๐ด Walgreens' Mobile App Exposes Customers' Info ๐ด
๐ Read
via "Dark Reading: ".
An error in the app allowed some secure chat users to see medical information that wasn't theirs.๐ Read
via "Dark Reading: ".
Darkreading
Walgreens' Mobile App Exposes Customers' Info
An error in the app allowed some secure chat users to see medical information that wasn't theirs.
ATENTIONโผ New - CVE-2018-19658
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-19599
๐ Read
via "National Vulnerability Database".
Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-19284
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-18479
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-17572
๐ Read
via "National Vulnerability Database".
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-16357
๐ Read
via "National Vulnerability Database".
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-16356
๐ Read
via "National Vulnerability Database".
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-15820
๐ Read
via "National Vulnerability Database".
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-15819
๐ Read
via "National Vulnerability Database".
EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.๐ Read
via "National Vulnerability Database".
๐ Phishing: Leading targets, breaking myths, and educating users ๐
๐ Read
via "Security on TechRepublic".
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.๐ Read
via "Security on TechRepublic".
TechRepublic
Phishing: Leading targets, breaking myths, and educating users
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.
โ Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver โ
๐ Read
via "Threatpost".
Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code execution and other malicious attacks.๐ Read
via "Threatpost".
Threat Post
Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver
Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code execution and other malicious attacks.
โ NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs โ
๐ Read
via "Threatpost".
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.๐ Read
via "Threatpost".
Threat Post
NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.
๐ Phishing: Leading targets, breaking myths, and educating users ๐
๐ Read
via "Security on TechRepublic".
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.๐ Read
via "Security on TechRepublic".
TechRepublic
Phishing: Leading targets, breaking myths, and educating users
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.
๐ด How Security Leads at Starbucks and Microsoft Prepare for Breaches ๐ด
๐ Read
via "Dark Reading: ".
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.๐ Read
via "Dark Reading: ".
Darkreading
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
๐ด Why Threat Intelligence Gathering Can Be a Legal Minefield ๐ด
๐ Read
via "Dark Reading: ".
In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.๐ Read
via "Dark Reading: ".
Dark Reading
Why Threat Intelligence Gathering Can Be a Legal Minefield
In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.
ATENTIONโผ New - CVE-2018-5951
๐ Read
via "National Vulnerability Database".
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-20347
๐ Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-20343
๐ Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacker could craft a special map file to execute arbitrary code when the map file is loaded.๐ Read
via "National Vulnerability Database".
ATENTIONโผ New - CVE-2018-19798
๐ Read
via "National Vulnerability Database".
Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this.๐ Read
via "National Vulnerability Database".