ATENTION‼ New - CVE-2019-19506
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19505
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-16213
📖 Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2018-21268
📖 Read
via "National Vulnerability Database".
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.📖 Read
via "National Vulnerability Database".
❌ Microsoft Releases Emergency Security Updates for Windows 10, Server ❌
📖 Read
via "Threatpost".
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.📖 Read
via "Threatpost".
Threat Post
Microsoft Releases Emergency Security Updates for Windows 10, Server
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.
❌ Email Sender Identity is Key to Solving the Phishing Crisis ❌
📖 Read
via "Threatpost".
Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.📖 Read
via "Threatpost".
⚠ Microsoft issues critical fixes for booby-trapped images – update now! ⚠
📖 Read
via "Naked Security".
Booby-trapped images could be used to attack Windows 10 and Windows Server 2019 - update now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🔐 Keep the lights on: Three things power companies need to do to harden cybersecurity defenses 🔐
📖 Read
via "Security on TechRepublic".
IoT device makers and the US government need to collaborate with the industry to make sure digital transformation closes security gaps instead of opening new ones.📖 Read
via "Security on TechRepublic".
TechRepublic
Keep the lights on: Three things power companies need to do to harden cybersecurity defenses
IoT device makers and the US government need to collaborate with the industry to make sure digital transformation closes security gaps instead of opening new ones.
🕴 Another COVID-19 Side Effect: Rising Nation-State Cyber Activity 🕴
📖 Read
via "Dark Reading: ".
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.📖 Read
via "Dark Reading: ".
Dark Reading
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
🔐 How to protect your organization from coronavirus-related phishing attacks 🔐
📖 Read
via "Security on TechRepublic".
Emails exploiting COVID-19 have risen, declined, and risen again along with the changes in the pandemic and the shift to remote working, according to the security company GreatHorn.📖 Read
via "Security on TechRepublic".
TechRepublic
How to protect your organization from coronavirus-related phishing attacks
Emails exploiting COVID-19 have risen, declined, and risen again along with the changes in the pandemic and the shift to remote working, according to the security company GreatHorn.
🔐 The next cybersecurity headache: Employees know the rules but just don't care 🔐
📖 Read
via "Security on TechRepublic".
Employees are still ignoring cyber security best practice despite being more aware of the risks.📖 Read
via "Security on TechRepublic".
TechRepublic
The next cybersecurity headache: Employees know the rules but just don't care
Employees are still ignoring cybersecurity best practice despite being more aware of the risks.
🔐 COVID-19 has spurred businesses to migrate security operations to the cloud 🔐
📖 Read
via "Security on TechRepublic".
Companies have increased their reliance on cloud-based security platforms to protect sensitive data as a result of the coronavirus pandemic, according to a new survey.📖 Read
via "Security on TechRepublic".
TechRepublic
COVID-19 has spurred businesses to migrate security operations to the cloud
Companies have increased their reliance on cloud-based security platforms to protect sensitive data as a result of the coronavirus pandemic, according to a new survey.
ATENTION‼ New - CVE-2019-20408
📖 Read
via "National Vulnerability Database".
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.📖 Read
via "National Vulnerability Database".
❌ Android Spyware Tools Emerge in Widespread Surveillance Campaign ❌
📖 Read
via "Threatpost".
Four Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group - since 2013.📖 Read
via "Threatpost".
Threat Post
New Android Spyware Tools Emerge in Widespread Surveillance Campaign
Never-before-seen Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group - since 2013.
🛠 SQLMAP - Automatic SQL Injection Tool 1.4.7 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.7 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🔐 How to use the Google Pixel Safety Check feature 🔐
📖 Read
via "Security on TechRepublic".
The Android-powered Google Pixel line of phones received a very important updated feature dedicated to user's personal safety. Learn how to use the Safety Check feature.📖 Read
via "Security on TechRepublic".
TechRepublic
How to use the Google Pixel Safety Check feature
The Android-powered Google Pixel line of phones received a very important updated feature dedicated to user's personal safety. Learn how to use the Safety Check feature.
ATENTION‼ New - CVE-2019-4706
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-4705
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-4704
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-4676
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2017-1712
📖 Read
via "National Vulnerability Database".
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."📖 Read
via "National Vulnerability Database".