ATENTION‼ New - CVE-2020-0600
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0598
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0578
📖 Read
via "National Vulnerability Database".
Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0577
📖 Read
via "National Vulnerability Database".
Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0576
📖 Read
via "National Vulnerability Database".
Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0568
📖 Read
via "National Vulnerability Database".
Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0558
📖 Read
via "National Vulnerability Database".
Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0557
📖 Read
via "National Vulnerability Database".
Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-0547
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
🛠 SkyWrapper Discovery Tool 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
SkyWrapper is a tool from CyberArk that helps to discover suspicious creation forms and uses of temporary tokens in AWS.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
SkyWrapper Discovery Tool ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 nfstream 4.0.0 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
nfstream 4.0.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 TestSSL 3.0.1 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
TestSSL 3.0.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Zeek 3.1.2 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
Zeek 3.1.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTION‼ New - CVE-2019-4654
📖 Read
via "National Vulnerability Database".
IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-4594
📖 Read
via "National Vulnerability Database".
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-4593
📖 Read
via "National Vulnerability Database".
IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20767
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19500
📖 Read
via "National Vulnerability Database".
Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19390
📖 Read
via "National Vulnerability Database".
The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.📖 Read
via "National Vulnerability Database".
🕴 Slack Incoming Webhooks Can Be Weaponized in Phishing Attacks 🕴
📖 Read
via "Dark Reading: ".
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.📖 Read
via "Dark Reading: ".
Dark Reading
Slack Incoming Webhooks Can Be Weaponized in Phishing Attacks
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.
🔏 Adopting Accountability in Data Protection Post COVID-19 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
Can the gap between socially responsible collective action and privacy be bridged? A new report outlines a series of measures for the public and private sector to take in order to demonstrate accountability while delivering privacy protection in a pandemic.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Adopting Accountability in Data Protection Post COVID-19
Can the gap between socially responsible collective action and privacy be bridged? A new report outlines a series of measures for the public and private sector to take in order to demonstrate accountability while delivering privacy protection in a pandemic.