ATENTIONβΌ New - CVE-2020-13913
π Read
via "National Vulnerability Database".
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.π Read
via "National Vulnerability Database".
β Firefox 79 is out β itβs a double-update month so patch now! β
π Read
via "Naked Security".
It's a Blue Moon month for Firefox - the second full update in July!π Read
via "Naked Security".
Naked Security
Firefox 79 is out β itβs a double-update month so patch now!
Itβs a Blue Moon month for Firefox β the second full update in July!
π Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses π
π Read
via "Security on TechRepublic".
The GPS maker scrambled to contain the aftermath of an attack as employees took to social media to describe what was happening.π Read
via "Security on TechRepublic".
TechRepublic
Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses
The GPS maker scrambled to contain the aftermath of an attack as employees took to social media to describe what was happening.
π΄ Autonomous IT: Less Reacting, More Securing π΄
π Read
via "Dark Reading: ".
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.π Read
via "Dark Reading: ".
Dark Reading
Autonomous IT: Less Reacting, More Securing
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
π΄ 7.5M Banking Customers Affected in Dave Security Breach π΄
π Read
via "Dark Reading: ".
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.π Read
via "Dark Reading: ".
Dark Reading
7.5M Banking Customers Affected in Dave Security Breach
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.
π΄ Researchers Foil Phishing Attempt on Netflix Customers π΄
π Read
via "Dark Reading: ".
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.π Read
via "Dark Reading: ".
Dark Reading
Researchers Foil Phishing Attempt on Netflix Customers
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
π΄ Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness π΄
π Read
via "Dark Reading: ".
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.π Read
via "Dark Reading: ".
Dark Reading
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
π US Indicts Two Chinese Hackers Following Theft of Trade Secrets π
π Read
via "Subscriber Blog RSS Feed ".
The two hackers were also linked to attempts to hack American biotech firms working on a coronavirus (COVID-19) vaccine.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
US Indicts Two Chinese Hackers Following Theft of Trade Secrets
The two hackers were also linked to attempts to hack American biotech firms working on a coronavirus (COVID-19) vaccine.
π Facebook data privacy scandal: A cheat sheet π
π Read
via "Security on TechRepublic".
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.π Read
via "Security on TechRepublic".
TechRepublic
Facebook data privacy scandal: A cheat sheet
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.
ATENTIONβΌ New - CVE-2020-10930
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10929
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10928
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10927
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10926
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10925
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10924
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10923
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.π Read
via "National Vulnerability Database".
π΄ Avon Server Leaks User Info and Administrative Data π΄
π Read
via "Dark Reading: ".
An unprotected server has exposed more than 7GB of data from the beauty brand.π Read
via "Dark Reading: ".
Dark Reading
Avon Server Leaks User Info and Administrative Data
An unprotected server has exposed more than 7GB of data from the beauty brand.
β Lazarus Group Brings APT Tactics to Ransomware β
π Read
via "Threatpost".
A new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.π Read
via "Threatpost".
Threat Post
Lazarus Group Brings APT Tactics to Ransomware
A new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.
π΄ Lazarus Group Shifts Gears with Custom Ransomware π΄
π Read
via "Dark Reading: ".
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.π Read
via "Dark Reading: ".
Dark Reading
Lazarus Group Shifts Gears with Custom Ransomware
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.
ATENTIONβΌ New - CVE-2020-10985
π Read
via "National Vulnerability Database".
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.π Read
via "National Vulnerability Database".