ATENTIONβΌ New - CVE-2019-20801
π Read
via "National Vulnerability Database".
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20800
π Read
via "National Vulnerability Database".
In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20799
π Read
via "National Vulnerability Database".
In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20798
π Read
via "National Vulnerability Database".
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20797
π Read
via "National Vulnerability Database".
An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacketTo in i_network.c.π Read
via "National Vulnerability Database".
β Monday review β the hot 17 stories of the week β
π Read
via "Naked Security".
From DHL delivery phishes to the top 10 most exploited bugs - and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 17 stories of the week
From DHL delivery phishes to the top 10 most exploited bugs β and everything in between. Itβs weekly roundup time.
β Shiny new Azure login attracts shiny new phishing attacks β
π Read
via "Naked Security".
Admins working with Microsoft Azure beware: phishers are updating their assets to reflect changes on the company's cloud-based login screen.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π GitLab survey suggests DevOps is becoming real, while DevSecOps has work to do π
π Read
via "Security on TechRepublic".
Commentary: Developers are finally taking on more of an operational role, but they still aren't getting involved enough in security.π Read
via "Security on TechRepublic".
TechRepublic
GitLab survey suggests DevOps is becoming real, while DevSecOps has work to do
Commentary: Developers are finally taking on more of an operational role, but they still aren't getting involved enough in security.
π΄ The 3 Top Cybersecurity Myths & What You Should Know π΄
π Read
via "Dark Reading: ".
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.π Read
via "Dark Reading: ".
Dark Reading
The 3 Top Cybersecurity Myths & What You Should Know
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
β Senate renews warrantless collection of web histories β
π Read
via "Naked Security".
The government can keep on surveilling your online life without a warrant. An amendment to ban it failed by just one vote.π Read
via "Naked Security".
Naked Security
Senate renews warrantless collection of web histories
The government can keep on surveilling your online life without a warrant. An amendment to ban it failed by just one vote.
β Edison Mail iOS Bug Exposes Emails to Strangers β
π Read
via "Threatpost".
A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers.π Read
via "Threatpost".
Threat Post
Edison Mail iOS Bug Exposes Emails to Strangers
A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers.
π nfstream 5.1.1 π
π Go!
via "Security Tool Files β Packet Storm".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
nfstream 5.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β The RATicate gang β implanting malware in an industry near you β
π Read
via "Naked Security".
These days, "What does this malware do?" is the question that has dozens of possible answers... here's how and why.π Read
via "Naked Security".
Naked Security
The RATicate gang β implanting malware in an industry near you
These days, βWhat does this malware do?β is the question that has dozens of possible answersβ¦ hereβs how and why.
π How to password protect your mobile Nextcloud app π
π Read
via "Security on TechRepublic".
If you use the Nextcloud mobile app, you'll want to password protect it to ensure you don't leave your sensitive data open for anyone to see.π Read
via "Security on TechRepublic".
TechRepublic
How to password protect your mobile Nextcloud app
If you use the Nextcloud mobile app, you'll want to password protect it to ensure you don't leave your sensitive data open for anyone to see.
π΄ Private Equity Firm Stalls $1.9B Forescout Acquisition π΄
π Read
via "Dark Reading: ".
Officials say "there can be no assurance" Forescout and Advent International will reach an agreement, though talks are ongoing.π Read
via "Dark Reading: ".
Dark Reading
Private Equity Firm Stalls $1.9B Forescout Acquisition
Officials say there can be no assurance Forescout and Advent International will reach an agreement, though talks are ongoing.
ATENTIONβΌ New - CVE-2019-7247
π Read
via "National Vulnerability Database".
An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-7246
π Read
via "National Vulnerability Database".
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19456
π Read
via "National Vulnerability Database".
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19454
π Read
via "National Vulnerability Database".
An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.xπ Read
via "National Vulnerability Database".
β ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims β
π Read
via "Threatpost".
ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection.π Read
via "Threatpost".
Threat Post
ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims
ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection.
π Irish Data Protection Commission Issues First Fine Against State Agency π
π Read
via "Subscriber Blog RSS Feed ".
Ireland's data protection commission confirmed last week it planned to fine a state agency β¬75,000 for violating the General Data Protection Regulation, or GDPR.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Irish Data Protection Commission Issues First Fine Against State Agency
Ireland's data protection commission confirmed last week it planned to fine a state agency β¬75,000 for violating the General Data Protection Regulation, or GDPR.