DoS Archives - Page 2 of 2 - Cyber Security Minute

BIND Vulnerabilities Expose DNS Servers to Remote Attacks

Issued by: Security Week

Three new security advisories have been published, including two that cover high-severity vulnerabilities that can be exploited remotely. The advisories describing the vulnerabilities were made public on April 28, but some organizations were privately notified in advance. The most serious of the flaws — based on its CVSS score of 8.1 — is CVE-2021-25216, a…

Vulnerabilities

Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks

Issued by: Security Week

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren’t sufficiently…

Vulnerabilities

OpenSSL 1.1.1k Patches Two High-Severity Vulnerabilities

Issued by: Security Week

The first security hole, tracked as CVE-2021-3450, has been described as a “problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag.” The flaw was discovered by researchers at Akamai. “Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an…

Malware & Threats

Here’s How Security Flaws in GE Relays Could Be Exploited in Real World Attacks

Issued by: Security Week

Grid Solutions is a GE Renewable Energy business that provides electricity management solutions for the energy sector, including oil and gas, as well as industry and infrastructure organizations. Advisories published this week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and GE Grid Solutions (account required) inform customers that more than a dozen UR…

Network Security

High Severity Flaw Patched in OpenSSL 1.1.0

Issued by: Security Week

A high severity denial-of-service (DoS) vulnerability was patched on Thursday in OpenSSL with the release of version 1.1.0e. The flaw, tracked as CVE-2017-3733, has been described as an “Encrypt-Then-Mac renegotiation crash.” The security hole, reported by Joe Orton of Red Hat on January 31, does not affect OpenSSL 1.0.2.

Application Security, Vulnerabilities

Cisco Patches 9 Flaws in Email Security Appliance

Issued by: Security Week

The most serious, rated “high severity,” are three DoS flaws in the AsyncOS software for Cisco ESA. The security holes, tracked as CVE-2016-6356, CVE-2016-1486 and CVE-2016-1481, allow a remote, unauthenticated attacker to cause a DoS condition on affected devices using specially crafted emails and malicious attachments. CVE-2016-1481 and CVE-2016-6356 affect AsyncOS versions 8.0 and prior,…