ATENTION‼ New - CVE-2019-19390
📖 Read
via "National Vulnerability Database".
The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.📖 Read
via "National Vulnerability Database".
🕴 Slack Incoming Webhooks Can Be Weaponized in Phishing Attacks 🕴
📖 Read
via "Dark Reading: ".
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.📖 Read
via "Dark Reading: ".
Dark Reading
Slack Incoming Webhooks Can Be Weaponized in Phishing Attacks
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.
🔏 Adopting Accountability in Data Protection Post COVID-19 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
Can the gap between socially responsible collective action and privacy be bridged? A new report outlines a series of measures for the public and private sector to take in order to demonstrate accountability while delivering privacy protection in a pandemic.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Adopting Accountability in Data Protection Post COVID-19
Can the gap between socially responsible collective action and privacy be bridged? A new report outlines a series of measures for the public and private sector to take in order to demonstrate accountability while delivering privacy protection in a pandemic.
ATENTION‼ New - CVE-2019-20648
📖 Read
via "National Vulnerability Database".
NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.📖 Read
via "National Vulnerability Database".
❌ Taxpayers Targeted With Improved NetWire RAT Variant ❌
📖 Read
via "Threatpost".
Taxpayers are being targeted by a new NetWire RAT variant in a recent malspam campaign that makes use of an improved keylogger and an Excel 4.0 Macro.📖 Read
via "Threatpost".
Threat Post
Taxpayers Targeted With Improved NetWire RAT Variant
Taxpayers are being targeted by a new NetWire RAT variant in a recent malspam campaign that makes use of an improved keylogger and an Excel 4.0 Macro.
ATENTION‼ New - CVE-2019-20647
📖 Read
via "National Vulnerability Database".
NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20646
📖 Read
via "National Vulnerability Database".
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.📖 Read
via "National Vulnerability Database".
🕴 Slack's Incoming Webhooks Can Be Weaponized in Phishing Attacks 🕴
📖 Read
via "Dark Reading: ".
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.📖 Read
via "Dark Reading: ".
Dark Reading
Slack's Incoming Webhooks Can Be Weaponized in Phishing Attacks
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.
❌ Malicious Google Web Extensions Harvest Cryptowallet Secrets ❌
📖 Read
via "Threatpost".
Several fake browser extensions masqueraded as legitimate cryptocurrency utilities in a snowballing campaign.📖 Read
via "Threatpost".
Threat Post
Malicious Google Web Extensions Harvest Cryptowallet Secrets
Several fake browser extensions masqueraded as legitimate cryptocurrency utilities in a snowballing campaign.
🕴 DHS Issues Alert for New North Korean Cybercrime 🕴
📖 Read
via "Dark Reading: ".
Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.📖 Read
via "Dark Reading: ".
Dark Reading
DHS Issues Alert for New North Korean Cybercrime
Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
ATENTION‼ New - CVE-2019-20644
📖 Read
via "National Vulnerability Database".
NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20643
📖 Read
via "National Vulnerability Database".
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20642
📖 Read
via "National Vulnerability Database".
NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20641
📖 Read
via "National Vulnerability Database".
NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20640
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20639
📖 Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20638
📖 Read
via "National Vulnerability Database".
NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-12524
📖 Read
via "National Vulnerability Database".
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-12522
📖 Read
via "National Vulnerability Database".
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-12521
📖 Read
via "National Vulnerability Database".
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.📖 Read
via "National Vulnerability Database".
🕴 New Malware Family Assembles IoT Botnet 🕴
📖 Read
via "Dark Reading: ".
'Mozi' combines code from three previously known IoT malware.📖 Read
via "Dark Reading: ".
Dark Reading
New Malware Family Assembles IoT Botnet
'Mozi' combines code from three previously known IoT malware.