ATENTION‼ New - CVE-2015-8534
📖 Read
via "National Vulnerability Database".
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-7336
📖 Read
via "National Vulnerability Database".
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-7335
📖 Read
via "National Vulnerability Database".
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-7334
📖 Read
via "National Vulnerability Database".
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2015-7333
📖 Read
via "National Vulnerability Database".
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 3/27 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
Cybercrime groups capitalize on pandemic anxiety, Norwegian Cruise Line suffers data breach, and more - catch up on all the week's news with the Friday Five.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five 3/27
Cybercrime groups capitalize on pandemic anxiety, Norwegian Cruise Line suffers data breach, and more - catch up on all the week's news with the Friday Five.
🕴 The Wild, Wild West(world) of Cybersecurity 🕴
📖 Read
via "Dark Reading: ".
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.📖 Read
via "Dark Reading: ".
Dark Reading
The Wild, Wild West(world) of Cybersecurity
Though set in the future, HBO's Westworld works as an allegory for the present moment in cybersecurity.
ATENTION‼ New - CVE-2015-5684
📖 Read
via "National Vulnerability Database".
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.📖 Read
via "National Vulnerability Database".
🔐 Cybercriminals attack KEEN shoe drive for people affected by coronavirus pandemic 🔐
📖 Read
via "Security on TechRepublic".
KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots.📖 Read
via "Security on TechRepublic".
TechRepublic
Cybercriminals attack KEEN shoe drive for people affected by coronavirus pandemic
KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots.
🕴 Virgin Media Could Pay GB pound 4.5B for Leak Affecting 900,000 Customers 🕴
📖 Read
via "Dark Reading: ".
A misconfigured database holding personal data was left available online between April 2019 and February 2020.📖 Read
via "Dark Reading: ".
Dark Reading
Virgin Media Could Pay GB pound 4.5B for Leak Affecting 900,000 Customers
A misconfigured database holding personal data was left available online between April 2019 and February 2020.
🔐 How to listen to port traffic on a Linux server 🔐
📖 Read
via "Security on TechRepublic".
Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.📖 Read
via "Security on TechRepublic".
TechRepublic
How to listen to port traffic on a Linux server
Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.
🕴 Malicious USB Drive Hides Behind Gift Card Lure 🕴
📖 Read
via "Dark Reading: ".
Victims are being enticed to insert an unknown USB drive into their computers.📖 Read
via "Dark Reading: ".
Darkreading
Malicious USB Drive Hides Behind Gift Card Lure
Victims are being enticed to insert an unknown USB drive into their computers.
🔐 How to create a Kubernetes security policy 🔐
📖 Read
via "Security on TechRepublic".
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.📖 Read
via "Security on TechRepublic".
TechRepublic
How to create a Kubernetes security policy
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.
ATENTION‼ New - CVE-2020-10823
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10817
📖 Read
via "National Vulnerability Database".
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10791 (openitcockpit)
📖 Read
via "National Vulnerability Database".
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10790 (openitcockpit)
📖 Read
via "National Vulnerability Database".
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10789 (openitcockpit)
📖 Read
via "National Vulnerability Database".
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10788
📖 Read
via "National Vulnerability Database".
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10649
📖 Read
via "National Vulnerability Database".
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10607
📖 Read
via "National Vulnerability Database".
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.📖 Read
via "National Vulnerability Database".