Javier García

5 julio, 2022

MSA-22-0014: Failed login attempts counted incorrectly

di Michael Hawkins. An issue in the logic used to count failed login attempts could result in the account lockout threshold being bypassed.Severity/Risk:SeriousVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:Shamim RezaieCVE identifier:CVE-2022-30600Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736Tracker issue:MDL-73736 More info: https://moodle.org/mod/forum/discuss.php?d=434582&parent=1748726

5 julio, 2022

K29735525: Apache HTTPD vulnerability CVE-2022-29404

Apache HTTPD vulnerability CVE-2022-29404 Security Advisory Security Advisory Description In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) ... More info: https://support.f5.com/csp/article/K29735525?utm_source=f5support&utm_medium=RSS

5 julio, 2022

K69309752: Apache HTTPD vulnerability CVE-2022-30556

Apache HTTPD vulnerability CVE-2022-30556 Security Advisory Security Advisory Description Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point ... More info: https://support.f5.com/csp/article/K69309752?utm_source=f5support&utm_medium=RSS

1 julio, 2022

K13335141: Intel CPU vulnerability CVE-2022-21180

Intel CPU vulnerability CVE-2022-21180 Security Advisory Security Advisory Description Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a ... More info: https://support.f5.com/csp/article/K13335141?utm_source=f5support&utm_medium=RSS

1 julio, 2022

Lateral Movement in the Real World: A Quantitative Analysis

Computer networks have become larger, more complex, and highly dynamic. Similarly, the tactics, techniques, and procedures (TTPs) adopted by powerful adversaries often backed by nation-states have evolved, creating challenges for security administrator and SOC analysts, who must make sense of the flood of data and alerts produced by security tools. Since attacks have the inherent … ContinuedThe post Lateral Movement in the Real World: A Quantitative Analysis appeared first on VMware More info: https://blogs.vmware.com/security/2022/06/lateral-movement-in-the-real-world-a-quantitative-analysis.html?utm_source=rss&utm_medium=rss&utm_campaign=lateral-movement-in-the-real-world-a-quantitative-analysis

29 junio, 2022

The End-to-End Zero Trust Journey: How Did We Get Here?

Introducing the new VMware Zero Trust blog series This is the first in a series of blogs meant to demystify Zero Trust based on interactions with our customers, industries, and standards. With mounting hype behind zero trust, our customers come to us to fill in previously checked-off security boxes with new Zero Trust check marks. … ContinuedThe post The End-to-End Zero Trust Journey: How Did We Get Here? appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/06/the-end-to-end-zero-trust-journey-how-did-we-get-here.html?utm_source=rss&utm_medium=rss&utm_campaign=the-end-to-end-zero-trust-journey-how-did-we-get-here

29 junio, 2022

K01311313: Linux kernel vulnerability CVE-2021-3612

Linux kernel vulnerability CVE-2021-3612 Security Advisory Security Advisory Description An out-of-bounds memory write flaw was found in the Linux kernels joystick devices subsystem in versions ... More info: https://support.f5.com/csp/article/K01311313?utm_source=f5support&utm_medium=RSS

25 junio, 2022

How to Resolve Alert Fatigue for Security Teams

Our rapid developments in detection and remediation give security teams the information they need to solve security issues in real-time. On the flip side, this increases the potential for alert fatigue where teams are bombarded with threat notifications without the bandwidth to solve for every alert. This is especially harmful when these threats slow down … ContinuedThe post How to Resolve Alert Fatigue for Security Teams appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2022/06/how-to-resolve-alert-fatigue-for-security-teams.html?utm_source=rss&utm_medium=rss&utm_campaign=how-to-resolve-alert-fatigue-for-security-teams

25 junio, 2022

K15094237: MySQL vulnerabilities CVE-2022-21460, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21482

MySQL vulnerabilities CVE-2022-21460, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21482 Security Advisory Security Advisory Description CVE-2022-21460 Vulnerability in the MySQL ... More info: https://support.f5.com/csp/article/K15094237?utm_source=f5support&utm_medium=RSS

24 junio, 2022

K26314875: Apache vulnerability CVE-2022-26377

Apache vulnerability CVE-2022-26377 Security Advisory Security Advisory Description Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) vulnerability in mod_proxy_ajp of Apache ... More info: https://support.f5.com/csp/article/K26314875?utm_source=f5support&utm_medium=RSS