Mail Server Over SSL/TLS 1010010 - Exim Remote Code Execution Vulnerability (CVE-2019-16928)
Remote Desktop Protocol Server 1009343* - Identified Too Many SSL Alert Messages In SSLv3 Over RDP (ATT&CK T1032)
SSL Client 1006561* - Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response (ATT&CK T1032)
Suspicious Client Application Activity 1008946* - Heuristic Detection Of Suspicious Digital Certificate (ATT&CK T1032) 1005283* - Identified Potentially Malicious RAT Traffic - I (ATT&CK T1094) 1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1094) 1005300* - Identified Potentially Malicious RAT Traffic - IV (ATT&CK T1094) 1005473* - Identified Potentially Malicious RAT Traffic - V (ATT&CK T1094) 1008756* - Identified Potentially Malicious RAT Traffic - VII (ATT&CK T1094) 1007197* - TMTR-0005: GHOST RAT TCP Connection Detected (ATT&CK T1094) 1007200* - TMTR-0010: FAKEM RAT TCP Connection (ATT&CK T1094) 1007207* - TMTR-0014: NJRAT TCP Connection (ATT&CK T1094)
Web Client Common 1010000 - Adobe Acrobat And Reader Out-of-Bounds Read Vulnerability (CVE-2019-7110) 1000943* - Detect UPX Packed Executable Download (ATT&CK T1045) 1010021 - Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2019-1361) 1010009 - Microsoft Windows Elevation of Privilege Vulnerability (CVE-2019-1364) 1009981* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1252) 1010015 - Microsoft XML Remote Code Execution Vulnerability (CVE-2019-1060)
Web Client Internet Explorer/Edge 1009787* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1024) 1009788* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1051) 1009792* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1052) 1010018 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1307) 1010019 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1308) 1010008 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1335) 1010020 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1366) 1010016 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-1238) 1010017 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-1239)
Web Server Common 1005434* - Disallow Upload Of A PHP File (ATT&CK T1105) 1003025* - Web Server Restrict Executable File Uploads (ATT&CK T1105)
Web Server Miscellaneous 1005604* - Apache Struts Multiple Remote Command Execution Vulnerability
Web Server Oracle 1009816* - Oracle Weblogic Server Remote Code Execution Vulnerability (CVE-2019-2729)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.
The evolution of smart homes and smart buildings into complex IoT environments reflects the continuing developments in home and industrial automation. Security should not be left behind as increased complexity also means new threats and risks.
We looked into MQTT brokers and CoAP servers around the world to assess IoT protocol security. Learn how to prevent risks and secure machine-to-machine (M2M) communications over MQTT and CoAP in our research.