π΄ Security 101: Cross-Site Scripting π΄
π Read
via "Dark Reading: ".
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?π Read
via "Dark Reading: ".
Dark Reading
Security 101: Cross-Site Scripting
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
ATENTIONβΌ New - CVE-2017-18868
π Read
via "National Vulnerability Database".
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-1037
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-1035
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-1028
π Read
via "National Vulnerability Database".
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-1024
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-1023
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-1021
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-1010
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0963
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0909
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0901
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20804
π Read
via "National Vulnerability Database".
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20803
π Read
via "National Vulnerability Database".
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21234
π Read
via "National Vulnerability Database".
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.π Read
via "National Vulnerability Database".
π΄ 10 iOS Security Tips to Lock Down Your iPhone π΄
π Read
via "Dark Reading: ".
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.π Read
via "Dark Reading: ".
Dark Reading
10 iOS Security Tips to Lock Down Your iPhone
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
β Apple and Google launch COVID-19 contact tracing API β
π Read
via "Naked Security".
The first phase of Apple and Google's contact tracing framework allows public health authorities across the world to connect their apps with data that could help them identify people at risk from coronavirus.π Read
via "Naked Security".
Naked Security
Apple and Google launch COVID-19 contact tracing API
The first phase of Apple and Googleβs contact tracing framework to help identify people at risk from coronavirus.
β Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks β
π Read
via "Threatpost".
Government and air transportation companies in Kuwait and Saudi Arabia were targeted in a recent attack tracked back to the Chafer APT.π Read
via "Threatpost".
Threat Post
Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks
Government and air transportation companies in Kuwait and Saudi Arabia were targeted in a recent attack tracked back to the Chafer APT.
π nfstream 5.1.3 π
π Go!
via "Security Tool Files β Packet Storm".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
nfstream 5.1.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β NSO Group Impersonates Facebook Security Team to Spread Spyware β Report β
π Read
via "Threatpost".
An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal.π Read
via "Threatpost".
Threat Post
NSO Group Impersonates Facebook Security Team to Spread Spyware β Report
An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal.
π 8 states targeted in CARES Act scams from cybercrime group π
π Read
via "Security on TechRepublic".
Scattered Canary has siphoned over $4 million in unemployment benefits and federal funding through a variety of scams, according to the Secret Service and the cybersecurity company Agari.π Read
via "Security on TechRepublic".
TechRepublic
8 states targeted in CARES Act scams from cybercrime group
Scattered Canary has siphoned over $4 million in unemployment benefits and federal funding through a variety of scams, according to the Secret Service and the cybersecurity company Agari.