SecureBug allows you to evaluate your offensive and defensive skills, in addition, to let you exchange your ideas and methodologies with thousands of people in the security field.
Join Nordic's No.1 Crowdsourced Security Platform For Offensive & Defensive Security Strategies.

säkerhetsrådgivningen-security-sårbarheterna

Fortinet tog bort SSH-nycklar och databas back doors från FortiSIEM

Fortinet har släppt korrigeringar för att ta bort två backdoor-konton från FortiSIEM-apparater. Patcharna fixar de två sårbarheterna CVE-2019-17659 och CVE-2019-16153. SIEM står för Security Information and Event Management och är en typ av programvara som används av cybersäkerhetsteam. Nyligen upptäckte en säkerhetsspecialist från Cybera en hardcoded SSH-nyckel i Fortinets Security Information and Event Management FortiSIEM…

windows-rce-RD gateway

Researcher demoed RCE Exploit for Windows RD Gateway

InfoGuard AG penetration tester Luca Marcelli has demoed a working exploit for two recently discovered vulnerabilities in Windows Remote Desktop Gateway (RD Gateway). RD Gateway allows admins to allow connections coming from the Internet to access Remote Desktop servers on internal networks only after proper authentication. The exploit targets the CVE-2020-0609 and CVE-2020-0610 vulnerabilities found in the Remote Desktop Gateway…

microsoft-internet-explorer

Microsoft’s Internet Explorer zero-day workaround breaks printing

As reported earlier an unpatched zero-day vulnerability exists in Internet Explorer that is being exploited in targeted attacks. Microsoft still hasn’t released a patch for the vulnerability dubbed as CVE-2020-0674.  Although Microsoft suggested mitigation steps, there are a few problems that are left unsolved. Windows Media Player, Microsoft print to PDF, and local USB printers are all…

cisco webex

Sårbarhet i Cisco Webex utnyttjad för att få tillgång till privata möten

Cisco Systems har patchat en sårbarhet med hög svårighetsgrad i Webex-videokonferensplattformen, vilket kan tillåta obehöriga användare att gå med i lösenordsskyddade Webex-möten. Sårbarheten, kallad CVE-2020-3142, påverkade Cisco Webex Meetings Suite-webbplatser och Cisco Webex Meetings Online-webbplatser som släpps tidigare än 39.11.5 och 40.1.3. Sårbarheten har fått en CVSS-poäng på 7,5 av 10 och upptäcktes medan experterna…

cisco webex

Cisco Webex Vulnerability exploited to join private meetings

Cisco Systems has fixed a high-severity vulnerability in the Webex video conferencing platform, which could allow unauthorized users to join password-protected Webex meetings.  The vulnerability, dubbed as CVE-2020-3142, affected Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites, releases earlier than 39.11.5 and 40.1.3. It has received a CVSS score of 7.5 out…

cisco-Firepower Management Center

Cisco patches critical flaw in Firepower Management Center

A critical Cisco vulnerability exists in its administrative management tool for Cisco network security solutions. The flaw could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on a particular device. According to the company, the vulnerability exists in the web-based management interface of the Cisco Firepower Management Center…