π΄ Cybersecurity Prep for the 2020s π΄
π Read
via "Dark Reading: ".
The more things change, the more they stay the same. Much of the world is still behind on the basics.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Prep for the 2020s
The more things change, the more they stay the same. Much of the world is still behind on the basics.
β PPE, COVID-19 Medical Supplies Targeted by BEC Scams β
π Read
via "Threatpost".
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.π Read
via "Threatpost".
Threat Post
PPE, COVID-19 Medical Supplies Targeted by BEC Scams
FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.
β Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module β
π Read
via "Threatpost".
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.π Read
via "Threatpost".
Threat Post
Intel Fixes High-Severity Flaws in NUC, Discontinues Buggy Compute Module
Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.
β Zoom passwords for sale on the Dark Web β βten-a-pennyβ by all accounts β
π Read
via "Naked Security".
If you reuse an old password when you're rushing to create a new account for the lockdown era, you're as good as "pre-hacking" yourself.π Read
via "Naked Security".
Naked Security
Zoom passwords for sale on the Dark Web β βten-a-pennyβ by all accounts
If you reuse an old password when youβre rushing to create a new account for the lockdown era, youβre as good as βpre-hackingβ yourself.
β Tencent Ups Top Bug-Bounty Award to $15K β
π Read
via "Threatpost".
The Chinese ISP has expanded its program via HackerOne.π Read
via "Threatpost".
Threat Post
Tencent Ups Top Bug-Bounty Award to $15K
The Chinese ISP has expanded its program via HackerOne.
ATENTIONβΌ New - CVE-2020-0906
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0900
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0899
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0895
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0889
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0888
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0835
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0821
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0794
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0784
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0888.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0760
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0699
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0962.π Read
via "National Vulnerability Database".
π How Apple and Google plan to combat the coronavirus through contact tracing π
π Read
via "Security on TechRepublic".
The companies are touting a built-in technology to identify people potentially exposed to the virus, but there are challenges over effectiveness and privacy.π Read
via "Security on TechRepublic".
TechRepublic
How Apple and Google plan to combat the coronavirus through contact tracing
The companies are touting a built-in technology to identify people potentially exposed to the virus, but there are challenges over effectiveness and privacy.
ATENTIONβΌ New - CVE-2019-2880
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).π Read
via "National Vulnerability Database".
π΄ New York State Confirms Breach of Government Network π΄
π Read
via "Dark Reading: ".
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.π Read
via "Dark Reading: ".
Dark Reading
New York State Confirms Breach of Government Network
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.
π΄ 'Nothing's Off the Table': Will Infosec Jobs Survive the Recession? π΄
π Read
via "Dark Reading: ".
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?π Read
via "Dark Reading: ".
Dark Reading
'Nothing's Off the Table': Will Infosec Jobs Survive the Recession?
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some board rooms still see Security as a cost center. Are infosec careers vulnerable now?