βΌ CVE-2020-26935 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26947 βΌ
π Read
via "National Vulnerability Database".
monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26948 βΌ
π Read
via "National Vulnerability Database".
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14184 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5141 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.π Read
via "National Vulnerability Database".
β S3 Ep1: Ransomware β is it really OK to pay? β Naked Security Podcast β
π Read
via "Naked Security".
Our podcast is back for Series 3 - here's Episode 1!π Read
via "Naked Security".
Naked Security
S3 Ep1: Ransomware β is it really OK to pay? [Podcast]
Our podcast is back for Series 3 β hereβs Episode 1!
β Naked Security Live β Cybersecurity tips for your own network β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Cybersecurity tips for your own network
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!
β Ransomware Attackers Buy Network Access in Cyberattack Shortcut β
π Read
via "Threat Post".
Network access to various industries is being offered in underground forums at as little as $300 a pop - and researchers warn that ransomware groups like Maze and NetWalker could be buying in.π Read
via "Threat Post".
Threat Post
Ransomware Attackers Buy Network Access in Cyberattack Shortcut
Network access to various industries is being offered in underground forums at as little as $300 a pop - and researchers warn that ransomware groups like Maze and NetWalker could be buying in.
π΄ How to Pinpoint Rogue IoT Devices on Your Network π΄
π Read
via "Dark Reading".
Researchers explain how security practitioners can recognize when a seemingly benign device could be malicious.π Read
via "Dark Reading".
Dark Reading
How to Pinpoint Rogue IoT Devices on Your Network
Researchers explain how security practitioners can recognize when a seemingly benign device could be malicious.
π΄ Security Officers, Are Your Employers Practicing Good Habits from Home? π΄
π Read
via "Dark Reading".
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.π Read
via "Dark Reading".
Dark Reading
Security Officers, Are Your Employers Practicing Good Habits from Home?
Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.
π΄ A 7-Step Cybersecurity Plan for Healthcare Organizations π΄
π Read
via "Dark Reading".
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.π Read
via "Dark Reading".
Dark Reading
A 7-Step Cybersecurity Plan for Healthcare Organizations
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
βΌ CVE-2020-4772 βΌ
π Read
via "National Vulnerability Database".
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4773 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which is an attack that forces a user to execute unwanted actions on the web application while they are currently authenticated. This applies to a single server class only, with no impact to remainder of web application. IBM X-Force ID: 189151.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9108 βΌ
π Read
via "National Vulnerability Database".
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4689 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8820 βΌ
π Read
via "National Vulnerability Database".
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25825 βΌ
π Read
via "National Vulnerability Database".
In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs.π Read
via "National Vulnerability Database".
π¦Ώ Infographic: Ransomware attacks by industry, continent, and more π¦Ώ
π Read
via "Tech Republic".
Cyberattacks have surged during the coronavirus pandemic. This infographic details ransomware attack trends by industry, continent, and more.π Read
via "Tech Republic".
TechRepublic
Infographic: Ransomware attacks by industry, continent, and more
Cyberattacks have surged during the coronavirus pandemic. This infographic details ransomware attack trends by industry, continent, and more.
π΄ What is End-to-End Encryption? π΄
π Read
via "Dark Reading".
Many services advertise E2EE, but not all of them actually offer it.π Read
via "Dark Reading".
Dark Reading
What is End-to-End Encryption?
Many services advertise E2EE, but not all of them actually offer it.
π Nmap Port Scanner 7.91 π
π Read
via "Packet Storm Security".
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.π Read
via "Packet Storm Security".
Packetstormsecurity
Nmap Port Scanner 7.91 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers