Open source SIEM with Wazuh and elastic stack

“Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance” which when integrated with elastic stack enhances visualization and reporting. If you are looking for open source Siem solution and struggling with installation, feel free to use the guide  Wazuh with elastic stack Guide.  This guide has been prepared following official Wazuh installation documentation.

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the Microsoft security advisories for CVE-2020-17022 and CVE-2020-17023 and apply the necessary updates.

Juniper Network Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability

Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review Microsoft’s Security Advisory for more information, and apply the necessary updates or workaround.

Apache Releases Security Updates

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. Therefore, Bhutan Computer Incident Response Team recommends users and administrators to review the Apache Security Advisory for CVE-2020-13943 and upgrade to the appropriate version.