ATENTIONβΌ New - CVE-2016-11024 (odata4j)
π Read
via "National Vulnerability Database".
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-11023 (odata4j)
π Read
via "National Vulnerability Database".
odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.π Read
via "National Vulnerability Database".
π Cyberattacks rank as the biggest data protection concern facing SMBs π
π Read
via "Security on TechRepublic".
World Backup Day is March 31, and while cyberattacks are a potential threat to their data, many SMBs say they don't have a data backup or disaster recovery process, according to data protection company Infrascale.π Read
via "Security on TechRepublic".
TechRepublic
Cyberattacks rank as the biggest data protection concern facing SMBs
World Backup Day is March 31, and while cyberattacks are a potential threat to their data, many SMBs say they don't have a data backup or disaster recovery process, according to data protection company Infrascale.
π Coronavirus-themed spam surged 14,000% in two weeks says IBM π
π Read
via "Security on TechRepublic".
Since February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group.π Read
via "Security on TechRepublic".
β 5 tips for keeping your data safe this World Backup Day β
π Read
via "Naked Security".
The only backup you will ever regret... is the one you didn't makeπ Read
via "Naked Security".
Naked Security
5 tips for keeping your data safe this World Backup Day
The only backup you will ever regretβ¦ is the one you didnβt make
ATENTIONβΌ New - CVE-2019-9508
π Read
via "National Vulnerability Database".
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-9507
π Read
via "National Vulnerability Database".
The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19913
π Read
via "National Vulnerability Database".
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19912
π Read
via "National Vulnerability Database".
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19606
π Read
via "National Vulnerability Database".
X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19605
π Read
via "National Vulnerability Database".
X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution.π Read
via "National Vulnerability Database".
β βInstant bank fraudβ warning spread on WhatsApp is a hoax β
π Read
via "Naked Security".
No, we don't know why people start hoaxes like this. You can do your bit by not forwarding them, not even "just in case".π Read
via "Naked Security".
Naked Security
βInstant bank fraudβ warning spread on WhatsApp is a hoax
No, we donβt know why people start hoaxes like this. You can do your bit by not forwarding them, not even βjust in caseβ.
β Covid-19 Poll Results: One in Four Prioritize Health Over Privacy β
π Read
via "Threatpost".
An informal Threatpost reader poll shows the majority of site visitors are privacy absolutists. But attitudes shift when the trade off is saving lives.π Read
via "Threatpost".
Threat Post
Covid-19 Poll Results: One in Four Prioritize Health Over Privacy
An informal Threatpost reader poll shows the majority of site visitors are privacy absolutists. But attitudes shift when the trade off is saving lives.
β Researchers speed the death of βbadβ data in the race against good β
π Read
via "Naked Security".
They have a way to inject 'good' data - i.e., accurate COVID-19 news or security patches - to outpace the spread of fake news or malware.π Read
via "Naked Security".
Naked Security
Researchers speed the death of βbadβ data in the race against good
They have a way to inject βgoodβ data β i.e., accurate COVID-19 news or security patches β to outpace the spread of fake news or malware.
β Data on almost every citizen of Georgia posted on hacker forum β
π Read
via "Naked Security".
Where did it all come from? 4.9m records were posted on a hacking forum - and the country only has an estimated population of 3.7m.π Read
via "Naked Security".
Naked Security
Data on almost every citizen of Georgia posted on hacker forum
Where did it all come from? 4.9m records were posted on a hacking forum β and the country only has an estimated population of 3.7m.
π΄ Limited-Time Free Offers to Secure the Enterprise Amid COVID-19 π΄
π Read
via "Dark Reading: ".
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.π Read
via "Dark Reading: ".
Dark Reading
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
π΄ How Much Downtime Can Your Company Handle? π΄
π Read
via "Dark Reading: ".
Why every business needs cyber resilience and quick recovery times.π Read
via "Dark Reading: ".
β Dharma ransomware source code on sale for $2,000 β
π Read
via "Naked Security".
The source code for ransomware-as-a-service strain Dharma has been put up for sale by hackers.π Read
via "Naked Security".
Naked Security
Dharma ransomware source code on sale for $2,000
The source code for ransomware-as-a-service strain Dharma has been put up for sale by hackers.
β Patch now! Critical flaw found in OpenWrt router software β
π Read
via "Naked Security".
OpenWrt is an open source operating system used by millions of home and small business routers and embedded devices.π Read
via "Naked Security".
Naked Security
Patch now! Critical flaw found in OpenWrt router software
OpenWrt is an open source operating system used by millions of home and small business routers and embedded devices.
π OpenSSL Toolkit 1.1.1f π
π Go!
via "Security Tool Files β Packet Storm".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
OpenSSL Toolkit 1.1.1f β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Does the 2020 Online Census Account for Security Risk? π΄
π Read
via "Dark Reading: ".
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.π Read
via "Dark Reading: ".
Dark Reading
Does the 2020 Online Census Account for Security Risk?
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.