‼ CVE-2020-6087 ‼
📖 Read
via "National Vulnerability Database".
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6083 ‼
📖 Read
via "National Vulnerability Database".
An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
❌ Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips ❌
📖 Read
via "Threat Post".
Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.📖 Read
via "Threat Post".
Threat Post
Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips
Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.
‼ CVE-2020-0415 ‼
📖 Read
via "National Vulnerability Database".
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0414 ‼
📖 Read
via "National Vulnerability Database".
In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122📖 Read
via "National Vulnerability Database".
🦿 Zoom announces end-to-end encryption, customizable SDKs and more at Zoomtopia 🦿
📖 Read
via "Tech Republic".
Zoom's two-day online conference kicked off with a bevy of new product announcements around security and developer enhancements.📖 Read
via "Tech Republic".
TechRepublic
Zoom announces end-to-end encryption, customizable SDKs and more at Zoomtopia
Zoom's two-day online conference kicked off with a bevy of new product announcements around security and developer enhancements.
🦿 IoT security: University creates new labels for devices to increase awareness for consumers 🦿
📖 Read
via "Tech Republic".
What if you could compare security on IoT devices, similar to nutrition labels, before you buy them? One organization is trying to make that happen.📖 Read
via "Tech Republic".
TechRepublic
IoT security: University creates new labels for devices to increase awareness for consumers
What if you could compare security on IoT devices, similar to nutrition labels, before you buy them? One organization is trying to make that happen.
❌ Silent Librarian Goes Back to School with Global Research-Stealing Effort ❌
📖 Read
via "Threat Post".
The Iranian hacker group is targeting universities in 12 countries.📖 Read
via "Threat Post".
Threat Post
Silent Librarian Goes Back to School with Global Research-Stealing Effort
The Iranian hacker group is targeting universities in 12 countries.
🕴 Intel's Ice Lake Beefs Up CPU Security for Cloud Workloads 🕴
📖 Read
via "Dark Reading".
The third-generation Xeon processors build in hardware security features to provide extra protection to data in transit, at rest, and in use.📖 Read
via "Dark Reading".
Dark Reading
Intel's Ice Lake Beefs Up CPU Security for Cloud Workloads
The third-generation Xeon processors build in hardware security features to provide extra protection to data in transit, at rest, and in use.
🕴 Assuring Business Continuity by Reducing Malware Dwell Time 🕴
📖 Read
via "Dark Reading".
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.📖 Read
via "Dark Reading".
Dark Reading
Assuring Business Continuity by Reducing Malware Dwell Time
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
‼ CVE-2020-4395 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.📖 Read
via "National Vulnerability Database".
🔏 Microsoft Fixes Critical TCP/IP Vulnerability 🔏
📖 Read
via "Digital Guardian".
A new, potentially wormable remote code execution vulnerability in the Windows TCP/IP stack was patched this week.📖 Read
via "Digital Guardian".
Digital Guardian
Microsoft Fixes Critical TCP/IP Vulnerability
A new, potentially wormable remote code execution vulnerability in the Windows TCP/IP stack was patched this week.
❌ Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE ❌
📖 Read
via "Threat Post".
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in.📖 Read
via "Threat Post".
Threat Post
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in.
🕴 What's Really Happening in Infosec Hiring Now? 🕴
📖 Read
via "Dark Reading".
As the pandemic continues, security teams still need help they can't get. But the "skills shortage" is only part of the story.📖 Read
via "Dark Reading".
Dark Reading
What's Really Happening in Infosec Hiring Now?
As the pandemic continues, security teams still need help they can't get. But the skills shortage is only part of the story.
🛠 See-SURF 2.0 🛠
📖 Read
via "Packet Storm Security".
See-SURF is a python-based scanner to find potential SSRF parameters in a web application.📖 Read
via "Packet Storm Security".
Packetstormsecurity
See-SURF 2.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2020-15224 ‼
📖 Read
via "National Vulnerability Database".
In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7318 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.📖 Read
via "National Vulnerability Database".
❌ Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On ❌
📖 Read
via "Threat Post".
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.📖 Read
via "Threat Post".
Threat Post
Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.
🕴 Zoom Announces Rollout of End-to-End Encryption 🕴
📖 Read
via "Dark Reading".
Phase 1 removes Zoom servers from the key generation and distribution processes.📖 Read
via "Dark Reading".
Dark Reading
Zoom Announces Rollout of End-to-End Encryption
Phase 1 removes Zoom servers from the key generation and distribution processes.
‼ CVE-2020-7383 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8345 ‼
📖 Read
via "National Vulnerability Database".
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.📖 Read
via "National Vulnerability Database".