ATENTION‼ New - CVE-2020-0699
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0962.📖 Read
via "National Vulnerability Database".
🔐 How Apple and Google plan to combat the coronavirus through contact tracing 🔐
📖 Read
via "Security on TechRepublic".
The companies are touting a built-in technology to identify people potentially exposed to the virus, but there are challenges over effectiveness and privacy.📖 Read
via "Security on TechRepublic".
TechRepublic
How Apple and Google plan to combat the coronavirus through contact tracing
The companies are touting a built-in technology to identify people potentially exposed to the virus, but there are challenges over effectiveness and privacy.
ATENTION‼ New - CVE-2019-2880
📖 Read
via "National Vulnerability Database".
Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).📖 Read
via "National Vulnerability Database".
🕴 New York State Confirms Breach of Government Network 🕴
📖 Read
via "Dark Reading: ".
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.📖 Read
via "Dark Reading: ".
Dark Reading
New York State Confirms Breach of Government Network
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.
🕴 'Nothing's Off the Table': Will Infosec Jobs Survive the Recession? 🕴
📖 Read
via "Dark Reading: ".
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?📖 Read
via "Dark Reading: ".
Dark Reading
'Nothing's Off the Table': Will Infosec Jobs Survive the Recession?
With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some board rooms still see Security as a cost center. Are infosec careers vulnerable now?
🕴 Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat 🕴
📖 Read
via "Dark Reading: ".
Hackers are upping their game, especially as they target mobile devices.📖 Read
via "Dark Reading: ".
Dark Reading
Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat
Hackers are upping their game, especially as they target mobile devices.
ATENTION‼ New - CVE-2020-0600
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0598
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0578
📖 Read
via "National Vulnerability Database".
Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0577
📖 Read
via "National Vulnerability Database".
Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0576
📖 Read
via "National Vulnerability Database".
Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0568
📖 Read
via "National Vulnerability Database".
Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0558
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0557
📖 Read
via "National Vulnerability Database".
Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0547
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
🛠 SkyWrapper Discovery Tool 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
SkyWrapper is a tool from CyberArk that helps to discover suspicious creation forms and uses of temporary tokens in AWS.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
SkyWrapper Discovery Tool ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 nfstream 4.0.0 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
nfstream 4.0.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 TestSSL 3.0.1 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
TestSSL 3.0.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Zeek 3.1.2 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
Zeek 3.1.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTION‼ New - CVE-2019-4654
📖 Read
via "National Vulnerability Database".
IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-4594
📖 Read
via "National Vulnerability Database".
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810.📖 Read
via "National Vulnerability Database".