β Zoom Rolls Out End-to-End Encryption After Setbacks β
π Read
via "Threat Post".
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.π Read
via "Threat Post".
Threat Post
Zoom Rolls Out End-to-End Encryption After Setbacks
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.
π¦Ώ Survey: 53% of young cybersecurity professionals fear replacement by automation π¦Ώ
π Read
via "Tech Republic".
Cybersecurity professionals largely embrace automation, but half of younger employees worry that technology could make their roles obsolete, according to a new survey by Exabeam.π Read
via "Tech Republic".
TechRepublic
Survey: 53% of young cybersecurity professionals fear replacement by automation
Cybersecurity professionals largely embrace automation, but half of younger employees worry that technology could make their roles obsolete, according to a new survey by Exabeam.
βΌ CVE-2020-6107 βΌ
π Read
via "National Vulnerability Database".
An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6105 βΌ
π Read
via "National Vulnerability Database".
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
π΄ Overcoming the Challenge of Shorter Certificate Lifespans π΄
π Read
via "Dark Reading".
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.π Read
via "Dark Reading".
Dark Reading
Overcoming the Challenge of Shorter Certificate Lifespans
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
βΌ CVE-2019-12411 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13939 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π Proposed Modifications to the CCPA Issued π
π Read
via "Digital Guardian".
Potential modifications to the CCPA include would change βDo Not Sell My Personal Informationβ requests and how companies provide notice when they collect information offline.π Read
via "Digital Guardian".
Digital Guardian
Proposed Modifications to the CCPA Issued
Potential modifications to the CCPA include would change βDo Not Sell My Personal Informationβ requests and how companies provide notice when they collect information offline.
π΄ Barnes & Noble Warns Customers About Data Breach π΄
π Read
via "Dark Reading".
Famed bookseller says non-financial data was exposed in a new attack.π Read
via "Dark Reading".
Dark Reading
Barnes & Noble Warns Customers About Data Breach
Famed bookseller says non-financial data was exposed in a new attack.
π GRR 3.4.2.4 π
π Read
via "Packet Storm Security".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Read
via "Packet Storm Security".
Packetstormsecurity
GRR 3.4.2.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Twitter Hack Analysis Drives Calls for Greater Security Regulation π΄
π Read
via "Dark Reading".
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.π Read
via "Dark Reading".
Dark Reading
Twitter Hack Analysis Drives Calls for Greater Security Regulation
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the jarringly easy Twitter breach.
β FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft β
π Read
via "Threat Post".
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.π Read
via "Threat Post".
Threat Post
FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.
βΌ CVE-2020-12503 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.π Read
via "National Vulnerability Database".
β Critical Magento Holes Open Online Shops to Code Execution β
π Read
via "Threat Post".
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.π Read
via "Threat Post".
Threat Post
Critical Magento Holes Open Online Shops to Code Execution
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
βΌ CVE-2019-17640 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.π Read
via "National Vulnerability Database".
π΄ US Indicts Members of Transnational Money-Laundering Organization π΄
π Read
via "Dark Reading".
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.π Read
via "Dark Reading".
Dark Reading
US Indicts Members of Transnational Money-Laundering Organization
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.
βΌ CVE-2020-14185 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27173 βΌ
π Read
via "National Vulnerability Database".
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27163 βΌ
π Read
via "National Vulnerability Database".
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27176 βΌ
π Read
via "National Vulnerability Database".
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24352 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.π Read
via "National Vulnerability Database".