βΌ CVE-2019-17444 βΌ
π Read
via "National Vulnerability Database".
Jfrog Artifactory uses default passwords (such as "password") for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7743 βΌ
π Read
via "National Vulnerability Database".
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.π Read
via "National Vulnerability Database".
π΄ COVID-19: Latest Security News & Commentary π΄
π Read
via "Dark Reading".
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.π Read
via "Dark Reading".
Dark Reading
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
β Office 365: A Favorite for Cyberattack Persistence β
π Read
via "Threat Post".
Bad actors are leveraging legitimate services and tools within Microsoft's productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.π Read
via "Threat Post".
Threat Post
Office 365: A Favorite for Cyberattack Persistence
Bad actors are leveraging legitimate services and tools within Microsoft's productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.
π΄ Online Voting Is Coming, but How Secure Will It Be? π΄
π Read
via "Dark Reading".
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.π Read
via "Dark Reading".
Dark Reading
Online Voting Is Coming, but How Secure Will It Be?
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
β TrickBot Takedown Disrupts Major Crimeware Apparatus β
π Read
via "Threat Post".
Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.π Read
via "Threat Post".
Threat Post
TrickBot Takedown Disrupts Major Crimeware Apparatus
Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.
π¦Ώ Cybercriminals use stolen data and hacking tools as prizes in poker games and rap battles π¦Ώ
π Read
via "Tech Republic".
Prizes for bad actors can be access to stolen data and tools to make hacks easier, according to new research from Trend Micro.π Read
via "Tech Republic".
TechRepublic
Cybercriminals use stolen data and hacking tools as prizes in poker games and rap battles
Prizes for bad actors can be access to stolen data and tools to make hacks easier, according to new research from Trend Micro.
βΌ CVE-2020-16124 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065.π Read
via "National Vulnerability Database".
β Election Systems Under Attack via Microsoft Zerologon Exploits β
π Read
via "Threat Post".
Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.π Read
via "Threat Post".
Threat Post
Election Systems Under Attack via Microsoft Zerologon Exploits
Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.
π¦Ώ How to improve the cybersecurity of your remote workers π¦Ώ
π Read
via "Tech Republic".
Cyberattacks against businesses have spiked since the shift to remote work began in early 2020, says Keeper Security.π Read
via "Tech Republic".
TechRepublic
How to improve the cybersecurity of your remote workers
Cyberattacks against businesses have spiked since the shift to remote work began in early 2020, says Keeper Security.
β Creepy covert camera βfeatureβ found in popular smartwatch for kids β
π Read
via "Naked Security".
This popular smartwatch aimed at kids had a backdoor that received covert encrypted commands via SMS.π Read
via "Naked Security".
Naked Security
Creepy covert camera βfeatureβ found in popular smartwatch for kids
This popular smartwatch aimed at kids had a backdoor that received covert encrypted commands via SMS.
π΄ Trickbot Botnet Response Highlights Partnerships Preventing U.S. Election Interference π΄
π Read
via "Dark Reading".
Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption.π Read
via "Dark Reading".
Dark Reading
Omdia
β Critical Flash Player Flaw Opens Adobe Users to RCE β
π Read
via "Threat Post".
The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.π Read
via "Threat Post".
Threat Post
Critical Flash Player Flaw Opens Adobe Users to RCE
The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.
π΄ Where are the 'Great Exits' in the Data Security Market? π΄
π Read
via "Dark Reading".
If data security were a student, its report card would read "Not performing to potential." Here's why.π Read
via "Dark Reading".
Dark Reading
Where are the 'Great Exits' in the Data Security Market?
If data security were a student, its report card would read Not performing to potential. Here's why.
βΌ CVE-2020-17411 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17413 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11226.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17414 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229.π Read
via "National Vulnerability Database".
π΄ 25% of BEC Cybercriminals Based in the US π΄
π Read
via "Dark Reading".
While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.π Read
via "Dark Reading".
Dark Reading
25% of BEC Cybercriminals Based in the US
While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.
π΄ Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators π΄
π Read
via "Dark Reading".
With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.π Read
via "Dark Reading".
Dark Reading
Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators
With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.
β Software AG Data Released After Clop Ransomware Strike β Report β
π Read
via "Threat Post".
The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isnβt paid.π Read
via "Threat Post".
Threat Post
Software AG Data Released After Clop Ransomware Strike β Report
The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isnβt paid.
π΄ Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections π΄
π Read
via "Dark Reading".
The state of email defenses has a role to play in the US presidential election.π Read
via "Dark Reading".
Dark Reading
Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections
The state of email defenses has a role to play in the US presidential election.