Day: 19 noviembre, 2020

BIG-IP virtual server TCP sequence numbers vulnerability CVE-2020-5947 Security Advisory Security Advisory Description On specific BIG-IP platforms, attackers may be able to obtain TCP sequence ... More info: https://support.f5.com/csp/article/K64571774?utm_source=f5support&utm_medium=RSS

Project: Drupal coreDate: 2020-November-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote code executionCVE IDs: CVE-2020-13671Description: Update November 18: Documented longer list of dangerous file extensionsDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting More info: https://www.drupal.org/sa-core-2020-012

Project: Drupal coreDate: 2020-November-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote code executionCVE IDs: CVE-2020-13671Description: Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.Solution: Install the latest version:If you are using Drupal More info: https://www.drupal.org/sa-core-2020-012

On November 17, 2020, our Threat Intelligence team noticed a large-scale wave of attacks against recently reported Function Injection vulnerabilities in themes using the Epsilon Framework, which we estimate are installed on over 150,000 sites. So far today, we have seen a surge of more than 7.5 million attacks against more than 1.5 million sites […] More info: https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/

The first release candidate for WordPress 5.6 is now available! This is an important milestone in the community’s progress toward the final release of WordPress 5.6. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.6 […] More info: https://wordpress.org/news/2020/11/wordpress-5-6-release-candidate/

The BIG-IP CFE logs sensitive Azure storage account credentials Security Advisory Security Advisory Description The BIG-IP Cloud Failover Extension (CFE) logs sensitive Azure storage account ... More info: https://support.f5.com/csp/article/K21125762?utm_source=f5support&utm_medium=RSS

We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation, we came across this example of a PHP script that attackers use for many different purposes. What makes the sample interesting is that alongside this […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/3BdrOT07ohg/evasive-maneuvers-in-data-stealing-gateways.html

Overview The Domain Name System (DNS) is often referred to as the “phonebook of the Internet.” It is responsible for translating human readable domain names–such as mozilla.org–into IP addresses, which … Read moreThe post Measuring Middlebox Interference with DNS Records appeared first on Mozilla Security Blog. More info: https://blog.mozilla.org/security/2020/11/17/measuring-middlebox-interference-with-dns-records/