco has released security updates to address vulnerabilities in multiple Cisco products. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a...
Read More
Description: OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q Impact: An attacker could exploit this vulnerability to obtain sensitive information. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.openssl.org/news/secadv/20190226.txt
Description: Drupal has released security updates to address a vulnerability in Drupal Core. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-003
GlobeImposter 2.0 র্যানসমওয়্যার কি : সাইবার সিকিউরিটি গবেষকগন ২০১৮ সালে প্রথম GlobeImposter র্যানসমওয়্যার এর উপস্থিতি লক্ষ করেন যা GlobeImposter 1.0 নামে পরিচিত। কিন্তু বর্তমানে এর একটি নতুন সংস্করণ GlobeImposter 2.0 র্যানসমওয়্যার প্রকাশিত হয়েছে এবং দ্রুত সারা বিশ্বে ছড়িয়ে পড়েছে। এই সাম্প্রতিক আক্রমণে, সংক্রামিত কম্পিউটার সিস্টেম এর বিভিন্ন ফাইলগুলি এনক্রিপ্ট হচ্ছে, যা পুনরুদ্ধারের জন্য হ্যাকাররা অর্থ দাবি করছে। GlobeImposter 2.0 ফাইল এনক্রিপ্ট করার জন্য RSA +...
Read More
Cisco addressed two DoS vulnerabilities in CISCO ESA products that can be exploited by remote unauthenticated attacker. Cisco fixed two denial-of-service (DoS) flaws in Email Security Appliance (ESA) products that can be exploited by a remote unauthenticated attacker. The first flaw tracked as CVE-2018-15453 has been rated as “critical,” it is a memory corruption bug caused by improper input validation in emails signed with Secure/Multipurpose Internet Mail Extensions (S/MIME)....
Read More
Input Validation 1. Conduct all data validation on a trusted system (e.g., The server) 2. Identify all data sources and classify them into trusted and untrusted. Validate all data from untrusted sources (e.g., Databases, file streams, etc.) 3. There should be a centralized input validation routine for the application 4. Specify proper character sets, such as UTF-8, for all sources of input 5. Encode data to a common character set before validating (Canonicalize) 6. All validation...
Read More
During the past week, an outbreak of Ryuk ransomware that impeded newspaper printing services in the United States has garnered a lot of attention. To determine who was behind the attack many have cited past research that compares code from Ryuk with the older ransomware Hermes to link the attack to North Korea. Determining attribution was largely based on the fact that the Hermes ransomware...
Read More
Description: Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.drupal.org/sa-core-2019-001 https://www.drupal.org/sa-core-2019-002
