Protecting your Web-based System from Snoopers

Today the execution of every business and delivery of services are conducted over a computer network or the world wide web which begs the need for protection against dangerous actors that can compromise this effective mode of interaction between providers and consumers. These kinds of attacks are perpetrated by hijacking and then manipulating the information transacted over the network. One of the many methods to safeguard against attackers from intercepting data between two transacting parties can be achieved by encryption. Encryption can be implemented by using the SSL (secure socket layer) certificates that enables algorithms to turn plain text data […]

Content Security Policy

Content Security Policy (CSP) was developed to save online websites and applications from cross-site scripting (XSS) attacks. While the first version of CSP was only published in 2012, attempts to devise such a method can be traced back to 2004. CSP version 2 is the current version of the standard and is supported by both Chrome and Firefox, while Safari and edge only support version 1. It works when the web server sends a special header to the web browser identifying that the server implements a content security policy. It dictates from where the browser should load web components like […]

Google Releases Security Updates

Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. Therefore, BtCIRT recommends users and administrators to review the Mozilla Security Advisory for Google Chrome blog entry and apply the necessary updates.

Apache Releases Security Advisory for Apache Tomcat

Apache has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. Therefore, BtCIRT recommends users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version.

Cisco Releases security updates for multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, BtCIRT recommends users and administrators to review the  following advisories and apply the necessary updates: SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privesca DNA Center Authentication Bypass Vulnerability cisco-sa-20190619-dnac-bypass TelePresence Endpoint Command Shell Injection Vulnerability cisco-sa-20190619-tele-shell-inj StarOS Denial-of-Service Vulnerability cisco-sa-20190619-staros-asr-dos SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privilescal SD-WAN Solution Command Injection Vulnerability cisco-sa-20190619-sdwan-cmdinj RV110W, RV130W, and RV215W Routers Management Interface Denial-of-Service Vulnerability cisco-sa-20190619-rvrouters-dos Prime Service Catalog Cross-Site Request Forgery Vulnerability cisco-sa-20190619-psc-csrf Meeting Server CLI […]