Education and Awareness:
- Wake Up Naples - Presentation
- CDS_Cybersec101.pdf - Cybersecurity 101 Overview
- Insider Secrets on How to Secure Your Network on a Budget
- Free Cybersecurity Assessment
- Sign up for our @cybersecdefense newsletter
- Interested in having CDS speak at your event? Please contact us here. We routinely do speaking engagements for clubs, chambers, companies, foundations, etc. and discuss current offensive and defensive Cybersecurity risks and tactics at a high, non-technical level for a broad audience appeal. If you have a specific speaking need around Cybersecurity, let us know and we can accommodate!
Below are some Cybersecurity Feeds to up-to-the-minute happenings in the security world. Enjoy!
- CVE-2017-17671 December 14, 2017vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP […]
- CVE-2017-17672 December 14, 2017In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
- CVE-2017-7738 December 13, 2017An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.
- CVE-2017-17669 December 13, 2017There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.
- CVE-2017-11305 December 13, 2017A regression affecting Adobe Flash Player version 184.108.40.206 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.
- CVE-2017-14380 December 13, 2017In EMC Isilon OneFS 220.127.116.11, 18.104.22.168 - 22.214.171.124, 126.96.36.199 - 188.8.131.52, 184.108.40.206 - 220.127.116.11, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation […]
- CVE-2017-17665 December 13, 2017In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
- CVE-2017-17664 December 13, 2017A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
- CVE-2017-15530 December 13, 2017Prior to 18.104.22.168, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any […]
- CVE-2017-15529 December 13, 2017Prior to 22.214.171.124, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.