🕴 The Wild, Wild West(world) of Cybersecurity 🕴
📖 Read
via "Dark Reading: ".
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.📖 Read
via "Dark Reading: ".
Dark Reading
The Wild, Wild West(world) of Cybersecurity
Though set in the future, HBO's Westworld works as an allegory for the present moment in cybersecurity.
ATENTION‼ New - CVE-2015-5684
📖 Read
via "National Vulnerability Database".
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.📖 Read
via "National Vulnerability Database".
🔐 Cybercriminals attack KEEN shoe drive for people affected by coronavirus pandemic 🔐
📖 Read
via "Security on TechRepublic".
KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots.📖 Read
via "Security on TechRepublic".
TechRepublic
Cybercriminals attack KEEN shoe drive for people affected by coronavirus pandemic
KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots.
🕴 Virgin Media Could Pay GB pound 4.5B for Leak Affecting 900,000 Customers 🕴
📖 Read
via "Dark Reading: ".
A misconfigured database holding personal data was left available online between April 2019 and February 2020.📖 Read
via "Dark Reading: ".
Dark Reading
Virgin Media Could Pay GB pound 4.5B for Leak Affecting 900,000 Customers
A misconfigured database holding personal data was left available online between April 2019 and February 2020.
🔐 How to listen to port traffic on a Linux server 🔐
📖 Read
via "Security on TechRepublic".
Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.📖 Read
via "Security on TechRepublic".
TechRepublic
How to listen to port traffic on a Linux server
Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.
🕴 Malicious USB Drive Hides Behind Gift Card Lure 🕴
📖 Read
via "Dark Reading: ".
Victims are being enticed to insert an unknown USB drive into their computers.📖 Read
via "Dark Reading: ".
Darkreading
Malicious USB Drive Hides Behind Gift Card Lure
Victims are being enticed to insert an unknown USB drive into their computers.
🔐 How to create a Kubernetes security policy 🔐
📖 Read
via "Security on TechRepublic".
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.📖 Read
via "Security on TechRepublic".
TechRepublic
How to create a Kubernetes security policy
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.
ATENTION‼ New - CVE-2020-10823
📖 Read
via "National Vulnerability Database".
A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10817
📖 Read
via "National Vulnerability Database".
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10791 (openitcockpit)
📖 Read
via "National Vulnerability Database".
app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10790 (openitcockpit)
📖 Read
via "National Vulnerability Database".
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10789 (openitcockpit)
📖 Read
via "National Vulnerability Database".
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10788
📖 Read
via "National Vulnerability Database".
openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10649
📖 Read
via "National Vulnerability Database".
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10607
📖 Read
via "National Vulnerability Database".
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10510
📖 Read
via "National Vulnerability Database".
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10509
📖 Read
via "National Vulnerability Database".
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10508
📖 Read
via "National Vulnerability Database".
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10245
📖 Read
via "National Vulnerability Database".
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-7630
📖 Read
via "National Vulnerability Database".
An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-7245
📖 Read
via "National Vulnerability Database".
An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.📖 Read
via "National Vulnerability Database".