βΌ CVE-2020-27642 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27638 βΌ
π Read
via "National Vulnerability Database".
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.π Read
via "National Vulnerability Database".
π¦Ώ 1Password for Linux desktop app now available in beta π¦Ώ
π Read
via "Tech Republic".
A full Linux version of the popular password manager is expected early next year.π Read
via "Tech Republic".
TechRepublic
1Password for Linux desktop app now available in beta
A full Linux version of the popular password manager is expected early next year.
π΄ McAfee Raises $740M in Second IPO π΄
π Read
via "Dark Reading".
The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.π Read
via "Dark Reading".
Dark Reading
McAfee Raises $740M in Second IPO
The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.
βΌ CVE-2020-26650 βΌ
π Read
via "National Vulnerability Database".
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2020-27646 βΌ
π Read
via "National Vulnerability Database".
Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.π Read
via "National Vulnerability Database".
β Chrome 86 Aims to Bar Abusive Notification Content β
π Read
via "Threat Post".
Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.π Read
via "Threat Post".
Threat Post
Chrome 86 Aims to Bar Abusive Notification Content
Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.
β Facebook, News and XSS Underpin Complex Browser Locker Attack β
π Read
via "Threat Post".
A sophisticated βbrowser lockerβ campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting (XSS) vulnerability on a popular news site, researchers said. Browser lockers are a type of redirection attack where web surfers will click on a site, only to [β¦]π Read
via "Threat Post".
Threat Post
Facebook, News and XSS Underpin Complex Browser Locker Attack
An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam.
π΄ To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life π΄
π Read
via "Dark Reading".
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.π Read
via "Dark Reading".
Dark Reading
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Li
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
π Former Employee Breached Company Payroll Data π
π Read
via "Digital Guardian".
Before resigning, the employee stole company data and created a "superuser" account that let him access the network after he left.π Read
via "Digital Guardian".
Digital Guardian
Former Employee Breached Company Payroll Data
Before resigning, the employee stole company data and created a "superuser" account that let him access the network after he left.
βΌ CVE-2020-27195 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6π Read
via "National Vulnerability Database".
β Researcher: I Hacked Trumpβs Twitter by Guessing Password β
π Read
via "Threat Post".
Trumpβs weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported. π Read
via "Threat Post".
Threat Post
Researcher: I Hacked Trumpβs Twitter by Guessing Password
Trumpβs weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.
π΄ 8 New and Hot Cybersecurity Certifications for 2020 π΄
π Read
via "Dark Reading".
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.π Read
via "Dark Reading".
Dark Reading
8 New and Hot Cybersecurity Certifications for 2020
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
π΄ WordPress Plug-in Updated in Rare Forced Action π΄
π Read
via "Dark Reading".
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.π Read
via "Dark Reading".
Dark Reading
WordPress Plug-in Updated in Rare Forced Action
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
π¦Ώ How to create a new user with admin privileges on Linux π¦Ώ
π Read
via "Tech Republic".
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.π Read
via "Tech Republic".
TechRepublic
How to create a new user with admin privileges on Linux
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.
βΌ CVE-2020-27664 βΌ
π Read
via "National Vulnerability Database".
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9900 βΌ
π Read
via "National Vulnerability Database".
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9990 βΌ
π Read
via "National Vulnerability Database".
A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
π΄ Credential-Stuffing Attacks Plague Loyalty Programs π΄
π Read
via "Dark Reading".
But that's not the only type of web attack cybercriminals have been profiting from.π Read
via "Dark Reading".
Dark Reading
Credential-Stuffing Attacks Plague Loyalty Programs
But that's not the only type of web attack cybercriminals have been profiting from.
π΄ 7 Mobile Browsers Vulnerable to Address-Bar Spoofing π΄
π Read
via "Dark Reading".
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 saysπ Read
via "Dark Reading".
Dark Reading
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says
π΄ Botnet Infects Hundreds of Thousands of Websites π΄
π Read
via "Dark Reading".
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.π Read
via "Dark Reading".
Dark Reading
Botnet Infects Hundreds of Thousands of Websites
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.