βΌ CVE-2020-13893 βΌ
π Read
via "National Vulnerability Database".
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).π Read
via "National Vulnerability Database".
β Microsoft: Most-Imitated Brand for Phishing Emails β
π Read
via "Threat Post".
The shift to remote working spurred Microsoft and Amazon to the top of the heap for cybercriminals to use as lures in the third quarter.π Read
via "Threat Post".
Threat Post
Microsoft is the Most-Imitated Brand for Phishing Emails
The shift to remote working spurred Microsoft and Amazon to the top of the heap for cybercriminals to use as lures in the third quarter.
β Naked Security Live β Ping of Death: are you at risk? β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Ping of Death: are you at risk?
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!
βΌ CVE-2020-7745 βΌ
π Read
via "National Vulnerability Database".
This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.π Read
via "National Vulnerability Database".
π΄ A New Risk Vector: The Enterprise of Things π΄
π Read
via "Dark Reading".
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.π Read
via "Dark Reading".
Dark Reading
A New Risk Vector: The Enterprise of Things
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
β Hackers Claim Source Code Theft for Watch Dogs: Legion, Albion β
π Read
via "Threat Post".
In both cases, cybercriminals claim to have reams of information for the popular gaming titles.π Read
via "Threat Post".
Threat Post
Game Titles Watch Dogs: Legion, Albion Both Targeted by Hackers
In both cases, cybercriminals claim to have reams of information for the popular gaming titles.
βΌ CVE-2020-15909 βΌ
π Read
via "National Vulnerability Database".
SolarWinds N-central through 2020.1 allows session hijacking.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15910 βΌ
π Read
via "National Vulnerability Database".
SolarWinds N-central through 12.3 does not include the HTTPOnly flag in the Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13778 βΌ
π Read
via "National Vulnerability Database".
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.π Read
via "National Vulnerability Database".
π¦Ώ Microsoft now the most impersonated brand in phishing attacks π¦Ώ
π Read
via "Tech Republic".
Almost 20% of phishing campaigns last quarter spoofed Microsoft as many people continue to work remotely due to the coronavirus pandemic, says Check Point Research.π Read
via "Tech Republic".
π΄ Expert Tips to Keep WordPress Safe π΄
π Read
via "Dark Reading".
The most widely used content management system on the Web relies heavily on plug-ins and add-on software, rigorous security measures at every level.π Read
via "Dark Reading".
Dark Reading
Expert Tips to Keep WordPress Safe
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
β Microsoft Exchange, Outlook Under Siege By APTs β
π Read
via "Threat Post".
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.π Read
via "Threat Post".
Threat Post
Microsoft Exchange, Outlook Under Siege By APTs
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.
π΄ A Swift Reminder About Cybersecurity π΄
π Read
via "Dark Reading".
The hackers gonna crack, crack, crack, crack, crack ...π Read
via "Dark Reading".
Dark Reading
A Swift Reminder About Cybersecurity
The hackers gonna crack, crack, crack, crack, crack ...
βΌ CVE-2020-24265 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24266 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.π Read
via "National Vulnerability Database".
π΄ Chart: The Pandemic Reprioritizes Security Projects π΄
π Read
via "Dark Reading".
Responses among IT and security pros reflect concern over vulnerabilities incurred by workers accessing the enterprise network from poorly protected home networks.π Read
via "Dark Reading".
β Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack β
π Read
via "Threat Post".
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.π Read
via "Threat Post".
Threat Post
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
π΄ 7 Tips for Choosing Security Metrics That Matter π΄
π Read
via "Dark Reading".
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.π Read
via "Dark Reading".
Dark Reading
7 Tips for Choosing Security Metrics That Matter
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
β Overlay Malware Targets Windows Users with a DLL Hijack Twist β
π Read
via "Threat Post".
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.π Read
via "Threat Post".
Threat Post
Overlay Malware Targets Windows Users with a DLL Hijack Twist
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.
β GravityRAT Comes Back to Earth with Android, macOS Spyware β
π Read
via "Threat Post".
The espionage tool masquerades as legitimate applications and robs victims blind of their data.π Read
via "Threat Post".
Threat Post
GravityRAT Comes Back to Earth with Android, macOS Spyware
The espionage tool masquerades as legitimate applications and robs victims blind of their data.
π΄ Trickbot, Phishing, Ransomware & Elections π΄
π Read
via "Dark Reading".
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.π Read
via "Dark Reading".
Dark Reading
Trickbot, Phishing, Ransomware & Elections
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.