βΌ CVE-2019-12411 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13939 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π Proposed Modifications to the CCPA Issued π
π Read
via "Digital Guardian".
Potential modifications to the CCPA include would change βDo Not Sell My Personal Informationβ requests and how companies provide notice when they collect information offline.π Read
via "Digital Guardian".
Digital Guardian
Proposed Modifications to the CCPA Issued
Potential modifications to the CCPA include would change βDo Not Sell My Personal Informationβ requests and how companies provide notice when they collect information offline.
π΄ Barnes & Noble Warns Customers About Data Breach π΄
π Read
via "Dark Reading".
Famed bookseller says non-financial data was exposed in a new attack.π Read
via "Dark Reading".
Dark Reading
Barnes & Noble Warns Customers About Data Breach
Famed bookseller says non-financial data was exposed in a new attack.
π GRR 3.4.2.4 π
π Read
via "Packet Storm Security".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Read
via "Packet Storm Security".
Packetstormsecurity
GRR 3.4.2.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Twitter Hack Analysis Drives Calls for Greater Security Regulation π΄
π Read
via "Dark Reading".
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.π Read
via "Dark Reading".
Dark Reading
Twitter Hack Analysis Drives Calls for Greater Security Regulation
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the jarringly easy Twitter breach.
β FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft β
π Read
via "Threat Post".
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.π Read
via "Threat Post".
Threat Post
FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.
βΌ CVE-2020-12503 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below is prone to multiple authenticated command injections.π Read
via "National Vulnerability Database".
β Critical Magento Holes Open Online Shops to Code Execution β
π Read
via "Threat Post".
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.π Read
via "Threat Post".
Threat Post
Critical Magento Holes Open Online Shops to Code Execution
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
βΌ CVE-2019-17640 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.π Read
via "National Vulnerability Database".
π΄ US Indicts Members of Transnational Money-Laundering Organization π΄
π Read
via "Dark Reading".
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.π Read
via "Dark Reading".
Dark Reading
US Indicts Members of Transnational Money-Laundering Organization
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.
βΌ CVE-2020-14185 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27173 βΌ
π Read
via "National Vulnerability Database".
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27163 βΌ
π Read
via "National Vulnerability Database".
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27176 βΌ
π Read
via "National Vulnerability Database".
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24352 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.π Read
via "National Vulnerability Database".
π¦Ώ Windows 10: Microsoft's key new security feature helps to protect your information π¦Ώ
π Read
via "Tech Republic".
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.π Read
via "Tech Republic".
TechRepublic
Windows 10: Microsoft's key new security feature helps to protect your information
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.
π Friday Five 10/16 π
π Read
via "Digital Guardian".
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 10/16
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!
β TikTok Launches Bug Bounty Program Amid Security Snafus β
π Read
via "Threat Post".
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.π Read
via "Threat Post".
Threat Post
TikTok Launches Bug Bounty Program Amid Security SNAFUs
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
β US Department of Justice reignites the Battle to Break Encryption β
π Read
via "Naked Security".
How strong is too strong?π Read
via "Naked Security".
Naked Security
US Department of Justice reignites the Battle to Break Encryption
How strong is too strong?
π΄ Cybercrime Losses Up 50%, Exceeding $1.8B π΄
π Read
via "Dark Reading".
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.π Read
via "Dark Reading".
Dark Reading
Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.