βΌ CVE-2020-15242 βΌ
π Read
via "National Vulnerability Database".
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4.π Read
via "National Vulnerability Database".
π¦Ώ COVID-19 budgets, data security, and automation are concerns of IT leaders and staff π¦Ώ
π Read
via "Tech Republic".
Dueling surveys from Kaseya showed that IT department leaders share their underlings' worries about security and productivity.π Read
via "Tech Republic".
TechRepublic
COVID-19 budgets, data security, and automation are concerns of IT leaders and staff
Dueling surveys from Kaseya showed that IT department leaders share their underlings' worries about security and productivity.
π¦Ώ Password managers: A cheat sheet for professionals π¦Ώ
π Read
via "Tech Republic".
The sheer number of passwords the average person has can lead to confusion and tons of password retrieval emails. Simplify and secure your digital life by learning about password managers.π Read
via "Tech Republic".
TechRepublic
Password Manager Cheat Sheet: What Is a Password Manager?
This cheat sheet provides an overview of what a password manager is and what it does, helping you keep your online accounts safe and secure.
βΌ CVE-2020-15243 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26162 βΌ
π Read
via "National Vulnerability Database".
Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26921 βΌ
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.π Read
via "National Vulnerability Database".
π΄ Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective π΄
π Read
via "Dark Reading".
In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.π Read
via "Dark Reading".
Dark Reading
Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective
In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.
β Wormable Apple iCloud Bug Allows Automatic Photo Theft β
π Read
via "Threat Post".
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.π Read
via "Threat Post".
Threat Post
Wormable Apple iCloud Bug Allows Automatic Photo Theft
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.
β S3 Ep1: Ransomware β is it really OK to pay? β Naked Security Podcast β
π Read
via "Naked Security".
The Naked Security Podcast is back for Series 3 - here's Episode 1!π Read
via "Naked Security".
Naked Security
S3 Ep1: Ransomware β is it really OK to pay? [Podcast]
Our podcast is back for Series 3 β hereβs Episode 1!
π΄ Why MSPs Are Hacker Targets, and What To Do About It π΄
π Read
via "Dark Reading".
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.π Read
via "Dark Reading".
Dark Reading
Why MSPs Are Hacker Targets, and What To Do About It
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
βΌ CVE-2020-9105 βΌ
π Read
via "National Vulnerability Database".
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13955 βΌ
π Read
via "National Vulnerability Database".
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.π Read
via "National Vulnerability Database".
β Facebook Debuts Bug-Bounty βLoyalty Programβ β
π Read
via "Threat Post".
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports -- which will dictate new bonus percentages.π Read
via "Threat Post".
Threat Post
Facebook Debuts Bug-Bounty βLoyalty Programβ
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports β which will dictate new bonus percentages.
π¦Ώ The new Ring Always Home Camera is a security disaster in the making π¦Ώ
π Read
via "Tech Republic".
Jack Wallen offers his take on the upcoming release of the Ring Always Home Cam.π Read
via "Tech Republic".
TechRepublic
Ring Always Home Cam: A security disaster in the making
Jack Wallen offers his take on the upcoming release of the Ring Always Home Cam.
π¦Ώ Could Microsoft be en route to dumping Windows in favor of Linux? π¦Ώ
π Read
via "Tech Republic".
Microsoft Linux is the next evolution of the Microsoft desktop operating system, argues Jack Wallen. He explains why this would be a win-win for Microsoft, IT pros, users, and the Linux community.π Read
via "Tech Republic".
β Sophisticated Android Ransomware Executes with the Home Button β
π Read
via "Threat Post".
The malware also has a unique machine-learning module.π Read
via "Threat Post".
Threat Post
Sophisticated Android Ransomware Executes with the Home Button
The malware also has a unique machine-learning module.
π΄ CISOs Planning on Bigger Budgets: Report π΄
π Read
via "Dark Reading".
Budgets are on the rise, even in a time of revenue worries across the industry.π Read
via "Dark Reading".
Dark Reading
CISOs Planning on Bigger Budgets: Report
Budgets are on the rise, even in a time of revenue worries across the industry.
π¦Ώ How to secure your open source supply chain π¦Ώ
π Read
via "Tech Republic".
Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. Two experts weigh in.π Read
via "Tech Republic".
TechRepublic
How to secure your open source supply chain
Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. Two experts weigh in.
π¦Ώ How the enterprise can shut down cyber criminals and protect a remote staff π¦Ώ
π Read
via "Tech Republic".
Hackers accidentally allowed into company software by security noncompliant employees cost businesses millions annually; we asked experts to weigh in on best safety practices.π Read
via "Tech Republic".
TechRepublic
How the enterprise can shut down cyber criminals and protect a remote staff
Hackers accidentally allowed into company software by security noncompliant employees cost businesses millions annually; we asked experts to weigh in on best safety practices.
π΄ Critical Zerologon Flaw Exploited in TA505 Attacks π΄
π Read
via "Dark Reading".
Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π 10/9 Friday Five π
π Read
via "Digital Guardian".
Antitrust reforms, biometic data collection, and DHS malware warnings - catch up on all the week's news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
10/9 Friday Five
Antitrust reforms, biometic data collection, and DHS malware warnings - catch up on all the week's news with the Friday Five!