Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 12∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Access bypassCVE IDs: CVE-2020-13667Description: The experimental Workspaces module allows you to create multiple workspaces on your site in which draft content can be edited before being published to the live workspace.The Workspaces module doesnt sufficiently check access permissions when switching workspaces, leading to an access
More info:
https://www.drupal.org/sa-core-2020-008
BIG-IP SSL/TLS CRL vulnerability CVE-2020-5913 Security Advisory Security Advisory Description The BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present.
More info:
https://support.f5.com/csp/article/K72752002?utm_source=f5support&utm_medium=RSS
Project: Drupal coreDate: 2020-September-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information disclosureCVE IDs: CVE-2020-13670Description: A vulnerability exists in the File module which allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file.Solution: Install the latest version:If you are using Drupal 8.8.x, upgrade to Drupal
More info:
https://www.drupal.org/sa-core-2020-011
While Extended Detection and Response (XDR) is seen as the next evolution of security incident detection, investigation and response, there still seems to be some confusion about what it is and what it’s not. We sat down with Evin Hernandez, Senior Technical Marketing Manager at VMware Carbon Black, to learn more about XDR — how The post Understanding XDR: Q&A with Evin Hernandez appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/09/understanding-xdr-conversation-with-evin-hernandez.html?utm_source=rss&utm_medium=rss&utm_campaign=understanding-xdr-conversation-with-evin-hernandez
Millions of attacks have been targeting the recent File Manager plugin zero-day vulnerability discovered last week. Two attackers are vying for control over sites compromised through the vulnerability. A security researcher has revealed that specially crafted Windows 10 themes can be used to perform Pass-the-Hash attacks. A database belonging to the Digital Point webmaster forum […]
More info:
https://www.wordfence.com/blog/2020/09/episode-86-war-of-the-hackers/
In the Feature Spotlight posts, we are going to highlight a feature in iThemes Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover Privilege Escalation, the most underutilized feature in iThemes Security Pro. Why We Developed […]
More info:
https://ithemes.com/ithemes-security-pro-feature-spotlight-privilege-escalation/
FreeType vulnerability CVE-2015-9381 Security Advisory Security Advisory Description FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. (CVE-2015-9381)
More info:
https://support.f5.com/csp/article/K34732584?utm_source=f5support&utm_medium=RSS
FreeType vulnerability CVE-2015-9381 Security Advisory Security Advisory Description FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. (CVE-2015-9381)
More info:
https://support.f5.com/csp/article/K34732584?utm_source=f5support&utm_medium=RSS
NTP vulnerabilities CVE-2020-13817 Security Advisory Security Advisory Description The ntpd in the network time protocol (NTP) before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers ...
More info:
https://support.f5.com/csp/article/K55376430?utm_source=f5support&utm_medium=RSS
NTP vulnerabilities CVE-2020-13817 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing ...
More info:
https://support.f5.com/csp/article/K55376430?utm_source=f5support&utm_medium=RSS
