ATENTION‼ New - CVE-2019-19506
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19505
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-16213
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21268
📖 Read
via "National Vulnerability Database".
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.📖 Read
via "National Vulnerability Database".
⚠ Firefox 78 is out – with a mysteriously empty list of security fixes ⚠
📖 Read
via "Naked Security".
TLS 1.0 and TLS 1.1 are now considered security risks and blocked by default.📖 Read
via "Naked Security".
Naked Security
Firefox 78 is out – with a mysteriously empty list of security fixes
TLS 1.0 and TLS 1.1 are now considered security risks and blocked by default.
ATENTION‼ New - CVE-2019-20408
📖 Read
via "National Vulnerability Database".
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.📖 Read
via "National Vulnerability Database".
⚠ Google stops pushing scam ads on Americans searching for how to vote ⚠
📖 Read
via "Naked Security".
No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so - and to grab your PII in the process.📖 Read
via "Naked Security".
Naked Security
Google stops pushing scam ads on Americans searching for how to vote
No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so – and to grab your PII in the process.
ATENTION‼ New - CVE-2020-10379
📖 Read
via "National Vulnerability Database".
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10378
📖 Read
via "National Vulnerability Database".
In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10177
📖 Read
via "National Vulnerability Database".
Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20892
📖 Read
via "National Vulnerability Database".
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19506
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19505
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-16213
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21268
📖 Read
via "National Vulnerability Database".
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.📖 Read
via "National Vulnerability Database".
❌ Microsoft Releases Emergency Security Updates for Windows 10, Server ❌
📖 Read
via "Threatpost".
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.📖 Read
via "Threatpost".
Threat Post
Microsoft Releases Emergency Security Updates for Windows 10, Server
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.
❌ Email Sender Identity is Key to Solving the Phishing Crisis ❌
📖 Read
via "Threatpost".
Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.📖 Read
via "Threatpost".
⚠ Microsoft issues critical fixes for booby-trapped images – update now! ⚠
📖 Read
via "Naked Security".
Booby-trapped images could be used to attack Windows 10 and Windows Server 2019 - update now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🔐 Keep the lights on: Three things power companies need to do to harden cybersecurity defenses 🔐
📖 Read
via "Security on TechRepublic".
IoT device makers and the US government need to collaborate with the industry to make sure digital transformation closes security gaps instead of opening new ones.📖 Read
via "Security on TechRepublic".
TechRepublic
Keep the lights on: Three things power companies need to do to harden cybersecurity defenses
IoT device makers and the US government need to collaborate with the industry to make sure digital transformation closes security gaps instead of opening new ones.
🕴 Another COVID-19 Side Effect: Rising Nation-State Cyber Activity 🕴
📖 Read
via "Dark Reading: ".
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.📖 Read
via "Dark Reading: ".
Dark Reading
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
🔐 How to protect your organization from coronavirus-related phishing attacks 🔐
📖 Read
via "Security on TechRepublic".
Emails exploiting COVID-19 have risen, declined, and risen again along with the changes in the pandemic and the shift to remote working, according to the security company GreatHorn.📖 Read
via "Security on TechRepublic".
TechRepublic
How to protect your organization from coronavirus-related phishing attacks
Emails exploiting COVID-19 have risen, declined, and risen again along with the changes in the pandemic and the shift to remote working, according to the security company GreatHorn.