ATENTIONβΌ New - CVE-2020-13361
π Read
via "National Vulnerability Database".
In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20807
π Read
via "National Vulnerability Database".
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).π Read
via "National Vulnerability Database".
β Google Location Tracking Lambasted in Arizona Lawsuit β
π Read
via "Threatpost".
The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses βdeceptive and unfair conductβ to obtain usersβ location data.π Read
via "Threatpost".
Threat Post
Google Location Tracking Lambasted in Arizona Lawsuit
The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses βdeceptive and unfair conductβ to obtain usersβ location data.
π΄ 3 SMB Cybersecurity Myths Debunked π΄
π Read
via "Dark Reading: ".
Small and midsize businesses are better at cyber resilience than you might think.π Read
via "Dark Reading: ".
Dark Reading
3 SMB Cybersecurity Myths Debunked
Small and midsize businesses are better at cyber resilience than you might think.
π΄ NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers π΄
π Read
via "Dark Reading: ".
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.π Read
via "Dark Reading: ".
Dark Reading
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
π How to enable two-factor authentication for Bitwarden π
π Read
via "Security on TechRepublic".
If you use Bitwarden as your password manager of choice, you owe it to yourself to enable two-factor authentication.π Read
via "Security on TechRepublic".
TechRepublic
How to enable two-factor authentication for Bitwarden
If you use Bitwarden as your password manager of choice, you owe it to yourself to enable two-factor authentication.
ATENTIONβΌ New - CVE-2020-13245
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11079
π Read
via "National Vulnerability Database".
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.π Read
via "National Vulnerability Database".
β Hackers Compromise Cisco Servers Via SaltStack Flaws β
π Read
via "Threatpost".
Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.π Read
via "Threatpost".
Threat Post
Hackers Compromise Cisco Servers Via SaltStack Flaws
Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.
π΄ Valak Malware Retasked to Steal Data from US, German Firms π΄
π Read
via "Dark Reading: ".
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.π Read
via "Dark Reading: ".
Dark Reading
Valak Malware Retasked to Steal Data from US, German Firms
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.
π΄ Researchers ID Hacktivist Who Defaced Nearly 5,000 Websites π΄
π Read
via "Dark Reading: ".
Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign.π Read
via "Dark Reading: ".
Dark Reading
Researchers ID Hacktivist Who Defaced Nearly 5,000 Websites
Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign.
π΄ GitHub Supply Chain Attack Uses Octopus Scanner Malware π΄
π Read
via "Dark Reading: ".
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.π Read
via "Dark Reading: ".
Dark Reading
GitHub Supply Chain Attack Uses Octopus Scanner Malware
Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.
β Inside the Hoaxcalls Botnet: Both Success and Failure β
π Read
via "Threatpost".
The DDoS group sets itself apart by using exploits -- but it doesn't always pan out.π Read
via "Threatpost".
Threat Post
Inside the Hoaxcalls Botnet: Both Success and Failure
The DDoS group sets itself apart by using exploits β but it doesn't always pan out.
ATENTIONβΌ New - CVE-2020-11082
π Read
via "National Vulnerability Database".
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-6342
π Read
via "National Vulnerability Database".
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.π Read
via "National Vulnerability Database".
π΄ A Rogues' Gallery of MacOS Malware π΄
π Read
via "Dark Reading: ".
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.π Read
via "Dark Reading: ".
Dark Reading
A Rogues' Gallery of MacOS Malware
MacOS isn't immune from malware. Being prepared means understanding the nature of the worst threats a security team is likely to see attacking Macs in the enterprise.
ATENTIONβΌ New - CVE-2020-13173
π Read
via "National Vulnerability Database".
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.π Read
via "National Vulnerability Database".
β Google sued by Arizona for tracking usersβ locations in spite of settings β
π Read
via "Naked Security".
Maps, weather, searches et al. suck up location data in the background, even if Tracking is turned off. Arizona says it's consumer fraud.π Read
via "Naked Security".
Naked Security
Google sued by Arizona for tracking usersβ locations in spite of settings
Maps, weather, searches et al. suck up location data in the background, even if Tracking is turned off. Arizona says itβs consumer fraud.
β Windows 10 adds new security and privacy features in May update β
π Read
via "Naked Security".
Windows 10 release 2004 is out, with a slew of new features, including several updates to its security and privacy.π Read
via "Naked Security".
Naked Security
Windows 10 adds new security and privacy features in May update
Windows 10 release 2004 is out, with a slew of new features, including several updates to its security and privacy.
β COVID-19 tests, PPE and antivirual drugs find a home on the dark web β
π Read
via "Naked Security".
COVID-19 testing kits, Hydroxychloroquine and PPE - it's all for sale on the dark web.π Read
via "Naked Security".
Naked Security
COVID-19 tests, PPE and antivirual drugs find a home on the dark web
COVID-19 testing kits, Hydroxychloroquine and PPE β itβs all for sale on the dark web.