Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Therefore, BtCIRT recommends users and administrators to review the following advisories and apply the necessary updates: Web Security Appliance HTTPS Certificate Denial-of-Service Vulnerability cisco-sa-20190703-wsa-dos Small Business Series Switches Memory Corruption Vulnerability cisco-sa-20190703-sbss-memcorrup Small Business Series Switches HTTP Denial-of-Service Vulnerability cisco-sa-20190703-sbss-dos Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability cisco-sa-20190703-nfvis-file-readwrite Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability cisco-sa-20190703-n9kaci-bypass Jabber for Windows DLL Preloading Vulnerability cisco-sa-20190703-jabber-dll Unified […]
Today the execution of every business and delivery of services are conducted over a computer network or the world wide web which begs the need for protection against dangerous actors that can compromise this effective mode of interaction between providers and consumers. These kinds of attacks are perpetrated by hijacking and then manipulating the information transacted over the network. One of the many methods to safeguard against attackers from intercepting data between two transacting parties can be achieved by encryption. Encryption can be implemented by using the SSL (secure socket layer) certificates that enables algorithms to turn plain text data […]
Content Security Policy (CSP) was developed to save online websites and applications from cross-site scripting (XSS) attacks. While the first version of CSP was only published in 2012, attempts to devise such a method can be traced back to 2004. CSP version 2 is the current version of the standard and is supported by both Chrome and Firefox, while Safari and edge only support version 1. It works when the web server sends a special header to the web browser identifying that the server implements a content security policy. It dictates from where the browser should load web components like […]
Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. Therefore, BtCIRT recommends users and administrators to review the Mozilla Security Advisory for Google Chrome blog entry and apply the necessary updates.
Apache has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. Therefore, BtCIRT recommends users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version.