ATENTIONβΌ New - CVE-2019-19002
π Read
via "National Vulnerability Database".
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19001
π Read
via "National Vulnerability Database".
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19000
π Read
via "National Vulnerability Database".
For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.π Read
via "National Vulnerability Database".
π SQLMAP - Automatic SQL Injection Tool 1.4.4 π
π Go!
via "Security Tool Files β Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Watch out for the new wave of COVID-19 scams, warns IRS β
π Read
via "Naked Security".
If somebody promises to get your economic impact payment fast, back away: it's just one flavor of COVID-19 scam the tax agency is seeing.π Read
via "Naked Security".
Naked Security
Watch out for the new wave of COVID-19 scams, warns IRS
If somebody promises to get your economic impact payment fast, back away: itβs just one flavor of COVID-19 scam the tax agency is seeing.
π Windows 10 security: How the shadow stack will help to keep the hackers at bay π
π Read
via "Security on TechRepublic".
How Windows will use Intel's Control-flow Enforcement Technology to block whole classes of common attacks, now it's finally reaching the market.π Read
via "Security on TechRepublic".
TechRepublic
Windows 10 security: How the shadow stack will help to keep the hackers at bay
How Windows will use Intel's Control-flow Enforcement Technology to block whole classes of common attacks, now it's finally reaching the market.
ATENTIONβΌ New - CVE-2019-18904
π Read
via "National Vulnerability Database".
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.π Read
via "National Vulnerability Database".
β βZombieβ Windows win32k bug reanimated by researcher β
π Read
via "Naked Security".
Dozens of bugs in a core Windows API could enable attackers to elevate their privileges in the operating system.π Read
via "Naked Security".
Naked Security
βZombieβ Windows win32k bug reanimated by researcher
Dozens of bugs in a core Windows API could enable attackers to elevate their privileges in the operating system.
ATENTIONβΌ New - CVE-2018-17954
π Read
via "National Vulnerability Database".
A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18905
π Read
via "National Vulnerability Database".
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.π Read
via "National Vulnerability Database".
β Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer β
π Read
via "Threatpost".
The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.π Read
via "Threatpost".
Threat Post
Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer
The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.
π΄ Reminder: The Black Hat USA 2020 Call for Papers Ends Monday π΄
π Read
via "Dark Reading: ".
Now is the time to pitch your great idea for a groundbreaking information security Briefing at Black Hat USA in August. But hurry because submissions close April 6!π Read
via "Dark Reading: ".
Dark Reading
Reminder: The Black Hat USA 2020 Call for Papers Ends Monday
Now is the time to pitch your great idea for a groundbreaking information security Briefing at Black Hat USA in August. But hurry because submissions close April 6!
π΄ Want to Improve Cloud Security? It Starts with Logging π΄
π Read
via "Dark Reading: ".
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.π Read
via "Dark Reading: ".
Dark Reading
Want to Improve Cloud Security? It Starts with Logging
Remedying the garbage in, garbage out problem requires an understanding of what is causing the problem in the first place.
π΄ This is Not Your Father's Ransomware π΄
π Read
via "Dark Reading: ".
Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.π Read
via "Dark Reading: ".
Dark Reading
This Is Not Your Father's Ransomware
Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.
π΄ FBI Warns Education & Remote Work Platforms About Cyberattacks π΄
π Read
via "Dark Reading: ".
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.π Read
via "Dark Reading: ".
Dark Reading
FBI Warns Education & Remote Work Platforms About Cyberattacks
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
β 5 things you can do today to make Zooming safer β
π Read
via "Naked Security".
5 things you can do to make your Zooming safer, more private and more secure...π Read
via "Naked Security".
Naked Security
5 things you can do today to make Zooming safer
5 things you can do to make your Zooming safer, more private and more secureβ¦
π Friday Five: 4/3 π
π Read
via "Subscriber Blog RSS Feed ".
Ryuk Ransomware continues to target hospitals, personal information of five million hotel guests gets breached, and Italy's social security website gets hacked - catch up on the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 4/3
Ryuk ransomware continues to target hospitals, the personal information of five million hotel guests gets breached, and Italy's social security website gets hacked - catch up on the week's news with the Friday Five.
ATENTIONβΌ New - CVE-2019-17231
π Read
via "National Vulnerability Database".
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-17230
π Read
via "National Vulnerability Database".
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.π Read
via "National Vulnerability Database".
β Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks β
π Read
via "Threatpost".
A group of CDNs and cloud providers are joining in on a fight against common internet routing attacks.π Read
via "Threatpost".
Threat Post
Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks
A group of CDNs and cloud providers are joining in on a fight against common internet routing attacks.