β Critical Magento Holes Open Online Shops to Code Execution β
π Read
via "Threat Post".
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.π Read
via "Threat Post".
Threat Post
Critical Magento Holes Open Online Shops to Code Execution
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
βΌ CVE-2019-17640 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.π Read
via "National Vulnerability Database".
π΄ US Indicts Members of Transnational Money-Laundering Organization π΄
π Read
via "Dark Reading".
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.π Read
via "Dark Reading".
Dark Reading
US Indicts Members of Transnational Money-Laundering Organization
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.
βΌ CVE-2020-14185 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27173 βΌ
π Read
via "National Vulnerability Database".
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27163 βΌ
π Read
via "National Vulnerability Database".
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27176 βΌ
π Read
via "National Vulnerability Database".
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24352 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.π Read
via "National Vulnerability Database".
π¦Ώ Windows 10: Microsoft's key new security feature helps to protect your information π¦Ώ
π Read
via "Tech Republic".
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.π Read
via "Tech Republic".
TechRepublic
Windows 10: Microsoft's key new security feature helps to protect your information
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.
π Friday Five 10/16 π
π Read
via "Digital Guardian".
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 10/16
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!
β TikTok Launches Bug Bounty Program Amid Security Snafus β
π Read
via "Threat Post".
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.π Read
via "Threat Post".
Threat Post
TikTok Launches Bug Bounty Program Amid Security SNAFUs
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
β US Department of Justice reignites the Battle to Break Encryption β
π Read
via "Naked Security".
How strong is too strong?π Read
via "Naked Security".
Naked Security
US Department of Justice reignites the Battle to Break Encryption
How strong is too strong?
π΄ Cybercrime Losses Up 50%, Exceeding $1.8B π΄
π Read
via "Dark Reading".
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.π Read
via "Dark Reading".
Dark Reading
Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
π¦Ώ Barnes & Noble restores Nook services after notifying customers about cyberattack π¦Ώ
π Read
via "Tech Republic".
Analysts point to specific clues from the company's response that show it may have been a ransomware attack.π Read
via "Tech Republic".
TechRepublic
Barnes & Noble restores Nook services after notifying customers about cyberattack
Analysts point to specific clues from the company's response that show it may have been a ransomware attack.
π΄ Cybercrime Losses Up 50%, Exceeding $1.8B π΄
π Read
via "Dark Reading".
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.π Read
via "Dark Reading".
Dark Reading
Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
βΌ CVE-2019-18796 βΌ
π Read
via "National Vulnerability Database".
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26893 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.π Read
via "National Vulnerability Database".
π¦Ώ 5 ways to manage computers securely (and remotely) using PowerShell π¦Ώ
π Read
via "Tech Republic".
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.π Read
via "Tech Republic".
TechRepublic
5 ways to manage computers securely and remotely using PowerShell
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.
β S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast β
π Read
via "Naked Security".
Listen to the latest episode of the Naked Security Podcastπ Read
via "Naked Security".
Naked Security
S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast
Listen to the latest episode of the Naked Security Podcast
π΄ Academia Adopts Mitre ATT&CK Framework π΄
π Read
via "Dark Reading".
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.π Read
via "Dark Reading".
Dark Reading
Academia Adopts Mitre ATT&CK Framework
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
β Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash β
π Read
via "Threat Post".
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.π Read
via "Threat Post".
Threat Post
Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.