β Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw β
π Read
via "Threatpost".
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.π Read
via "Threatpost".
Threat Post
Researcher Publishes Patch Bypass for vBulletin 0-Day
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
π Phishing emails tempting people with fake coronavirus vaccines π
π Read
via "Security on TechRepublic".
As researchers race to develop a COVID-19 vaccine, phishing campaigns have landed on a topic ripe for exploitation, says Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Phishing emails tempting people with fake coronavirus vaccines
As researchers race to develop a COVID-19 vaccine, phishing campaigns have landed on a topic ripe for exploitation, says Check Point Research.
π΄ How to Help Spoil the Cybercrime Economy π΄
π Read
via "Dark Reading: ".
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.π Read
via "Dark Reading: ".
Dark Reading
How to Help Spoil the Cybercrime Economy
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.
π How cybersecurity has changed since the coronavirus outbreak began, and what it means for businesses π
π Read
via "Security on TechRepublic".
Moving employees to a work-from-home model means your security infrastructure has to change quickly. Some recent breaches highlight the importance of cybersecurity.π Read
via "Security on TechRepublic".
TechRepublic
How cybersecurity has changed since the coronavirus outbreak began, and what it means for businesses
Moving employees to a work-from-home model means your security infrastructure has to change quickly. Some recent breaches highlight the importance of cybersecurity.
π How cybersecurity has changed since the coronavirus outbreak began, and what it means for businesses π
π Read
via "Security on TechRepublic".
Moving employees to a work-from-home model means your security infrastructure has to change quickly. Some recent breaches highlight the importance of cybersecurity.π Read
via "Security on TechRepublic".
TechRepublic
How cybersecurity has changed since the coronavirus outbreak began, and what it means for businesses
Moving employees to a work-from-home model means your security infrastructure has to change quickly. Some recent breaches highlight the importance of cybersecurity.
π How to patch CentOS against BootHole π
π Read
via "Security on TechRepublic".
If you have CentOS servers in your data center, you'll want to make sure to patch them against BootHole. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to patch CentOS against BootHole
If you have CentOS servers in your data center, you'll want to make sure to patch them against BootHole. Jack Wallen shows you how.
ATENTIONβΌ New - CVE-2020-14325
π Read
via "National Vulnerability Database".
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10783
π Read
via "National Vulnerability Database".
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10779
π Read
via "National Vulnerability Database".
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data within the CloudForms.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10778
π Read
via "National Vulnerability Database".
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10777
π Read
via "National Vulnerability Database".
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.π Read
via "National Vulnerability Database".
β Samsung Quietly Fixed Critical Galaxy Flaws Allowing Spying, Data Wiping β
π Read
via "Threatpost".
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.π Read
via "Threatpost".
Threat Post
Samsung Quietly Fixes Critical Galaxy Flaws Allowing Spying, Data Wiping
Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.
π΄ Zero-Trust Security 101 π΄
π Read
via "Dark Reading: ".
What are the fundamental spirit and tenets of zero-trust architecture, boiled down, without the marketing speak?π Read
via "Dark Reading: ".
Dark Reading
Zero-Trust Security 101
What are the fundamental spirit and tenets of zero-trust architecture, boiled down, without the marketing speak?
π Cybersecurity and remote support are top goals for CIOs in 2020 π
π Read
via "Security on TechRepublic".
Most IT leaders say their priorities have shifted since the coronavirus pandemic surfaced around the start of the year, says Hitachi ID.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity and remote support are top goals for CIOs in 2020
Most IT leaders say their priorities have shifted since the coronavirus pandemic surfaced around the start of the year, says Hitachi ID.
β Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development β
π Read
via "Threatpost".
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.π Read
via "Threatpost".
Threat Post
Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.
ATENTIONβΌ New - CVE-2020-14324
π Read
via "National Vulnerability Database".
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-14313
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-14296
π Read
via "National Vulnerability Database".
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10780
π Read
via "National Vulnerability Database".
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.π Read
via "National Vulnerability Database".
β Facial recognition β another setback for law enforcement β
π Read
via "Naked Security".
"Something needs to be done," said the court. Where do you stand? For or against, have your say in our comments.π Read
via "Naked Security".
Naked Security
Facial recognition β another setback for law enforcement
βSomething needs to be done,β said the court. Where do you stand? For or against, have your say in our comments.
β Critical Adobe Acrobat and Reader Bugs Allow RCE β
π Read
via "Threatpost".
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.π Read
via "Threatpost".
Threat Post
Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.