🕴 Zoom Announces Rollout of End-to-End Encryption 🕴
📖 Read
via "Dark Reading".
Phase 1 removes Zoom servers from the key generation and distribution processes.📖 Read
via "Dark Reading".
Dark Reading
Zoom Announces Rollout of End-to-End Encryption
Phase 1 removes Zoom servers from the key generation and distribution processes.
‼ CVE-2020-7383 ‼
📖 Read
via "National Vulnerability Database".
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8345 ‼
📖 Read
via "National Vulnerability Database".
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6373 ‼
📖 Read
via "National Vulnerability Database".
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6372 ‼
📖 Read
via "National Vulnerability Database".
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5642 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Live Chat - Live support version 3.1.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7334 ‼
📖 Read
via "National Vulnerability Database".
Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software.📖 Read
via "National Vulnerability Database".
🕴 Microsoft Office 365 Accounts a Big Target for Attackers 🕴
📖 Read
via "Dark Reading".
Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity.📖 Read
via "Dark Reading".
Darkreading
Microsoft Office 365 Accounts a Big Target for Attackers
Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity.
❌ Carnival Corp. Ransomware Attack Affected Three Cruise Lines ❌
📖 Read
via "Threat Post".
Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.📖 Read
via "Threat Post".
Threat Post
Carnival Corp. Ransomware Attack Affects Three Cruise Lines
Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.
‼ CVE-2020-7327 ‼
📖 Read
via "National Vulnerability Database".
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7326 ‼
📖 Read
via "National Vulnerability Database".
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closed📖 Read
via "National Vulnerability Database".
❌ Barnes & Noble Hack: A Reading List for Phishers and Crooks ❌
📖 Read
via "Threat Post".
Customers' lists of book purchases along with email addresses and more could have been exposed -- and that's a problem.📖 Read
via "Threat Post".
Threat Post
Barnes & Noble Hack: A Reading List for Phishers and Crooks
Customers' lists of book purchases along with email addresses and more could have been exposed during a (ransomware?) attack — and that's a problem.
🕴 The Ruthless Cyber Chaos of Business Recovery 🕴
📖 Read
via "Dark Reading".
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.📖 Read
via "Dark Reading".
Dark Reading
The Ruthless Cyber Chaos of Business Recovery
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
🦿 Ransomware campaign threatens organizations with DDoS attacks 🦿
📖 Read
via "Tech Republic".
All the organizations that contacted security provider Radware after receiving an extortion letter were hit by Distributed Denial of Service attacks.📖 Read
via "Tech Republic".
TechRepublic
Ransom campaign threatens organizations with DDoS attacks
All the organizations that contacted security provider Radware after receiving an extortion letter were hit by Distributed Denial of Service attacks.
‼ CVE-2020-4499 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7744 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background).📖 Read
via "National Vulnerability Database".
❌ Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts ❌
📖 Read
via "Threat Post".
Companies that use Broadvoice's cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure.📖 Read
via "Threat Post".
Threat Post
Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts
Companies that use Broadvoice's cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure.
❌ Zoom Rolls Out End-to-End Encryption After Setbacks ❌
📖 Read
via "Threat Post".
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.📖 Read
via "Threat Post".
Threat Post
Zoom Rolls Out End-to-End Encryption After Setbacks
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.
🦿 Survey: 53% of young cybersecurity professionals fear replacement by automation 🦿
📖 Read
via "Tech Republic".
Cybersecurity professionals largely embrace automation, but half of younger employees worry that technology could make their roles obsolete, according to a new survey by Exabeam.📖 Read
via "Tech Republic".
TechRepublic
Survey: 53% of young cybersecurity professionals fear replacement by automation
Cybersecurity professionals largely embrace automation, but half of younger employees worry that technology could make their roles obsolete, according to a new survey by Exabeam.
‼ CVE-2020-6107 ‼
📖 Read
via "National Vulnerability Database".
An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6105 ‼
📖 Read
via "National Vulnerability Database".
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".