ATENTION‼ New - CVE-2018-19599
📖 Read
via "National Vulnerability Database".
Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-19284
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-18479
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-17572
📖 Read
via "National Vulnerability Database".
InfluxDB 0.9.5 has Reflected XSS in the Write Data module.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-16357
📖 Read
via "National Vulnerability Database".
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-16356
📖 Read
via "National Vulnerability Database".
An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-15820
📖 Read
via "National Vulnerability Database".
EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-15819
📖 Read
via "National Vulnerability Database".
EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.📖 Read
via "National Vulnerability Database".
🔐 Phishing: Leading targets, breaking myths, and educating users 🔐
📖 Read
via "Security on TechRepublic".
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.📖 Read
via "Security on TechRepublic".
TechRepublic
Phishing: Leading targets, breaking myths, and educating users
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.
❌ Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver ❌
📖 Read
via "Threatpost".
Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code execution and other malicious attacks.📖 Read
via "Threatpost".
Threat Post
Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver
Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code execution and other malicious attacks.
❌ NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs ❌
📖 Read
via "Threatpost".
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.📖 Read
via "Threatpost".
Threat Post
NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.
🔐 Phishing: Leading targets, breaking myths, and educating users 🔐
📖 Read
via "Security on TechRepublic".
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.📖 Read
via "Security on TechRepublic".
TechRepublic
Phishing: Leading targets, breaking myths, and educating users
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.
🕴 How Security Leads at Starbucks and Microsoft Prepare for Breaches 🕴
📖 Read
via "Dark Reading: ".
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.📖 Read
via "Dark Reading: ".
Darkreading
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
🕴 Why Threat Intelligence Gathering Can Be a Legal Minefield 🕴
📖 Read
via "Dark Reading: ".
In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.📖 Read
via "Dark Reading: ".
Dark Reading
Why Threat Intelligence Gathering Can Be a Legal Minefield
In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.
ATENTION‼ New - CVE-2018-5951
📖 Read
via "National Vulnerability Database".
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-20347
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-20343
📖 Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacker could craft a special map file to execute arbitrary code when the map file is loaded.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-19798
📖 Read
via "National Vulnerability Database".
Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this.📖 Read
via "National Vulnerability Database".
🔐 CrowdStrike's 2020 Threat Report: Spammers finetune email thread hijacking 🔐
📖 Read
via "Security on TechRepublic".
Existing controls are often not configured properly or deployed widely, allowing bad actors to steal data.📖 Read
via "Security on TechRepublic".
TechRepublic
CrowdStrike's 2020 Threat Report: Spammers fine-tune email thread hijacking
Existing controls are often not configured properly or deployed widely, allowing bad actors to steal data.
⚠ XSS plugin vulnerabilities plague WordPress users ⚠
📖 Read
via "Naked Security".
Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site.📖 Read
via "Naked Security".
Naked Security
XSS plugin vulnerabilities plague WordPress users
Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site.
⚠ Nvidia patches severe flaws affecting GeForce, Quadro NVS and Tesla ⚠
📖 Read
via "Naked Security".
In all, the update covers five Windows and Linux desktop CVE vulnerabilities, including one rated as critical.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News