π How to better defend your organization against remote access threats π
π Read
via "Security on TechRepublic".
With people working remotely due to the coronavirus, cybercriminals are trying to take advantage of such tools as VPNs and remote desktop services, says security firm Radware.π Read
via "Security on TechRepublic".
TechRepublic
How to better defend your organization against remote access threats
With people working remotely due to the coronavirus, cybercriminals are trying to take advantage of such tools as VPNs and remote desktop services, says security firm Radware.
π Data Protection Authorities Issue Guidance on Processing COVID-19 Data π
π Read
via "Subscriber Blog RSS Feed ".
Data protection authorities around the world are reiterating that in most scenarios, data protection laws do not stand in the way of the provision of healthcare and the management of public health issues.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Data Protection Authorities Issue Guidance on Processing COVID-19 Data
Data protection authorities around the world are reiterating that in most scenarios, data protection laws do not stand in the way of the provision of healthcare and the management of public health issues.
ATENTIONβΌ New - CVE-2019-12124
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12123
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12122
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12121
π Read
via "National Vulnerability Database".
An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12120
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
π COVID-19 brings new security challenges and new allies, says HackerOne CEO π
π Read
via "Security on TechRepublic".
Commentary: Even as phishing and other attacks rise in the wake of COVID-19, white-hat hackers are readying their defenses.π Read
via "Security on TechRepublic".
TechRepublic
COVID-19 brings new security challenges and new allies, says HackerOne CEO
Commentary: Even as phishing and other attacks rise in the wake of COVID-19, white-hat hackers are readying their defenses.
ATENTIONβΌ New - CVE-2019-12119
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12118
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12117
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12116
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12115
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12114
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12113
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12112
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.π Read
via "National Vulnerability Database".
π΄ TrickBot Module Takes Aim at Remote Desktops π΄
π Read
via "Dark Reading: ".
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.π Read
via "Dark Reading: ".
Darkreading
TrickBot Module Takes Aim at Remote Desktops
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.
π΄ Process Injection Tops Attacker Techniques for 2019 π΄
π Read
via "Dark Reading: ".
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.π Read
via "Dark Reading: ".
Darkreading
Process Injection Tops Attacker Techniques for 2019
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
β Azure Red Flag: Microsoft Accidentally Fixes Cloud Config βBugβ β
π Read
via "Threatpost".
Researchers detail a misconfiguration in Microsoftβs Azure cloud platform that could have given hackers carte blanche access to a targeted company's cloud services.π Read
via "Threatpost".
Threat Post
Azure Red Flag: Microsoft Accidentally Fixes Cloud Config βBugβ
Researchers detail a misconfiguration in Microsoftβs Azure cloud platform that could of given hackers carte blanche access to a targeted company's cloud services.
β WordPress, Apache Struts Attract the Most Bug Exploits β
π Read
via "Threatpost".
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.π Read
via "Threatpost".
Threat Post
WordPress, Apache Struts Attract the Most Bug Exploits
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.
π΄ Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month π΄
π Read
via "Dark Reading: ".
Blender maker is the latest victim of Magecart.π Read
via "Dark Reading: ".
Darkreading
Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month
Blender maker is the latest victim of Magecart.