β Signal: Weβll be eaten alive by EARN IT Actβs anti-encryption wolves β
π Read
via "Naked Security".
The Big Bad Wolves haven't blown the house down but did come up with a way to "hold the three little pigs responsible for being delicious," Signal said.π Read
via "Naked Security".
Naked Security
Signal: Weβll be eaten alive by EARN IT Actβs anti-encryption wolves
The Big Bad Wolves havenβt blown the house down but did come up with a way to βhold the three little pigs responsible for being delicious,β Signal said.
ATENTIONβΌ New - CVE-2020-10514
π Read
via "National Vulnerability Database".
iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary command.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10513
π Read
via "National Vulnerability Database".
The file management interface of iCatch DVR contains broken access control which allows the attacker to remotely manipulate arbitrary file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10512
π Read
via "National Vulnerability Database".
HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10511
π Read
via "National Vulnerability Database".
HGiga C&Cmail contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10507
π Read
via "National Vulnerability Database".
The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of misconfigured file upload filter. Attackers can upload any format of file to the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10506
π Read
via "National Vulnerability Database".
The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10505
π Read
via "National Vulnerability Database".
The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, allowing attackers to inject SQL commands into the URL.π Read
via "National Vulnerability Database".
π Scammers exploit coronavirus for Business Email Compromise campaigns π
π Read
via "Security on TechRepublic".
Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.π Read
via "Security on TechRepublic".
TechRepublic
Scammers exploit coronavirus for Business Email Compromise campaigns
Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.
π΄ Cybersecurity Prep for the 2020s π΄
π Read
via "Dark Reading: ".
The more things change, the more they stay the same. Much of the world is still behind on the basics.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Prep for the 2020s
The more things change, the more they stay the same. Much of the world is still behind on the basics.
β PPE, COVID-19 Medical Supplies Targeted by BEC Scams β
π Read
via "Threatpost".
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.π Read
via "Threatpost".
Threat Post
PPE, COVID-19 Medical Supplies Targeted by BEC Scams
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.
β Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module β
π Read
via "Threatpost".
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.π Read
via "Threatpost".
Threat Post
Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.
β Zoom passwords for sale on the Dark Web β βten-a-pennyβ by all accounts β
π Read
via "Naked Security".
If you reuse an old password when you're rushing to create a new account for the lockdown era, you're as good as "pre-hacking" yourself.π Read
via "Naked Security".
Naked Security
Zoom passwords for sale on the Dark Web β βten-a-pennyβ by all accounts
If you reuse an old password when youβre rushing to create a new account for the lockdown era, youβre as good as βpre-hackingβ yourself.
β Tencent Ups Top Bug-Bounty Award to $15K β
π Read
via "Threatpost".
The Chinese ISP has expanded its program via HackerOne.π Read
via "Threatpost".
Threat Post
Tencent Ups Top Bug-Bounty Award to $15K
The Chinese ISP has expanded its program via HackerOne.
ATENTIONβΌ New - CVE-2020-0906
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0900
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0899
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0895
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0889
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0888
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0835
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.π Read
via "National Vulnerability Database".