βΌ CVE-2019-9080 βΌ
π Read
via "National Vulnerability Database".
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5790 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25648 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26895 βΌ
π Read
via "National Vulnerability Database".
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.π Read
via "National Vulnerability Database".
β Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser β
π Read
via "Threat Post".
The memory-corruption vulnerability exists in the browserβs FreeType font rendering library.π Read
via "Threat Post".
Threat Post
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
The memory-corruption vulnerability exists in the browserβs FreeType font rendering library.
π¦Ώ Cisco reports highlight widespread desire for data privacy and fears over remote work security π¦Ώ
π Read
via "Tech Republic".
Workers are increasingly concerned about the ability of enterprises to keep them protected as they work from home.π Read
via "Tech Republic".
TechRepublic
Cisco reports highlight widespread desire for data privacy and fears over remote work security
Workers are increasingly concerned about the ability of enterprises to keep them protected as they work from home.
β Cybercriminals Step Up Their Game Ahead of U.S. Elections β
π Read
via "Threat Post".
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media giants, the government and citizens are more prepared.π Read
via "Threat Post".
Threat Post
Cybercriminals Step Up Their Game Ahead of U.S. Elections
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media giants, the government and citizens are more prepared.
π΄ Modern Day Insider Threat: Network Bugs That Are Stealing Your Data π΄
π Read
via "Dark Reading".
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.π Read
via "Dark Reading".
Dark Reading
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
βΌ CVE-2020-25820 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.π Read
via "National Vulnerability Database".
β Chrome zero-day in the wild β patch now! β
π Read
via "Naked Security".
Exploitable bug in Chrome - patch now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data β
π Read
via "Threat Post".
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data."π Read
via "Threat Post".
Threat Post
Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data."
π¦Ώ How to protect your privacy when selling your phone π¦Ώ
π Read
via "Tech Republic".
If your currrent phone is ready for retirement or you need to sell your current phone to upgrade to a new model, follow these steps to keep your data private.π Read
via "Tech Republic".
TechRepublic
How to protect your privacy when selling your phone
If your current phone is ready for retirement or you need to sell your current phone to upgrade to a new model, follow these steps to keep your data private.
π΄ Are You One COVID-19 Test Away From a Cybersecurity Disaster? π΄
π Read
via "Dark Reading".
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.π Read
via "Dark Reading".
Dark Reading
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
π΄ Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets π΄
π Read
via "Dark Reading".
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.π Read
via "Dark Reading".
Dark Reading
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
π nfstream 6.2.0 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-14796 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14820 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14894 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14672 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14887 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3.0 and 14.0.0-14.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).π Read
via "National Vulnerability Database".
βΌ CVE-2020-27603 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton before 2.2.7 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.π Read
via "National Vulnerability Database".