JSA11218 – 2021-10 Security Bulletin: Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update (CVE-2021-31353)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11218&actp=RSS
JSA11217 – 2021-10 Security Bulletin: SRC Series: NETCONF over SSH allows negotiation of weak ciphers (CVE-2021-31352)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11217&actp=RSS
JSA11216 – 2021-10 Security Bulletin: Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset (CVE-2021-31351)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11216&actp=RSS
Apache HTTPD vulnerability CVE-2021-34798
Apache HTTPD vulnerability CVE-2021-34798 Security Advisory Security Advisory Description Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP ...
More info:
https://support.f5.com/csp/article/K72382141?utm_source=f5support&utm_medium=RSS
MSA-21-0034: Authentication bypass risk when using external database authentication
by Michael Hawkins. An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.Severity/Risk:SeriousVersions affected:3.11 to 3.11.2, 3.10 to 3.10.6, 3.9 to 3.9.9 and earlier unsupported versionsVersions fixed:3.11.3, 3.10.7 and 3.9.10Reported by:Amit EyalCVE identifier:CVE-2021-40693Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71160Tracker issue:MDL-71160
More info:
https://moodle.org/mod/forum/discuss.php?d=427105&parent=1719327
JSA11211 – 2021-10 Security Bulletin: Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication (CVE-2021-0297)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11211&actp=RSS
JSA11212 – 2021-10 Security Bulletin: Junos OS Evolved: PTX10003, PTX10008: picd core while executing the "show chassis pic" command under certain conditions (CVE-2021-0298)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11212&actp=RSS
JSA11210 – 2021-10 Security Bulletin: CTPView: HSTS not being enforced on CTPView server. (CVE-2021-0296)
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11210&actp=RSS
Cybersecurity Awareness Month: Building Resilient Teams
A longer version of this blog originally appeared on VMware News & Stories VMware is proud to be a 2021 Champion for Cybersecurity Awareness Month, a collaborative effort among the public and private sector to increase resiliency and raise awareness about cybersecurity. The initiative is co-led by the National Cyber Security Alliance and the Cybersecurity The post Cybersecurity Awareness Month: Building Resilient Teams appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2021/10/cybersecurity-awareness-month-building-resilient-teams.html?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-awareness-month-building-resilient-teams
Moving Left of the Ransomware Boom
To foster better collaboration and cyber ground truth, VMware and Accenture’s Cyber Defense group teamed up to deliver relevant security research. Our goal is to expose criminals’ tactics, techniques, and procedures (TTPs) and thereby help security teams better focus their prevention, detection and response programs. Ransomware isn’t new—in fact, it’s over 30 years old. Attacks The post Moving Left of the Ransomware Boom appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2021/10/moving-left-of-the-ransomware-boom.html?utm_source=rss&utm_medium=rss&utm_campaign=moving-left-of-the-ransomware-boom