βΌ CVE-2020-25827 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25812 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25814 βΌ
π Read
via "National Vulnerability Database".
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.π Read
via "National Vulnerability Database".
β Naked Security Live β βSMS scams: keep yourself and your family safe!β β
π Read
via "Naked Security".
Naked Security Live - here's the recorded version of our latest video. Enjoy.π Read
via "Naked Security".
Naked Security
Naked Security Live β βSMS scams: keep yourself and your family safe!β
Naked Security Live β hereβs the recorded version of our latest video. Enjoy.
π΄ MFA-Minded Attackers Continue to Figure Out Workarounds π΄
π Read
via "Dark Reading".
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.π Read
via "Dark Reading".
Dark Reading
MFA-Minded Attackers Continue to Figure Out Workarounds
While MFA can improve overall security posture, it's not a silver bullet -- and hacks continue.
π΄ Safeguarding Schools Against RDP-Based Ransomware π΄
π Read
via "Dark Reading".
How getting online learning right today will protect schools, and the communities they serve, for years to come.π Read
via "Dark Reading".
Dark Reading
Safeguarding Schools Against RDP-Based Ransomware
How getting online learning right today will protect schools, and the communities they serve, for years to come.
π΄ 9 Tips to Prepare for the Future of Cloud & Network Security π΄
π Read
via "Dark Reading".
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.π Read
via "Dark Reading".
Dark Reading
9 Tips to Prepare for the Future of Cloud & Network Security
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
β REvil ransomware crew dangles $1,000,000 cybercrime carrot β
π Read
via "Naked Security".
When a company pays a multimillion dollar ransomware blackmail demand, where do you think the money goes?π Read
via "Naked Security".
Naked Security
REvil ransomware crew dangles $1,000,000 cybercrime carrot
When a company pays a multimillion dollar ransomware blackmail demand, where do you think the money goes?
β Joker Trojans Flood the Android Ecosystem β
π Read
via "Threat Post".
September saw dozens of Joker malware variants hitting Google Play and third-party app stores.π Read
via "Threat Post".
Threat Post
Joker Trojans Flood the Android Ecosystem
September saw dozens of Joker malware variants hitting Google Play and third-party app stores.
π Sifter 10_r2 π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 10_r2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ How to install common security tools via Homebrew on a Mac π¦Ώ
π Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install common security tools on macOS computers to assess and aid in hardening devices on your network.π Read
via "Tech Republic".
TechRepublic
How to install common security tools via Homebrew on a Mac
We'll guide you through the process of using Homebrew package manager to install common security tools on macOS computers to assess and aid in hardening devices on your network.
β Universal Health Services Ransomware Attack Impacts Hospitals Nationwide β
π Read
via "Threat Post".
The Ryuk ransomware is suspected to be the culprit.π Read
via "Threat Post".
Threat Post
Universal Health Services Ransomware Attack Impacts Hospitals Nationwide
The Ryuk ransomware is suspected to be the culprit.
π Ransomware Reportedly Behind Nationwide UHS Hospital Outage π
π Read
via "Digital Guardian".
The full scope of the incident isn't yet known but as a result, many facilities have been left without access to computer systems.π Read
via "Digital Guardian".
Digital Guardian
Ransomware Reportedly Behind Nationwide UHS Hospital Outage
The full scope of the incident isn't yet known but as a result, many facilities have been left without access to computer systems.
β Mac, Linux Users Now Targeted by FinSpy Variants β
π Read
via "Threat Post".
FinSpy has returned in new campaigns targeting dissident organizations in Egypt - and researchers uncovered new samples of the spyware targeting macOS and Linux users.π Read
via "Threat Post".
Threat Post
Mac, Linux Users Now Targeted by FinSpy Variants
FinSpy has returned in new campaigns targeting dissident organizations in Egypt β and researchers uncovered new samples of the spyware targeting macOS and Linux users.
β Windows 7 βUpgradeβ Emails Steal Outlook Credentials β
π Read
via "Threat Post".
Researchers warn of emails pretending to help business employees upgrade to Windows 10 - and then stealing their Outlook emails and passwords.π Read
via "Threat Post".
Threat Post
Windows 7 βUpgradeβ Emails Steal Outlook Credentials
Researchers warn of emails pretending to help business employees upgrade to Windows 10 - and then stealing their Outlook emails and passwords.
π¦Ώ How companies can meet the needs of the future workforce π¦Ώ
π Read
via "Tech Republic".
The workforce is changing in the wake of a global pandemic. Learn some insights from industry executives about what companies and employees should be doing to evolve accordingly.π Read
via "Tech Republic".
TechRepublic
How companies can meet the needs of the future workforce
The workforce is changing in the wake of a global pandemic. Learn some insights from industry executives about what companies and employees should be doing to evolve accordingly.
π΄ Ivanti Acquires Two Security Companies π΄
π Read
via "Dark Reading".
Purchase of MobilIron and Pulse Secure announced simultaneously.π Read
via "Dark Reading".
Dark Reading
Ivanti Acquires Two Security Companies
Purchase of MobilIron and Pulse Secure announced simultaneously.
βΌ CVE-2020-25770 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24565 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.π Read
via "National Vulnerability Database".
β Telehealth Poll: How Risky Are Remote Doctor Visits? β
π Read
via "Threat Post".
Threatpost's latest poll probes telehealth security risks and asks for IT cures.π Read
via "Threat Post".
Threat Post
Telehealth Poll: How Risky Are Remote Doctor Visits?
Threatpost's latest poll probes telehealth security risks and asks for IT cures.
π΄ The Shared Irresponsibility Model in the Cloud Is Putting You at Risk π΄
π Read
via "Dark Reading".
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?π Read
via "Dark Reading".
Dark Reading
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?