- Implications of Solorigate’s circumspection. RBNZ cleans data sources. Gamarue in student laptops. Dodgy apps. Ransom DDoS surges. Securing the President’s Peloton.
- Chrome wants to make your passwords stronger
- Are TikTok’s new settings enough to keep kids safe?
- Standardize cybersecurity terms to get everyone correct service
- SolarWinds: Lessons learned for network management, monitoring
- Issue #6 - Volume XXIII - SANS Newsbites - January 22nd, 2021
- CVE-2020-2037 PAN-OS: OS command injection vulnerability in the management web interface (Severity: HIGH)
- CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload (Severity: MEDIUM)
- PAN-SA-2021-0001 Informational: Cortex XSOAR: Impact of Golang XML parsing vulnerabilities (Severity: NONE)
- CVE-2020-2036 PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface (Severity: HIGH)
- CVE-2021-3032 PAN-OS: Configuration secrets for log forwarding may be logged in system logs (Severity: MEDIUM)
- CVE-2020-1999 PAN-OS: Threat signatures are evaded by specifically crafted packets (Severity: MEDIUM)
- PAN-SA-2020-0011 Informational: Impact of OpenSSL vulnerability CVE-2020-1971 (Severity: NONE)
- Solorigate’s stealthy, careful operators. LuckyBoy malvertising. BEC as reconnaissance? Remote work and leaky sites. And good riddance to the Joker’s Stash.
- ThreatConnect and AlienLabs OTX: Give Your Investigations Community Support