βΌ CVE-2020-25867 βΌ
π Read
via "National Vulnerability Database".
SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It allows a bypass to get access without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25768 βΌ
π Read
via "National Vulnerability Database".
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15501 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2015-7379 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
β MontysThree APT Takes Unusual Aim at Industrial Targets β
π Read
via "Threat Post".
The newly discovered APT specializes in espionage campaigns against industrial holdings -- a rare target for spyware.π Read
via "Threat Post".
Threat Post
MontysThree APT Takes Unusual Aim at Industrial Targets
The newly discovered APT specializes in espionage campaigns against industrial holdings β a rare target for spyware.
βΌ CVE-2020-3602 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3567 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of requests sent to the REST API. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to cause a permanent DoS condition that is due to high CPU utilization. Manual intervention may be required to recover the Cisco IND.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3536 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.π Read
via "National Vulnerability Database".
β Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks β
π Read
via "Threat Post".
A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers.π Read
via "Threat Post".
Threat Post
Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks
A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers.
π΄ Key Considerations & Best Practices for Establishing a Secure Remote Workforce π΄
π Read
via "Dark Reading".
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.π Read
via "Dark Reading".
Dark Reading
Key Considerations & Best Practices for Establishing a Secure Remote Workforce
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.
βΌ CVE-2020-25262 βΌ
π Read
via "National Vulnerability Database".
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2289 βΌ
π Read
via "National Vulnerability Database".
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2296 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.π Read
via "National Vulnerability Database".
π¦Ώ Buyers beware: Hackers poised to make Amazon Prime Day into a prime phishing day π¦Ώ
π Read
via "Tech Republic".
Analysis of hundreds of millions of web pages found phishing and fraudulent sites using the Amazon brand and logos poised for big Prime Day sales, according to Bolster Research.π Read
via "Tech Republic".
TechRepublic
Buyers beware: Hackers poised to make Amazon Prime Day into a prime phishing day
Analysis of hundreds of millions of web pages found phishing and fraudulent sites using the Amazon brand and logos poised for big Prime Day sales, according to Bolster Research.
β Microsoft Azure Flaws Open Admin Servers to Takeover β
π Read
via "Threat Post".
Two flaws in Microsoft's cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.π Read
via "Threat Post".
Threat Post
Microsoft Azure Flaws Open Admin Servers to Takeover
Two flaws in Microsoft's cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.
π΄ Kaspersky Researchers Spot Russia-on-Russia Cyber-Espionage Campaign π΄
π Read
via "Dark Reading".
Steganography-borne malware used to spy on industrial targets in Russia.π Read
via "Dark Reading".
Dark Reading
Kaspersky Researchers Spot Russia-on-Russia Cyber-Espionage Campaign
Steganography-borne malware used to spy on industrial targets in Russia.
π΄ US Election-Related Websites Vulnerable to Fraud, Abuse π΄
π Read
via "Dark Reading".
New research finds the vast majority of reputable news, political, and donor-oriented sites don't use registry locks.π Read
via "Dark Reading".
Dark Reading
US Election-Related Websites Vulnerable to Fraud, Abuse
New research finds the vast majority of reputable news, political, and donor-oriented sites don't use registry locks.
βΌ CVE-2020-5389 βΌ
π Read
via "National Vulnerability Database".
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13344 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redisπ Read
via "National Vulnerability Database".
π¦Ώ Security pros: Cyber threats to industrial enterprises increase due to pandemic π¦Ώ
π Read
via "Tech Republic".
86% polled said their organization made cybersecurity a priority during the COVID-19 crisis and implemented appropriate training for remote workers, according to a report.π Read
via "Tech Republic".
TechRepublic
Security pros: Cyber threats to industrial enterprises increase due to pandemic
86% polled said their organization made cybersecurity a priority during the COVID-19 crisis and implemented appropriate training for remote workers, according to a report.
β Naked Security Podcast β weβre back for Series 3! β
π Read
via "Naked Security".
Join us weekly for the Naked Security Podcast - back for Series 3 and available wherever good podcasts are found!π Read
via "Naked Security".
Naked Security
Naked Security Podcast β weβre back for Series 3!
Join us weekly for the Naked Security Podcast β back for Series 3 and available wherever good podcasts are found!