βΌ CVE-2020-18129 βΌ
π Read
via "National Vulnerability Database".
A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2018-18508 βΌ
π Read
via "National Vulnerability Database".
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15270 βΌ
π Read
via "National Vulnerability Database".
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched.π Read
via "National Vulnerability Database".
β S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast] β
π Read
via "Naked Security".
Listen to the latest Naked Security podcast!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2019-14716 βΌ
π Read
via "National Vulnerability Database".
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).π Read
via "National Vulnerability Database".
βΌ CVE-2020-15003 βΌ
π Read
via "National Vulnerability Database".
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).π Read
via "National Vulnerability Database".
βΌ CVE-2018-8062 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.π Read
via "National Vulnerability Database".
βΌ CVE-2019-14711 βΌ
π Read
via "National Vulnerability Database".
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.π Read
via "National Vulnerability Database".
β Ransomware Takes Down Network of French IT Giant β
π Read
via "Threat Post".
Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.π Read
via "Threat Post".
Threat Post
Ransomware Takes Down Network of French IT Giant
Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.
π΄ A Pause to Address 'Ethical Debt' of Facial Recognition π΄
π Read
via "Dark Reading".
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.π Read
via "Dark Reading".
Dark Reading
A Pause to Address 'Ethical Debt' of Facial Recognition
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
β Nvidia Warns Gamers of Severe GeForce Experience Flaws β
π Read
via "Threat Post".
Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.π Read
via "Threat Post".
Threat Post
Nvidia Warns Gamers of Severe GeForce Experience Flaws
Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.
βΌ CVE-2020-27216 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.π Read
via "National Vulnerability Database".
π Friday Five 10-23 π
π Read
via "Digital Guardian".
Indictments of Russian intelligence officers, NSA advisories, and stolen money donated to charities - catch up on the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
π΄ COVID-19: Latest Security News & Commentary π΄
π Read
via "Dark Reading".
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.π Read
via "Dark Reading".
Dark Reading
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
βΌ CVE-2020-3998 βΌ
π Read
via "National Vulnerability Database".
VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.π Read
via "National Vulnerability Database".
β COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach β
π Read
via "Threat Post".
Dr. Reddy's, the contractor for Russiaβs βSputinik Vβ COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers.π Read
via "Threat Post".
Threat Post
COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach
Dr. Reddy's, the contractor for Russiaβs βSputinik Vβ COVID-19 vaccine and a major generics producer, has had to close plants and isolate its data centers.
π¦Ώ 75% of all 56 US states and territories show signs of vulnerable election IT infrastructure, report finds π¦Ώ
π Read
via "Tech Republic".
The report comes as officials in Georgia revealed more information about a ransomware attack that affected a digital voter database.π Read
via "Tech Republic".
TechRepublic
75% of all 56 US states and territories show signs of vulnerable election IT infrastructure, report finds
The report comes as officials in Georgia revealed more information about a ransomware attack that affected a digital voter database.
β Georgia Election Data Hit in Ransomware Attack β
π Read
via "Threat Post".
With Election Day approaching, local governments need to be prepared for malware attacks on election infrastructure.π Read
via "Threat Post".
Threat Post
Georgia Election Data Hit in Ransomware Attack
With Election Day approaching, local governments need to be prepared for malware attacks on election infrastructure.
β Election Security: Beyond Mail-In Voting β
π Read
via "Threat Post".
There are many areas of the election process that criminal hackers can target to influence election results.π Read
via "Threat Post".
Threat Post
Election Security: Beyond Mail-In Voting
There are many areas of the election process that criminal hackers can target to influence election results.
β Louisiana Calls Out National Guard to Fight Ransomware Surge β
π Read
via "Threat Post".
An investigation showed a custom backdoor RAT and the Emotet trojan in the networks of municipal victims of the attacks.π Read
via "Threat Post".
Threat Post
Louisiana Calls Out National Guard to Fight Ransomware Surge
An investigation showed a custom backdoor RAT and the Emotet trojan in the networks of municipal victims of the attacks.
π΄ Flurry of Warnings Highlight Cyber Threats to US Elections π΄
π Read
via "Dark Reading".
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.π Read
via "Dark Reading".
Dark Reading
Flurry of Warnings Highlight Cyber Threats to US Elections
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.