❌ Researcher: I Hacked Trump’s Twitter by Guessing Password ❌
📖 Read
via "Threat Post".
Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported. 📖 Read
via "Threat Post".
Threat Post
Researcher: I Hacked Trump’s Twitter by Guessing Password
Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.
🕴 8 New and Hot Cybersecurity Certifications for 2020 🕴
📖 Read
via "Dark Reading".
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.📖 Read
via "Dark Reading".
Dark Reading
8 New and Hot Cybersecurity Certifications for 2020
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
🕴 WordPress Plug-in Updated in Rare Forced Action 🕴
📖 Read
via "Dark Reading".
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.📖 Read
via "Dark Reading".
Dark Reading
WordPress Plug-in Updated in Rare Forced Action
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
🦿 How to create a new user with admin privileges on Linux 🦿
📖 Read
via "Tech Republic".
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.📖 Read
via "Tech Republic".
TechRepublic
How to create a new user with admin privileges on Linux
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.
‼ CVE-2020-27664 ‼
📖 Read
via "National Vulnerability Database".
admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9900 ‼
📖 Read
via "National Vulnerability Database".
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A local attacker may be able to elevate their privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9990 ‼
📖 Read
via "National Vulnerability Database".
A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.📖 Read
via "National Vulnerability Database".
🕴 Credential-Stuffing Attacks Plague Loyalty Programs 🕴
📖 Read
via "Dark Reading".
But that's not the only type of web attack cybercriminals have been profiting from.📖 Read
via "Dark Reading".
Dark Reading
Credential-Stuffing Attacks Plague Loyalty Programs
But that's not the only type of web attack cybercriminals have been profiting from.
🕴 7 Mobile Browsers Vulnerable to Address-Bar Spoofing 🕴
📖 Read
via "Dark Reading".
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says📖 Read
via "Dark Reading".
Dark Reading
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says
🕴 Botnet Infects Hundreds of Thousands of Websites 🕴
📖 Read
via "Dark Reading".
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.📖 Read
via "Dark Reading".
Dark Reading
Botnet Infects Hundreds of Thousands of Websites
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
‼ CVE-2020-18129 ‼
📖 Read
via "National Vulnerability Database".
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-18508 ‼
📖 Read
via "National Vulnerability Database".
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15270 ‼
📖 Read
via "National Vulnerability Database".
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast] ⚠
📖 Read
via "Naked Security".
Listen to the latest Naked Security podcast!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2019-14716 ‼
📖 Read
via "National Vulnerability Database".
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15003 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).📖 Read
via "National Vulnerability Database".
‼ CVE-2018-8062 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14711 ‼
📖 Read
via "National Vulnerability Database".
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.📖 Read
via "National Vulnerability Database".
❌ Ransomware Takes Down Network of French IT Giant ❌
📖 Read
via "Threat Post".
Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.📖 Read
via "Threat Post".
Threat Post
Ransomware Takes Down Network of French IT Giant
Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.
🕴 A Pause to Address 'Ethical Debt' of Facial Recognition 🕴
📖 Read
via "Dark Reading".
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.📖 Read
via "Dark Reading".
Dark Reading
A Pause to Address 'Ethical Debt' of Facial Recognition
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
❌ Nvidia Warns Gamers of Severe GeForce Experience Flaws ❌
📖 Read
via "Threat Post".
Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.📖 Read
via "Threat Post".
Threat Post
Nvidia Warns Gamers of Severe GeForce Experience Flaws
Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.