βΌ CVE-2020-7751 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package pathval.π Read
via "National Vulnerability Database".
π΄ Microsoft's Kubernetes Threat Matrix: Here's What's Missing π΄
π Read
via "Dark Reading".
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Nandoβs Hackers Feast on Customer Accounts β
π Read
via "Threat Post".
Multiple chicken diners said their usernames and passwords were stolen and the accounts used to place high-volume orders.π Read
via "Threat Post".
Threat Post
Nandoβs Hackers Feast on Customer Accounts
Multiple chicken diners said their usernames and passwords were stolen and the accounts used to place high-volume orders.
β Vastaamo Breach: Hackers Blackmailing Psychotherapy Patients β
π Read
via "Threat Post".
Cybercriminals have already reportedly posted the details of 300 Vastaamo patients - and are threatening to release the data of others unless a ransom is paid.π Read
via "Threat Post".
Threat Post
Vastaamo Breach: Hackers Blackmailing Psychotherapy Patients
Cybercriminals have already reportedly posted the details of 300 Vastaamo patients - and are threatening to release the data of others unless a ransom is paid.
βΌ CVE-2020-25470 βΌ
π Read
via "National Vulnerability Database".
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.π Read
via "National Vulnerability Database".
π Sifter 10.5f π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 10.5f β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Teach Your Employees Well: How to Spot Smishing & Vishing Scams π΄
π Read
via "Dark Reading".
One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs.π Read
via "Dark Reading".
Dark Reading
Teach Your Employees Well: How to Spot Smishing & Vishing Scams
One of the best ways to keep employees from falling victim to these social-engineering attacks is to teach them the signs.
β Containerd Bug Exposes Cloud Account Credentials β
π Read
via "Threat Post".
The flaw (CVE-2020-15157) is located in the container image-pulling process.π Read
via "Threat Post".
Threat Post
Containerd Bug Exposes Cloud Account Credentials
The flaw (CVE-2020-15157) is located in the container image-pulling process.
π΄ New Report Links Cybersecurity and Sustainability π΄
π Read
via "Dark Reading".
Some have also created the role of chief sustainability officer, according to Kaspersky.π Read
via "Dark Reading".
Dark Reading
New Report Links Cybersecurity and Sustainability
Some have also created the role of chief sustainability officer, according to Kaspersky.
βΌ CVE-2020-7126 βΌ
π Read
via "National Vulnerability Database".
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7196 βΌ
π Read
via "National Vulnerability Database".
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".π Read
via "National Vulnerability Database".
βΌ CVE-2020-7752 βΌ
π Read
via "National Vulnerability Database".
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.π Read
via "National Vulnerability Database".
β βAmong Usβ Mobile Game Under Siege by Attackers β
π Read
via "Threat Post".
Ongoing attacks on the wildly popular game Among Us are testing developersβ ability to keep up.π Read
via "Threat Post".
Threat Post
βAmong Usβ Mobile Game Under Siege by Attackers
Ongoing attacks on the wildly popular game Among Us are testing developersβ ability to keep up.
π¦Ώ Enterprises confident Chief Sustainability Officer (CSO) will improve cybersecurity π¦Ώ
π Read
via "Tech Republic".
98% of enterprises want CSOs, but 56% of industrial businesses don't have plans to introduce one to their company, according to a new Kaspersky report.π Read
via "Tech Republic".
TechRepublic
Enterprises confident Chief Sustainability Officer (CSO) will improve cybersecurity
98% of enterprises want CSOs, but 56% of industrial businesses don't have plans to introduce one to their company, according to a new Kaspersky report.
βΌ CVE-2017-18925 βΌ
π Read
via "National Vulnerability Database".
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26566 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26161 βΌ
π Read
via "National Vulnerability Database".
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.π Read
via "National Vulnerability Database".
π Former Healthcare Exec Sentenced for Sabotaging COVID-19 Supply Deliveries π
π Read
via "Digital Guardian".
The ex-VP conducted an intrusion into his former employerβs package shipping system and delayed PPE essential to healthcare workers.π Read
via "Digital Guardian".
Digital Guardian
Former Healthcare Exec Sentenced for Sabotaging COVID-19 Supply Deliveries
The ex-VP conducted an intrusion into his former employerβs package shipping system and delayed PPE essential to healthcare workers.
π΄ Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach π΄
π Read
via "Dark Reading".
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
βΌ CVE-2020-1915 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
β Microsoft IE Browser Death March Hastens β
π Read
via "Threat Post".
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.π Read
via "Threat Post".
Threat Post
Microsoft IE Browser Death March Hastens
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.