βΌ CVE-2020-9486 βΌ
π Read
via "National Vulnerability Database".
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26524 βΌ
π Read
via "National Vulnerability Database".
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26538 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.π Read
via "National Vulnerability Database".
β Serious Security: Phishing without links β when phishers bring along their own web pages β
π Read
via "Naked Security".
How do you "check the URL before you click" if the web page you're visiting is already on your own computer?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2020-7737 βΌ
π Read
via "National Vulnerability Database".
All versions of package safetydance are vulnerable to Prototype Pollution via the set function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7736 βΌ
π Read
via "National Vulnerability Database".
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8110 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.π Read
via "National Vulnerability Database".
π Friday Five 10/2 π
π Read
via "Digital Guardian".
A legal right to work from home, insensitive phishing, and election disinformation - catch up on the week's news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 10/2
A legal right to work from home, insensitive phishing, and election disinformation - catch up on the week's news with the Friday Five!
β 305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer β
π Read
via "Threat Post".
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he's faced, reporting CVEs since 1994.π Read
via "Threat Post".
Threat Post
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he's faced, reporting CVEs since 1994.
π΄ Truncated URLs Look to Make Big Dent in Phishing π΄
π Read
via "Dark Reading".
The approach is a long time in coming and will test the premise that users can more easily detect a suspicious domain from the name alone.π Read
via "Dark Reading".
Dark Reading
Truncated URLs Look to Make Big Dent in Phishing
The approach is a long time in coming and will test the premise that users can more easily detect a suspicious domain from the name alone.
π¦Ώ Report: Despite more cyberthreats during COVID-19, most businesses confident about cybersecurity π¦Ώ
π Read
via "Tech Republic".
Remote working and phishing attacks spiked during the coronavirus pandemic, but organizations believe they're on track with their cybersecurity plans, according to a new report from CompTIA.π Read
via "Tech Republic".
TechRepublic
Report: Despite more cyberthreats during COVID-19, most businesses are confident about cybersecurity
Remote working and phishing attacks spiked during the coronavirus pandemic, but organizations believe they're on track with their cybersecurity plans, according to a new report from CompTIA.
π΄ 3 Months for the Cybercrime Books π΄
π Read
via "Dark Reading".
From July through September, US law enforcement handed down major indictments or sanctions against foreign threat groups at least six times.π Read
via "Dark Reading".
Dark Reading
3 Months for the Cybercrime Books
From July through September, US law enforcement handed down major indictments or sanctions against foreign threat groups at least six times.
βΌ CVE-2020-25623 βΌ
π Read
via "National Vulnerability Database".
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.π Read
via "National Vulnerability Database".
β Years-Long βSilentFadeβ Attack Drained Facebook Victims of $4M β
π Read
via "Threat Post".
Facebook detailed an ad-fraud cyberattack that's been ongoing since 2016, stealing Facebook credentials and browser cookies.π Read
via "Threat Post".
Threat Post
Years-Long βSilentFadeβ Attack Drained Facebook Victims of $4M
Facebook detailed an ad-fraud cyberattack that's been ongoing since 2016, stealing Facebook credentials and browser cookies.
βΌ CVE-2020-7069 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.π Read
via "National Vulnerability Database".
β LatAm Banking Trojans Collaborate in Never-Before-Seen Effort β
π Read
via "Threat Post".
Eleven different malware families are coordinating on distribution, features, geo-targeting and more.π Read
via "Threat Post".
Threat Post
LatAm Banking Trojans Collaborate in Never-Before-Seen Effort
Eleven different malware families are coordinating on distribution, features, geo-targeting and more.
π΄ Name That Toon: Castle in the Sky π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Castle in the Sky
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ Emotet Spoofs DNC In New Attack Campaign π΄
π Read
via "Dark Reading".
Thousands of Emotet emails contain a message body pulled directly from the Democratic National Committee website, researchers report.π Read
via "Dark Reading".
Dark Reading
Emotet Spoofs DNC In New Attack Campaign
Thousands of Emotet emails contain a message body pulled directly from the Democratic National Committee website, researchers report.
β Researchers Mixed on Sanctions for Ransomware Negotiators β
π Read
via "Threat Post".
Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Department of the Treasury.π Read
via "Threat Post".
Threat Post
Researchers Mixed on Sanctions for Ransomware Negotiators
Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Department of the Treasury.
π¦Ώ Vulnerable supply chains introduce increasingly interconnected attack surfaces π¦Ώ
π Read
via "Tech Republic".
Accenture Security lists five other "extreme but plausible threat scenarios in financial services" in a new report.π Read
via "Tech Republic".
TechRepublic
Vulnerable supply chains introduce increasingly interconnected attack surfaces
Accenture Security lists five other "extreme but plausible threat scenarios in financial services" in a new report.
βΌ CVE-2020-5422 βΌ
π Read
via "National Vulnerability Database".
BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).π Read
via "National Vulnerability Database".