Stories this week about targeted attacks using 0days in iPhone and iPad devices and a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore what we all know: malicious attacks are becoming increasingly sophisticated. We give you some ideas how to stay safe. We also cover a recent plugin […]
More info:
https://www.wordfence.com/blog/2020/04/episode-74-staying-safe-when-hackers-use-sophisticated-attacks/
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS
by Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious Versions
More info:
https://moodle.org/mod/forum/discuss.php?d=398351&parent=1606855
by Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious Versions
More info:
https://moodle.org/mod/forum/discuss.php?d=398351&parent=1606855
Today we are releasing Password Policy Manager 2.2. The highlights of this update are the out of the box support for custom login pages and the plugin translations. We have also included a number of updates and fixed a number of issues in this update. These release notes highlight what is new, improved and fixed […]
More info:
https://www.wpwhitesecurity.com/ppmwp-2-2/
Today we are releasing Password Policy Manager 2.2. The highlights of this update are the out of the box support for custom login pages and the plugin translations. We have also included a number of updates and fixed a number of issues in this update. These release notes highlight what is new, improved and fixed […]
More info:
https://www.wpwhitesecurity.com/ppmwp-2-2/
BIG-IQ HA vulnerability CVE-2020-5869 Security Advisory Security Advisory Description BIG-IQ high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / ...
More info:
https://support.f5.com/csp/article/K28855111?utm_source=f5support&utm_medium=RSS
BIG-IQ HA vulnerability CVE-2020-5870 Security Advisory Security Advisory Description BIG-IQ high availability (HA) synchronization mechanisms do not use any form of authentication for connecting ...
More info:
https://support.f5.com/csp/article/K69422435?utm_source=f5support&utm_medium=RSS
BIG-IQ Grafana vulnerability CVE-2020-5868 Security Advisory Security Advisory Description A remote access vulnerability has been discovered that may allow a remote user to run shell commands on ...
More info:
https://support.f5.com/csp/article/K37130415?utm_source=f5support&utm_medium=RSS
