βΌ CVE-2020-9263 βΌ
π Read
via "National Vulnerability Database".
HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.π Read
via "National Vulnerability Database".
π΄ Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns π΄
π Read
via "Dark Reading".
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.π Read
via "Dark Reading".
Dark Reading
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.
π΄ NSS Labs Shuttered π΄
π Read
via "Dark Reading".
The testing firm's website says it has 'ceased operations' as of Oct. 15.π Read
via "Dark Reading".
Dark Reading
NSS Labs Shuttered
The testing firm's website says it has ceased operations as of Oct. 15.
βΌ CVE-2020-15261 βΌ
π Read
via "National Vulnerability Database".
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15256 βΌ
π Read
via "National Vulnerability Database".
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5640 βΌ
π Read
via "National Vulnerability Database".
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.π Read
via "National Vulnerability Database".
β Googleβs Waze Can Allow Hackers to Identify and Track Users β
π Read
via "Threat Post".
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.π Read
via "Threat Post".
Threat Post
Googleβs Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
βΌ CVE-2020-7748 βΌ
π Read
via "National Vulnerability Database".
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.π Read
via "National Vulnerability Database".
β Mobile Browser Bugs Open Safari, Opera Users to Malware β
π Read
via "Threat Post".
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.π Read
via "Threat Post".
Threat Post
Mobile Browser Bugs Open Safari, Opera Users to Malware
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
π΄ Trickbot Tenacity Shows Infrastructure Resistant to Takedowns π΄
π Read
via "Dark Reading".
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π¦Ώ Homebrew: How to install reconnaissance tools on macOS π¦Ώ
π Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.π Read
via "Tech Republic".
TechRepublic
Homebrew: How to install reconnaissance tools on macOS
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.
π΄ Building the Human Firewall π΄
π Read
via "Dark Reading".
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?π Read
via "Dark Reading".
Dark Reading
Building the Human Firewall
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
β Office 365 OAuth Attack Targets Coinbase Users β
π Read
via "Threat Post".
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.π Read
via "Threat Post".
Threat Post
Office 365 OAuth Attack Targets Coinbase Users
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.
π΄ Businesses Rethink Endpoint Security for 2021 π΄
π Read
via "Dark Reading".
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?π Read
via "Dark Reading".
Dark Reading
Businesses Rethink Endpoint Security for 2021
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
β Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts β
π Read
via "Threat Post".
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.π Read
via "Threat Post".
Threat Post
Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.
βΌ CVE-2020-4748 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6367 βΌ
π Read
via "National Vulnerability Database".
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.π Read
via "National Vulnerability Database".
β Facebook: A Top Launching Pad For Phishing Attacks β
π Read
via "Threat Post".
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.π Read
via "Threat Post".
Threat Post
Facebook: A Top Launching Pad For Phishing Attacks
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.
π΄ Farsight Labs Launched as Security Collaboration Platform π΄
π Read
via "Dark Reading".
Farsight Security's platform will offer no-cost access to certain tools and services.π Read
via "Dark Reading".
Dark Reading
Farsight Labs Launched as Security Collaboration Platform
Farsight Security's platform will offer no-cost access to certain tools and services.
β Naked Security Live β Ping of Death: are you at risk? β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Ping of Death: are you at risk?
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!
β Russian βgovernment hackersβ charged with cybercrimes by the US β
π Read
via "Naked Security".
What can we learn from the US DOJ indictments against the "Sandworm Team"?π Read
via "Naked Security".
Naked Security
Russian βgovernment hackersβ charged with cybercrimes by the US
What can we learn from the US DOJ indictments against the βSandworm Teamβ?