ATENTIONβΌ New - CVE-2020-15030
π Read
via "National Vulnerability Database".
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-15029
π Read
via "National Vulnerability Database".
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-15028
π Read
via "National Vulnerability Database".
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11882
π Read
via "National Vulnerability Database".
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19935
π Read
via "National Vulnerability Database".
Froala Editor before 3.0.6 allows XSS.π Read
via "National Vulnerability Database".
π΄ Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud π΄
π Read
via "Dark Reading: ".
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.π Read
via "Dark Reading: ".
Dark Reading
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
π΄ Drone Path Often Reveals Operator's Location π΄
π Read
via "Dark Reading: ".
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.π Read
via "Dark Reading: ".
Dark Reading
Drone Path Often Reveals Operator's Location
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
π΄ Microsoft Seizes Domains Used in COVID-19-Themed Attacks π΄
π Read
via "Dark Reading: ".
Court grants company's bid to shut down infrastructure used in recent campaigns against Office 365 users.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Operations recent news | Dark Reading
Explore the latest news and expert commentary on Cybersecurity Operations, brought to you by the editors of Dark Reading
π FBI Warns of Increase in Fake, COVID-Related Unemployment Claims π
π Read
via "Subscriber Blog RSS Feed ".
The Federal Bureau of Investigation said this week that its seen a spike in fraudulent unemployment insurance claims related to the pandemic.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FBI Warns of Increase in Fake, COVID-Related Unemployment Claims
The Federal Bureau of Investigation said this week that its seen a spike in fraudulent unemployment insurance claims related to the pandemic.
π CompTIA joins the battle to recruit high school and college students into cybersecurity π
π Read
via "Security on TechRepublic".
The certification company will host prep sessions for the National Cyber League's cybersecurity competitions for individuals and teams.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity competition: CompTIA seeking high school and college students for hacker and security games
The certification company will host prep sessions for the National Cyber League's cybersecurity competitions for individuals and teams.
π Why people forget their email passwords the most often π
π Read
via "Security on TechRepublic".
Many users save their email password and so don't remember it if they have to enter or reset it, says NordPass.π Read
via "Security on TechRepublic".
π΄ Treasury Releases Fraud and Money Mule ID Tips π΄
π Read
via "Dark Reading: ".
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.π Read
via "Dark Reading: ".
Dark Reading
Treasury Releases Fraud and Money Mule ID Tips
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.
ATENTIONβΌ New - CVE-2019-20896
π Read
via "National Vulnerability Database".
WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.π Read
via "National Vulnerability Database".
β Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites β
π Read
via "Threatpost".
Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months.π Read
via "Threatpost".
Threat Post
Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites
Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months.
β BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges β
π Read
via "Threatpost".
The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts.π Read
via "Threatpost".
Threat Post
BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges
The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts.
π΄ EDP Renewables Confirms Ransomware Attack π΄
π Read
via "Dark Reading: ".
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.π Read
via "Dark Reading: ".
Dark Reading
EDP Renewables Confirms Ransomware Attack
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.
ATENTIONβΌ New - CVE-2020-15008
π Read
via "National Vulnerability Database".
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12821
π Read
via "National Vulnerability Database".
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12736
π Read
via "National Vulnerability Database".
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.π Read
via "National Vulnerability Database".
β Kinda sorta weakened version of EARN IT Act creeps closer β
π Read
via "Naked Security".
Critics say the amended bill that's headed for a full Senate hearing still threatens encryption, albeit less blatantly.π Read
via "Naked Security".
Naked Security
Kinda sorta weakened version of EARN IT Act creeps closer
Critics say the amended bill thatβs headed for a full Senate hearing still threatens encryption, albeit less blatantly.
π How managed service providers can pose a risk to their customers π
π Read
via "Security on TechRepublic".
The US Secret Service has warned organizations about a rise in hacks of MSPs and offers advice on how to beef up security.π Read
via "Security on TechRepublic".
TechRepublic
US Secret Service warns about increased cyberattacks against MSPs
The US Secret Service has warned organizations about a rise in hacks of MSPs and offers advice on how to beef up security.