ATENTIONβΌ New - CVE-2014-8944
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8943
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8942
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8941
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8940
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8939
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8938
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-8937
π Read
via "National Vulnerability Database".
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-7175
π Read
via "National Vulnerability Database".
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-7174
π Read
via "National Vulnerability Database".
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-7173
π Read
via "National Vulnerability Database".
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.π Read
via "National Vulnerability Database".
π Why organizations shouldn't automatically give in to ransomware demands π
π Read
via "Security on TechRepublic".
A ransomware incident analyzed by IBM X-Force shows that the attacker wouldn't have been able to decrypt the data, even if the ransom was paid.π Read
via "Security on TechRepublic".
TechRepublic
Why organizations shouldn't automatically give in to ransomware demands
A ransomware incident analyzed by IBM X-Force shows that the attacker wouldn't have been able to decrypt the data, even if the ransom was paid.
π΄ 26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation π΄
π Read
via "Dark Reading: ".
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.π Read
via "Dark Reading: ".
Dark Reading
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
π Phishing campaign caught spoofing Zoom π
π Read
via "Security on TechRepublic".
The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.π Read
via "Security on TechRepublic".
TechRepublic
Phishing campaign caught spoofing Zoom
The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.
π 48% of employees are less likely to follow safe data practices when working from home π
π Read
via "Security on TechRepublic".
According to a Tessian survey, data protection concerns go out the window for remote employees.π Read
via "Security on TechRepublic".
TechRepublic
48% of employees are less likely to follow safe data practices when working from home
According to a Tessian survey, data protection concerns go out the window for remote employees.
π΄ Apple Pays Researcher $100,000 for Critical Vulnerability π΄
π Read
via "Dark Reading: ".
Apple has fixed a flaw in the "Sign in with Apple" feature that could have enabled attackers to break into user accounts for third-party services.π Read
via "Dark Reading: ".
Dark Reading
Apple Pays Researcher $100,000 for Critical Vulnerability
Apple has fixed a flaw in the Sign in with Apple feature that could have enabled attackers to break into user accounts for third-party services.
π΄ Data on Indian Mobile Payments App Reportedly Exposed via Open S3 Bucket π΄
π Read
via "Dark Reading: ".
Over 7 million records exposed, according to vpnMentor, but app maker says there is no sign of malicious use.π Read
via "Dark Reading: ".
Dark Reading
Data on Indian Mobile Payments App Reportedly Exposed via Open S3 Bucket
Over 7 million records exposed, according to vpnMentor, but app maker says there is no sign of malicious use.
β Crime agency turns to Google ads to deter teen DDoS hackers β
π Read
via "Naked Security".
The UK's National Crime Agency has hit on a simple way to stop teens from being sucked into cybercrime β using Google Ads.π Read
via "Naked Security".
Naked Security
Crime agency turns to Google ads to deter teen DDoS hackers
The UKβs National Crime Agency has hit on a simple way to stop teens from being sucked into cybercrime β using Google Ads.
β Hacker posts database stolen from Dark Net free hosting provider DH β
π Read
via "Naked Security".
Some 7,600 dark-web sites were obliterated in an attack on the most popular provider of .onion free hosting services, Daniel's Hosting.π Read
via "Naked Security".
Naked Security
Hacker posts database stolen from Dark Net free hosting provider DH
Some 7,600 dark-web sites were obliterated in an attack on the most popular provider of .onion free hosting services, Danielβs Hosting.
β Podcast: Why Identity Access Management is the New Perimeter β
π Read
via "Threatpost".
DivvyCloud discusses the changing nature of identity access management (IAM) - and what kind of challenges and opportunities that is creating for businesses.π Read
via "Threatpost".
Threat Post
Podcast: Why Identity Access Management is the New Perimeter
DivvyCloud discusses the changing nature of identity access management (IAM) - and what kind of challenges and opportunities that is creating for businesses.
β Apple Jailbreak Zero-Day Gets a Patch β
π Read
via "Threatpost".
The zero-day vulnerability tracked as CVE-2020-9859 is exploited by the "Uncover" jailbreak tool released last week.π Read
via "Threatpost".
Threat Post
Apple Jailbreak Zero-Day Gets a Patch
The zero-day vulnerability tracked as CVE-2020-9859 is exploited by the "Uncover" jailbreak tool released last week.