π How to limit file upload size on NGINX to mitigate DoS attack π
π Read
via "Security on TechRepublic".
If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.π Read
via "Security on TechRepublic".
TechRepublic
How to limit file upload size on NGINX to mitigate DoS attacks
If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.
π Friday Five: 8/7 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Telstra suffers a DoS attack, the hackers behind last month's Twitter breach are arrested, and an NSA advisory warns mobile users about the dangers of location data - catch up on the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 8/7 Edition
Telstra suffers a DoS attack, the hackers behind last month's Twitter breach are arrested, and an NSA advisory warns mobile users about the dangers of location data - catch up on the week's news with the Friday Five.
ATENTIONβΌ New - CVE-2020-11993
π Read
via "National Vulnerability Database".
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11985
π Read
via "National Vulnerability Database".
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11984
π Read
via "National Vulnerability Database".
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCEπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11852
π Read
via "National Vulnerability Database".
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.π Read
via "National Vulnerability Database".
β Have I Been Pwned Set to Go Open-Source β
π Read
via "Threatpost".
Fully opening the door to allow people to contribute to β and notably, tinker with β the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.π Read
via "Threatpost".
Threat Post
Have I Been Pwned Set to Go Open-Source
Fully opening the door to allow people to contribute to β and notably, tinker with β the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.
π΄ 400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones π΄
π Read
via "Dark Reading: ".
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.π Read
via "Dark Reading: ".
Dark Reading
400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones.
β Attackers Horn in on MFA Bypass Options for Account Takeovers β
π Read
via "Threatpost".
Legacy applications don't support modern authentication -- and cybercriminals know this.π Read
via "Threatpost".
Threat Post
Attackers Hone in on MFA Bypass Options for Account Takeovers
Legacy applications don't support modern authentication β and cybercriminals know this.
π΄ Hacking the PLC via Its Engineering Software π΄
π Read
via "Dark Reading: ".
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.π Read
via "Dark Reading: ".
Darkreading
Hacking the PLC via Its Engineering Software
Researcher will demonstrate at DEF CON an emerging threat to industrial control networks.
π΄ Reddit Attack Defaces Dozens of Channels π΄
π Read
via "Dark Reading: ".
The attack has defaced the channels with images and content supporting Donald Trump.π Read
via "Dark Reading: ".
Dark Reading
Reddit Attack Defaces Dozens of Channels
The attack has defaced the channels with images and content supporting Donald Trump.
ATENTIONβΌ New - CVE-2020-13376
π Read
via "National Vulnerability Database".
SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie.π Read
via "National Vulnerability Database".
β Qualcomm Bugs Open 40 Percent of Android Handsets to Attack β
π Read
via "Threatpost".
Researchers identified serious flaws in Qualcommβs Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.π Read
via "Threatpost".
Threat Post
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcommβs Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
ATENTIONβΌ New - CVE-2019-7005
π Read
via "National Vulnerability Database".
A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. Affected versions of IP Office include: 9.x, 10.0 through 10.1.0.7 and 11.0 through 11.0.4.2.π Read
via "National Vulnerability Database".
π΄ Digital Clones Could Cause Problems for Identity Systems π΄
π Read
via "Dark Reading: ".
Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.π Read
via "Dark Reading: ".
Dark Reading
Digital Clones Could Cause Problems for Identity Systems
Three fundamental technologies -- chatbots, audio fakes, and deepfake videos -- have improved to the point that creating digital, real-time clones of people is merely a matter of integrating the systems.
ATENTIONβΌ New - CVE-2019-19704
π Read
via "National Vulnerability Database".
In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12781
π Read
via "National Vulnerability Database".
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12780
π Read
via "National Vulnerability Database".
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12779
π Read
via "National Vulnerability Database".
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12778
π Read
via "National Vulnerability Database".
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12777
π Read
via "National Vulnerability Database".
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.π Read
via "National Vulnerability Database".