βΌ CVE-2020-27163 βΌ
π Read
via "National Vulnerability Database".
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27176 βΌ
π Read
via "National Vulnerability Database".
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24352 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.π Read
via "National Vulnerability Database".
π¦Ώ Windows 10: Microsoft's key new security feature helps to protect your information π¦Ώ
π Read
via "Tech Republic".
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.π Read
via "Tech Republic".
TechRepublic
Windows 10: Microsoft's key new security feature helps to protect your information
Remote work makes protecting data on the PC a higher priority, while the Edge browser gets more control.
π Friday Five 10/16 π
π Read
via "Digital Guardian".
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 10/16
Botnet disruptions, ransomware, and insensitive cybersecurity ads - catch up on the week's infosec news with the Friday Five!
β TikTok Launches Bug Bounty Program Amid Security Snafus β
π Read
via "Threat Post".
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.π Read
via "Threat Post".
Threat Post
TikTok Launches Bug Bounty Program Amid Security SNAFUs
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
β US Department of Justice reignites the Battle to Break Encryption β
π Read
via "Naked Security".
How strong is too strong?π Read
via "Naked Security".
Naked Security
US Department of Justice reignites the Battle to Break Encryption
How strong is too strong?
π΄ Cybercrime Losses Up 50%, Exceeding $1.8B π΄
π Read
via "Dark Reading".
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.π Read
via "Dark Reading".
Dark Reading
Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
π¦Ώ Barnes & Noble restores Nook services after notifying customers about cyberattack π¦Ώ
π Read
via "Tech Republic".
Analysts point to specific clues from the company's response that show it may have been a ransomware attack.π Read
via "Tech Republic".
TechRepublic
Barnes & Noble restores Nook services after notifying customers about cyberattack
Analysts point to specific clues from the company's response that show it may have been a ransomware attack.
π΄ Cybercrime Losses Up 50%, Exceeding $1.8B π΄
π Read
via "Dark Reading".
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.π Read
via "Dark Reading".
Dark Reading
Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
βΌ CVE-2019-18796 βΌ
π Read
via "National Vulnerability Database".
The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26893 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.π Read
via "National Vulnerability Database".
π¦Ώ 5 ways to manage computers securely (and remotely) using PowerShell π¦Ώ
π Read
via "Tech Republic".
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.π Read
via "Tech Republic".
TechRepublic
5 ways to manage computers securely and remotely using PowerShell
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.
β S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast β
π Read
via "Naked Security".
Listen to the latest episode of the Naked Security Podcastπ Read
via "Naked Security".
Naked Security
S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast
Listen to the latest episode of the Naked Security Podcast
π΄ Academia Adopts Mitre ATT&CK Framework π΄
π Read
via "Dark Reading".
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.π Read
via "Dark Reading".
Dark Reading
Academia Adopts Mitre ATT&CK Framework
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
β Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash β
π Read
via "Threat Post".
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.π Read
via "Threat Post".
Threat Post
Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.
βΌ CVE-2020-26682 βΌ
π Read
via "National Vulnerability Database".
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15867 βΌ
π Read
via "National Vulnerability Database".
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14299 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.π Read
via "National Vulnerability Database".
π¦Ώ Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley π¦Ώ
π Read
via "Tech Republic".
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuss testing, is and how you can use it to improve application security and speed up your software development.π Read
via "Tech Republic".
TechRepublic
Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuss testing, is and how you can use it to improve application security and speed up your software development.
βΌ CVE-2020-9878 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.π Read
via "National Vulnerability Database".