π΄ Microsoft Patches 113 Bugs, 3 Under Active Attack π΄
π Read
via "Dark Reading: ".
Microsoft has seen a 44% jump in the number of CVEs fixed between January and April 2020 compared with the same period in 2019.π Read
via "Dark Reading: ".
Dark Reading
Application Security recent news | Dark Reading
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading
π΄ Will Gentler HIPAA Rules on Telehealth Now Protect Us From Breach Litigation Later? π΄
π Read
via "Dark Reading: ".
To enable medical care while encouraging social distancing during the COVID-19 pandemic, the Department of Health and Human Services temporarily loosened up on some of its HIPAA noncompliance enforcement on telehealth. But what happens if there's a PHI slip-up?π Read
via "Dark Reading: ".
Dark Reading
Will Gentler HIPAA Rules on Telehealth Now Protect Us From Breach Litigation Later?
To enable medical care while encouraging social distancing during the COVID-19 pandemic, the Department of Health and Human Services temporarily loosened up on some of its HIPAA noncompliance enforcement on telehealth. But what happens if there's a PHI slipβ¦
ATENTIONβΌ New - CVE-2019-19301
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19300
π Read
via "National Vulnerability Database".
A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10939
π Read
via "National Vulnerability Database".
A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.π Read
via "National Vulnerability Database".
π΄ Patch-a-Palooza: More Than 560 Flaws Fixed in a Single Day π΄
π Read
via "Dark Reading: ".
Software vendors keep pushing patches to the same Tuesday once a month, or once a quarter, and the result can be overwhelming. Six enterprise software makers issued patches for 567 issues in April.π Read
via "Dark Reading: ".
Dark Reading
Patch-a-Palooza: More Than 560 Flaws Fixed in a Single Day
Software vendors keep pushing patches to the same Tuesday once a month, or once a quarter, and the result can be overwhelming. Six enterprise software makers issued patches for 567 issues in April.
β WordPress WooCommerce sites targeted by card swiper attacks β
π Read
via "Naked Security".
Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Signal: Weβll be eaten alive by EARN IT Actβs anti-encryption wolves β
π Read
via "Naked Security".
The Big Bad Wolves haven't blown the house down but did come up with a way to "hold the three little pigs responsible for being delicious," Signal said.π Read
via "Naked Security".
Naked Security
Signal: Weβll be eaten alive by EARN IT Actβs anti-encryption wolves
The Big Bad Wolves havenβt blown the house down but did come up with a way to βhold the three little pigs responsible for being delicious,β Signal said.
ATENTIONβΌ New - CVE-2020-10514
π Read
via "National Vulnerability Database".
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary command.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10513
π Read
via "National Vulnerability Database".
The file management interface of iCatch DVR contains broken access control which allows the attacker to remotely manipulate arbitrary file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10512
π Read
via "National Vulnerability Database".
HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10511
π Read
via "National Vulnerability Database".
HGiga C&Cmail contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10507
π Read
via "National Vulnerability Database".
The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of misconfigured file upload filter. Attackers can upload any format of file to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10506
π Read
via "National Vulnerability Database".
The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10505
π Read
via "National Vulnerability Database".
The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, allowing attackers to inject SQL commands into the URL.π Read
via "National Vulnerability Database".
π Scammers exploit coronavirus for Business Email Compromise campaigns π
π Read
via "Security on TechRepublic".
Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.π Read
via "Security on TechRepublic".
TechRepublic
Scammers exploit coronavirus for Business Email Compromise campaigns
Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.
π΄ Cybersecurity Prep for the 2020s π΄
π Read
via "Dark Reading: ".
The more things change, the more they stay the same. Much of the world is still behind on the basics.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Prep for the 2020s
The more things change, the more they stay the same. Much of the world is still behind on the basics.
β PPE, COVID-19 Medical Supplies Targeted by BEC Scams β
π Read
via "Threatpost".
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.π Read
via "Threatpost".
Threat Post
PPE, COVID-19 Medical Supplies Targeted by BEC Scams
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.
β Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module β
π Read
via "Threatpost".
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.π Read
via "Threatpost".
Threat Post
Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.
β Zoom passwords for sale on the Dark Web β βten-a-pennyβ by all accounts β
π Read
via "Naked Security".
If you reuse an old password when you're rushing to create a new account for the lockdown era, you're as good as "pre-hacking" yourself.π Read
via "Naked Security".
Naked Security
Zoom passwords for sale on the Dark Web β βten-a-pennyβ by all accounts
If you reuse an old password when youβre rushing to create a new account for the lockdown era, youβre as good as βpre-hackingβ yourself.
β Tencent Ups Top Bug-Bounty Award to $15K β
π Read
via "Threatpost".
The Chinese ISP has expanded its program via HackerOne.π Read
via "Threatpost".
Threat Post
Tencent Ups Top Bug-Bounty Award to $15K
The Chinese ISP has expanded its program via HackerOne.