ATENTION‼ New - CVE-2019-12004
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-12003
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.📖 Read
via "National Vulnerability Database".
🕴 Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them 🕴
📖 Read
via "Dark Reading: ".
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.📖 Read
via "Dark Reading: ".
Dark Reading
Rare NSA Advisory About Russia-Based Cyberattacks Unlikely to Stop Them
The Sandworm group -- behind disinformation and election-hacking campaigns and responsible for a 2016 power outage in the Ukraine -- is now targeting e-mail servers.
ATENTION‼ New - CVE-2014-9702
📖 Read
via "National Vulnerability Database".
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8945
📖 Read
via "National Vulnerability Database".
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8944
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8943
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8942
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows CSRF.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8941
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8940
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8939
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8938
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-8937
📖 Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-7175
📖 Read
via "National Vulnerability Database".
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-7174
📖 Read
via "National Vulnerability Database".
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-7173
📖 Read
via "National Vulnerability Database".
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.📖 Read
via "National Vulnerability Database".
🔐 Why organizations shouldn't automatically give in to ransomware demands 🔐
📖 Read
via "Security on TechRepublic".
A ransomware incident analyzed by IBM X-Force shows that the attacker wouldn't have been able to decrypt the data, even if the ransom was paid.📖 Read
via "Security on TechRepublic".
TechRepublic
Why organizations shouldn't automatically give in to ransomware demands
A ransomware incident analyzed by IBM X-Force shows that the attacker wouldn't have been able to decrypt the data, even if the ransom was paid.
🕴 26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation 🕴
📖 Read
via "Dark Reading: ".
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.📖 Read
via "Dark Reading: ".
Dark Reading
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
🔐 Phishing campaign caught spoofing Zoom 🔐
📖 Read
via "Security on TechRepublic".
The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.📖 Read
via "Security on TechRepublic".
TechRepublic
Phishing campaign caught spoofing Zoom
The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.
🔐 48% of employees are less likely to follow safe data practices when working from home 🔐
📖 Read
via "Security on TechRepublic".
According to a Tessian survey, data protection concerns go out the window for remote employees.📖 Read
via "Security on TechRepublic".
TechRepublic
48% of employees are less likely to follow safe data practices when working from home
According to a Tessian survey, data protection concerns go out the window for remote employees.
🕴 Apple Pays Researcher $100,000 for Critical Vulnerability 🕴
📖 Read
via "Dark Reading: ".
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.📖 Read
via "Dark Reading: ".
Dark Reading
Apple Pays Researcher $100,000 for Critical Vulnerability
Apple has fixed a flaw in the Sign in with Apple feature that could have enabled attackers to break into user accounts for third-party services.