Education and Awareness:
- Wake Up Naples - Presentation
- CDS_Cybersec101.pdf - Cybersecurity 101 Overview
- Insider Secrets on How to Secure Your Network on a Budget
- Free Cybersecurity Assessment
- Sign up for our @cybersecdefense newsletter
- Interested in having CDS speak at your event? Please contact us here. We routinely do speaking engagements for clubs, chambers, companies, foundations, etc. and discuss current offensive and defensive Cybersecurity risks and tactics at a high, non-technical level for a broad audience appeal. If you have a specific speaking need around Cybersecurity, let us know and we can accommodate!
Below are some Cybersecurity Feeds to up-to-the-minute happenings in the security world. Enjoy!
- CVE-2018-10469 April 27, 2018b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name parameter to the /upload URI.
- CVE-2018-10237 April 26, 2018Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks […]
- CVE-2018-3844 April 26, 2018In Hyland Perceptive Document Filters 126.96.36.19947 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.
- CVE-2018-3851 April 26, 2018In Hyland Perceptive Document Filters 188.8.131.5247 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 184.108.40.20647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution.
- CVE-2018-3855 April 26, 2018In Hyland Perceptive Document Filters 220.127.116.1147 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
- CVE-2018-3845 April 26, 2018In Hyland Perceptive Document Filters 18.104.22.16847 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
- CVE-2018-7527 April 26, 2018A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
- CVE-2017-17543 April 26, 2018Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
- CVE-2017-14010 April 26, 2018In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 22.214.171.124 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code […]
- CVE-2016-9602 April 26, 2018Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.