A vulnerability found in Jira Server and Data Center allows attackers to remotely execute code on systems

A vulnerability found in Jira Server and Data Center allows attackers to remotely execute code on systems

| | SBN News, Security News
Yesterday, the Atlassian Support released the Jira security advisory affecting Jira Server and Jira Data Center. This advisory reveals a critical severity security vulnerability, labeled as CVE-2019-11581, which was introduced in version 4.4.0 of Jira Server and Jira Data Center. How can one exploit this vulnerability? For this issue to ... Read More
GE’s 2 models of hospital anesthesia machines found with vulnerabilities, says it won’t harm unless connected to a hospital network

GE’s 2 models of hospital anesthesia machines found with vulnerabilities, says it won’t harm unless connected to a hospital network

| | SBN News, Security News
As per the reports from ZDNet, security researchers from CyberMDX, a healthcare cybersecurity firm found vulnerabilities in two models of hospital anesthesia machines manufactured by General Electric (GE). The two vulnerable devices are GE Aestiva and GE Aespire, models 7100 and 7900 and according to the researchers, the vulnerabilities reside ... Read More
An IoT worm Silex, developed by a 14 year old resulted in malware attack and taking down 2000 devices

An IoT worm Silex, developed by a 14 year old resulted in malware attack and taking down 2000 devices

This week, an IoT worm called Silex that targets a Unix-like system took down around 2,000 devices, ZDNet reports. This malware attacks by attempting a login with default credentials and after gaining access. Larry Cashdollar, an Akamai researcher, the first one to spot the malware, told ZDNet in a statement, ... Read More
A vulnerability discovered in Kubernetes kubectl cp command can allow malicious directory traversal attack on a targeted system

A vulnerability discovered in Kubernetes kubectl cp command can allow malicious directory traversal attack on a targeted system

Last week, the Kubernetes team announced that a security issue (CVE-2019-11246) was discovered with Kubernetes kubectl cp command. According to the team this issue could lead to a directory traversal in such a way that a malicious container could replace or create files on a user’s workstation. This vulnerability impacts ... Read More

Google Calendar was down for nearly three hours after a major outage

Yesterday, Google Calendar was down for nearly three hours around the world. Calendar users that were trying to access the service faced a 404 error message through their browsers from around 10 AM ET to 12:40 PM ET. Google updated the service details stating, “We’re investigating reports of an issue ... Read More

Untangle releases zSeries appliances and NG Firewall v14.2 for enhanced Network Security Framework

Yesterday, Untangle, a company that provides network security for SMBs (Small and Midsize Businesses) and distributed enterprises announced the release of its zSeries appliances. The zSeries appliances will provide better performance and functionality at a lower price for SMBs as well as distributed enterprises with cloud-managed next-generation firewalls. The zSeries ... Read More
Google researchers present Zanzibar, a global authorization system, it scales trillions of access control lists and millions of authorization requests per second

Google researchers present Zanzibar, a global authorization system, it scales trillions of access control lists and millions of authorization requests per second

Google researchers presented a paper on Google’s consistent global authorization system known as Zanzibar. The paper focuses on the design, implementation, and deployment of Zanzibar for storing and evaluating access control lists (ACL). Zanzibar offers a uniform data model and configuration language for providing a wide range of access control ... Read More

Apple showcases privacy innovations at WWDC 2019: Sign in with Apple, AdGuard Pro, new App Store guidelines and more

Apple is getting pretty serious about user privacy. Last month, Apple had proposed a “privacy-focused” ad click attribution model to count conversions without tracking users. And just yesterday, Apple announced a host of security and privacy-related features at its ongoing Worldwide Developers Conference (WWDC) 2019. Users seem to be excited ... Read More

Core security features of Elastic Stack are now free!

Today, the team at Elastic announced that the core security features of the Elastic Stack are now free. They also announced about releasing Elastic Stack versions 6.8.0 and 7.1.0 and the alpha release of Elastic Cloud on Kubernetestoday. With the free core security features, users can now define roles that ... Read More

Microsoft releases security updates: a “wormable” threat similar to WannaCry ransomware discovered

Microsoft has taken steps to release security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003. The company took this move as a part of its May 14 Patch Tuesday, due to the discovery of a “wormable” flaw that could be a major threat similar ... Read More