Resources

Cybersecurity Resources:

Education and Awareness:

 

Speaking:

  • Interested in having CDS speak at your event? Please contact us here. We routinely do speaking engagements for clubs, chambers, companies, foundations, etc. and discuss current offensive and defensive Cybersecurity risks and tactics at a high, non-technical level for a broad audience appeal. If you have a specific speaking need around Cybersecurity, let us know and we can accommodate!

 

Below are some Cybersecurity Feeds to up-to-the-minute happenings in the security world. Enjoy!

RSS Latest Vulnerabilities

  • CVE-2018-14060 July 15, 2018
    OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
  • CVE-2018-14010 July 15, 2018
    OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.
  • CVE-2018-14056 July 15, 2018
    ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.
  • CVE-2018-14055 July 15, 2018
    ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
  • CVE-2018-10875 July 13, 2018
    A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
  • CVE-2013-0570 July 13, 2018
    The Fibre Channel over Ethernet (FCoE) feature in IBM System Networking and Blade Network Technology (BNT) switches running IBM Networking Operating System (aka NOS, formerly BLADE Operating System) floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow remote attackers to obtain sensitive information in opportunistic circumstances […]
  • CVE-2017-13097 July 13, 2018
    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying […]
  • CVE-2017-13093 July 13, 2018
    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext […]
  • CVE-2017-13092 July 13, 2018
    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery […]
  • CVE-2017-13096 July 13, 2018
    The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying […]