❌ Tencent Ups Top Bug-Bounty Award to $15K ❌
📖 Read
via "Threatpost".
The Chinese ISP has expanded its program via HackerOne.📖 Read
via "Threatpost".
Threat Post
Tencent Ups Top Bug-Bounty Award to $15K
The Chinese ISP has expanded its program via HackerOne.
ATENTION‼ New - CVE-2020-0906
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0900
📖 Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0899
📖 Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0895
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0889
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0888
📖 Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0835
📖 Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0821
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0794
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0784
📖 Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0888.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0760
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0699
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0962.📖 Read
via "National Vulnerability Database".
🔐 How Apple and Google plan to combat the coronavirus through contact tracing 🔐
📖 Read
via "Security on TechRepublic".
The companies are touting a built-in technology to identify people potentially exposed to the virus, but there are challenges over effectiveness and privacy.📖 Read
via "Security on TechRepublic".
TechRepublic
How Apple and Google plan to combat the coronavirus through contact tracing
The companies are touting a built-in technology to identify people potentially exposed to the virus, but there are challenges over effectiveness and privacy.
ATENTION‼ New - CVE-2019-2880
📖 Read
via "National Vulnerability Database".
Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).📖 Read
via "National Vulnerability Database".
🕴 New York State Confirms Breach of Government Network 🕴
📖 Read
via "Dark Reading: ".
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.📖 Read
via "Dark Reading: ".
Dark Reading
New York State Confirms Breach of Government Network
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.
🕴 'Nothing's Off the Table': Will Infosec Jobs Survive the Recession? 🕴
📖 Read
via "Dark Reading: ".
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?📖 Read
via "Dark Reading: ".
Dark Reading
'Nothing's Off the Table': Will Infosec Jobs Survive the Recession?
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some board rooms still see Security as a cost center. Are infosec careers vulnerable now?
🕴 Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat 🕴
📖 Read
via "Dark Reading: ".
Hackers are upping their game, especially as they target mobile devices.📖 Read
via "Dark Reading: ".
Dark Reading
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Hackers are upping their game, especially as they target mobile devices.
ATENTION‼ New - CVE-2020-0600
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0598
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0578
📖 Read
via "National Vulnerability Database".
Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.📖 Read
via "National Vulnerability Database".