‼ CVE-2020-12505 ‼
📖 Read
via "National Vulnerability Database".
Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions.📖 Read
via "National Vulnerability Database".
🔏 Insider Stole Yacht IP via USB, Company Alleges 🔏
📖 Read
via "Digital Guardian".
The latest industrial espionage case involves theft at a yacht manufacturer by a now ex-employee.📖 Read
via "Digital Guardian".
Digital Guardian
Insider Stole Yacht IP via USB, Company Alleges
The latest industrial espionage case involves theft at a yacht manufacturer by a now ex-employee.
❌ Android Spyware Variant Snoops on WhatsApp, Telegram Messages ❌
📖 Read
via "Threat Post".
The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion.📖 Read
via "Threat Post".
Threat Post
Android Spyware Variant Snoops on WhatsApp, Telegram Messages
The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion.
🕴 A Guide to the NIST Cybersecurity Framework 🕴
📖 Read
via "Dark Reading".
With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.📖 Read
via "Dark Reading".
Dark Reading
A Guide to the NIST Cybersecurity Framework
With cybersecurity threats growing exponentially, it has never been more important to put together an efficient cyber-risk management policy, and NIST's framework can help.
‼ CVE-2019-20921 ‼
📖 Read
via "National Vulnerability Database".
bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21523 ‼
📖 Read
via "National Vulnerability Database".
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21527 ‼
📖 Read
via "National Vulnerability Database".
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21244 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25763 ‼
📖 Read
via "National Vulnerability Database".
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26157 ‼
📖 Read
via "National Vulnerability Database".
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.📖 Read
via "National Vulnerability Database".
🕴 What Legal Language Should I Look Out for When Selecting Cyber Insurance? 🕴
📖 Read
via "Dark Reading".
At times, vague coverage can actually work for you.📖 Read
via "Dark Reading".
Dark Reading
What Legal Language Should I Look Out for When Selecting Cyber Insurance?
At times, vague coverage can actually work for you.
❌ OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks ❌
📖 Read
via "Threat Post".
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more.📖 Read
via "Threat Post".
Threat Post
OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more.
🕴 Cloud Misconfiguration Mishaps Businesses Must Watch 🕴
📖 Read
via "Dark Reading".
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.📖 Read
via "Dark Reading".
Dark Reading
Cloud Misconfiguration Mishaps Businesses Must Watch
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
🕴 GitHub Tool Spots Security Vulnerabilities in Code 🕴
📖 Read
via "Dark Reading".
Scanner, which just became generally available, lets developers spot problems before code gets into production.📖 Read
via "Dark Reading".
Dark Reading
GitHub Tool Spots Security Vulnerabilities in Code
Scanner, which just became generally available, lets developers spot problems before code gets into production.
‼ CVE-2020-25781 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25816 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13336 ‼
📖 Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.📖 Read
via "National Vulnerability Database".
🕴 The No Good, Very Bad Week for Iran's Nation-State Hacking Ops 🕴
📖 Read
via "Dark Reading".
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.📖 Read
via "Dark Reading".
Dark Reading
The No Good, Very Bad Week for Iran's Nation-State Hacking Ops
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.
‼ CVE-2019-20902 ‼
📖 Read
via "National Vulnerability Database".
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20903 ‼
📖 Read
via "National Vulnerability Database".
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.📖 Read
via "National Vulnerability Database".
❌ InterPlanetary Storm Botnet Infects 13K Mac, Android Devices ❌
📖 Read
via "Threat Post".
In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.📖 Read
via "Threat Post".
Threat Post
InterPlanetary Storm Botnet Infects 13K Mac, Android Devices
In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.