"phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php."
Update On MISP - Alex Dulaunoy @adulau @MITREattack
"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions."
MISP 2.4.119 has been released with many improvements in the API, a security fix for CVE-2019-19379 and various changes. New MISP expansion, import and export modules were introduced. #ThreatIntel #CTI #CyberSecurity
"D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value."
We have a new galaxy and object to express dark patterns in MISP. A good example of using MISP to model and share new threats targeting users.
Thanks to @gallypette (@circl_lu) and @b0rce (@uni_lu)
We have an ongoing MISP User Experience Survey together with the @uni_lu (@b0rce) - Don't hesitate to participate, it will help us to improve the UX experience of MISP. @circl_lu
I've just written an little howto for unpacking #Clop
If you are wondering why our
http://cve.circl.lu (@cve_search) is sometime a bit slow, we have a significant number of queries per second. We strongly recommend to install your own cve-search instance. Everything is open source and the full data dump is also available.pic.twitter.com/WmA4itAe5g
If you have your own and local cve-search server. It's faster and you are not leaking queries or searches about your findings to third-parties (even if it's CIRCL in this case ;-).
A great use case for our @hns_platform #CyberRange. It is always a pleasure to work with @circl_lu and @ceis_strat.
During the network traffic analysis workshop of a recent network telescope dataset, we saw that Mirai (and others) are more frequently scanning TCP port 26. Mirai variants are still actively relying on setting the ISN with the destination IP address (as seen in the graph below).pic.twitter.com/tpu8LSUoNw
"An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request."
"Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability."
RHSA-2019:3958: Critical: Red Hat Security Advisory: Red Hat Ansible Tower 3.6.1-1 - EL7 Container https://red.ht/35zag8M