βΌ CVE-2020-24649 βΌ
π Read
via "National Vulnerability Database".
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).π Read
via "National Vulnerability Database".
βΌ CVE-2020-24647 βΌ
π Read
via "National Vulnerability Database".
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).π Read
via "National Vulnerability Database".
βΌ CVE-2020-7145 βΌ
π Read
via "National Vulnerability Database".
A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).π Read
via "National Vulnerability Database".
βΌ CVE-2020-7153 βΌ
π Read
via "National Vulnerability Database".
A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).π Read
via "National Vulnerability Database".
βΌ CVE-2020-16160 βΌ
π Read
via "National Vulnerability Database".
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24651 βΌ
π Read
via "National Vulnerability Database".
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).π Read
via "National Vulnerability Database".
βΌ CVE-2020-7159 βΌ
π Read
via "National Vulnerability Database".
A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).π Read
via "National Vulnerability Database".
π΄ Microsoft Tops Q3 List of Most-Impersonated Brands π΄
π Read
via "Dark Reading".
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.π Read
via "Dark Reading".
Darkreading
Microsoft Tops Q3 List of Most-Impersonated Brands
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
π΄ GravityRAT Spyware Targets Android & MacOS in India π΄
π Read
via "Dark Reading".
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.π Read
via "Dark Reading".
Dark Reading
GravityRAT Spyware Targets Android & MacOS in India
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
βΌ CVE-2020-15262 βΌ
π Read
via "National Vulnerability Database".
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9263 βΌ
π Read
via "National Vulnerability Database".
HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.π Read
via "National Vulnerability Database".
π΄ Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns π΄
π Read
via "Dark Reading".
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.π Read
via "Dark Reading".
Dark Reading
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.
π΄ NSS Labs Shuttered π΄
π Read
via "Dark Reading".
The testing firm's website says it has 'ceased operations' as of Oct. 15.π Read
via "Dark Reading".
Dark Reading
NSS Labs Shuttered
The testing firm's website says it has ceased operations as of Oct. 15.
βΌ CVE-2020-15261 βΌ
π Read
via "National Vulnerability Database".
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15256 βΌ
π Read
via "National Vulnerability Database".
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5640 βΌ
π Read
via "National Vulnerability Database".
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.π Read
via "National Vulnerability Database".
β Googleβs Waze Can Allow Hackers to Identify and Track Users β
π Read
via "Threat Post".
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.π Read
via "Threat Post".
Threat Post
Googleβs Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
βΌ CVE-2020-7748 βΌ
π Read
via "National Vulnerability Database".
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.π Read
via "National Vulnerability Database".
β Mobile Browser Bugs Open Safari, Opera Users to Malware β
π Read
via "Threat Post".
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.π Read
via "Threat Post".
Threat Post
Mobile Browser Bugs Open Safari, Opera Users to Malware
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
π΄ Trickbot Tenacity Shows Infrastructure Resistant to Takedowns π΄
π Read
via "Dark Reading".
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π¦Ώ Homebrew: How to install reconnaissance tools on macOS π¦Ώ
π Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.π Read
via "Tech Republic".
TechRepublic
Homebrew: How to install reconnaissance tools on macOS
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.