β Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio β
π Read
via "Threat Post".
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.π Read
via "Threat Post".
Threat Post
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.
βΌ CVE-2020-3992 βΌ
π Read
via "National Vulnerability Database".
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7370 βΌ
π Read
via "National Vulnerability Database".
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions.π Read
via "National Vulnerability Database".
π΄ NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers π΄
π Read
via "Dark Reading".
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.π Read
via "Dark Reading".
Dark Reading
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
π΄ Do Standards Exist That Certify Secure IoT Systems? π΄
π Read
via "Dark Reading".
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.π Read
via "Dark Reading".
Dark Reading
Do Standards Exist That Certify Secure IoT Systems?
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
π DOJ Charges Sandworm, The Group Behind Destructive NotPetya Attack π
π Read
via "Digital Guardian".
That Russians were behind the attacks has always been a forgone conclusion to many experts but this is the first time that the U.S. has formally made the accusation.π Read
via "Digital Guardian".
Digital Guardian
DOJ Charges Sandworm, The Group Behind Destructive NotPetya Attack
That Russians were behind the attacks has always been a forgone conclusion to many experts but this is the first time that the U.S. has formally made the accusation.
π Sifter 10.4g π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 10.4g β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Ransomware Group Makes Splashy $20K Donation to Charities β
π Read
via "Threat Post".
Cybercriminal gang Darkside sent $20K in donations to charities in a βRobin Hoodβ effort thatβs likely intended to draw attention to future data dumps, according to experts.π Read
via "Threat Post".
Threat Post
Ransomware Group Makes Splashy $20K Donation to Charities
Cybercriminal gang Darkside sent $20K in donations to charities in a βRobin Hoodβ effort thatβs likely intended to draw attention to future data dumps, according to experts.
π΄ Ransomware Attacks Show Little Sign of Slowing in 2021 π΄
π Read
via "Dark Reading".
Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.π Read
via "Dark Reading".
Dark Reading
Ransomware Attacks Show Little Sign of Slowing in 2021
Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.
βΌ CVE-2020-9417 βΌ
π Read
via "National Vulnerability Database".
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2019-9080 βΌ
π Read
via "National Vulnerability Database".
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5790 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25648 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26895 βΌ
π Read
via "National Vulnerability Database".
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.π Read
via "National Vulnerability Database".
β Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser β
π Read
via "Threat Post".
The memory-corruption vulnerability exists in the browserβs FreeType font rendering library.π Read
via "Threat Post".
Threat Post
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
The memory-corruption vulnerability exists in the browserβs FreeType font rendering library.
π¦Ώ Cisco reports highlight widespread desire for data privacy and fears over remote work security π¦Ώ
π Read
via "Tech Republic".
Workers are increasingly concerned about the ability of enterprises to keep them protected as they work from home.π Read
via "Tech Republic".
TechRepublic
Cisco reports highlight widespread desire for data privacy and fears over remote work security
Workers are increasingly concerned about the ability of enterprises to keep them protected as they work from home.
β Cybercriminals Step Up Their Game Ahead of U.S. Elections β
π Read
via "Threat Post".
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media giants, the government and citizens are more prepared.π Read
via "Threat Post".
Threat Post
Cybercriminals Step Up Their Game Ahead of U.S. Elections
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media giants, the government and citizens are more prepared.
π΄ Modern Day Insider Threat: Network Bugs That Are Stealing Your Data π΄
π Read
via "Dark Reading".
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.π Read
via "Dark Reading".
Dark Reading
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
βΌ CVE-2020-25820 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.π Read
via "National Vulnerability Database".
β Chrome zero-day in the wild β patch now! β
π Read
via "Naked Security".
Exploitable bug in Chrome - patch now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data β
π Read
via "Threat Post".
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data."π Read
via "Threat Post".
Threat Post
Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data."