β Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development β
π Read
via "Threatpost".
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.π Read
via "Threatpost".
Threat Post
Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development
The fundamental causes for the skill gap are myriad, starting with a lack of training and career-development opportunities.
ATENTIONβΌ New - CVE-2020-14324
π Read
via "National Vulnerability Database".
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-14313
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-14296
π Read
via "National Vulnerability Database".
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10780
π Read
via "National Vulnerability Database".
Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once the victim opens the file, the formula executes, triggering any number of possible events. While this is strictly not an flaw that affects the application directly, attackers could use the loosely validated parameters to trigger several attack possibilities.π Read
via "National Vulnerability Database".
β Facial recognition β another setback for law enforcement β
π Read
via "Naked Security".
"Something needs to be done," said the court. Where do you stand? For or against, have your say in our comments.π Read
via "Naked Security".
Naked Security
Facial recognition β another setback for law enforcement
βSomething needs to be done,β said the court. Where do you stand? For or against, have your say in our comments.
β Critical Adobe Acrobat and Reader Bugs Allow RCE β
π Read
via "Threatpost".
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.π Read
via "Threatpost".
Threat Post
Critical Adobe Acrobat and Reader Bugs Allow RCE
Adobe patched critical and important-severity flaws tied to 26 CVEs in Acrobat and Reader.
π΄ EU-US Privacy Shield Dissolution: What Happens Next? π΄
π Read
via "Dark Reading: ".
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.π Read
via "Dark Reading: ".
Dark Reading
EU-US Privacy Shield Dissolution: What Happens Next?
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
π΄ Is Edtech the Greatest APT? π΄
π Read
via "Dark Reading: ".
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?π Read
via "Dark Reading: ".
Dark Reading
Is Edtech the Greatest APT?
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?
ATENTIONβΌ New - CVE-2020-13124
π Read
via "National Vulnerability Database".
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11552
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM.π Read
via "National Vulnerability Database".
β Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules β
π Read
via "Threatpost".
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules.π Read
via "Threatpost".
Threat Post
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules
A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules.
π΄ Zoom Vulnerabilities Demonstrated in DEF CON Talk π΄
π Read
via "Dark Reading: ".
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.π Read
via "Dark Reading: ".
Dark Reading
Zoom Vulnerabilities Demonstrated in DEF CON Talk
A security researcher demonstrated multiple vulnerabilities, two of which could let an attacker read and steal user data.
π΄ Symmetry Systems Emerges from Stealth π΄
π Read
via "Dark Reading: ".
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.π Read
via "Dark Reading: ".
Dark Reading
Symmetry Systems Emerges from Stealth
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
π Iranian Hackers Targeting Networking Devices π
π Read
via "Subscriber Blog RSS Feed ".
The FBI warned organizations last week that an Iranian hacking group has been targeting vulnerable networking devices for a month.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Iranian Hackers Targeting Networking Devices
The FBI warned organizations last week that an Iranian hacking group has been targeting vulnerable networking devices for a month.
ATENTIONβΌ New - CVE-2020-13179
π Read
via "National Vulnerability Database".
Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13178
π Read
via "National Vulnerability Database".
A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13177
π Read
via "National Vulnerability Database".
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the system path.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13176
π Read
via "National Vulnerability Database".
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains a stored cross-site scripting (XSS) vulnerability which allows a remote unauthenticated attacker to poison log files with malicious JavaScript via the login page which is executed when an administrator views the logs within the application.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13175
π Read
via "National Vulnerability Database".
The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local file inclusion vulnerability which allows an unauthenticated remote attacker to leak LDAP credentials via a specially crafted HTTP request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13174
π Read
via "National Vulnerability Database".
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking.π Read
via "National Vulnerability Database".