βΌ CVE-2020-7126 βΌ
π Read
via "National Vulnerability Database".
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7196 βΌ
π Read
via "National Vulnerability Database".
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".π Read
via "National Vulnerability Database".
βΌ CVE-2020-7752 βΌ
π Read
via "National Vulnerability Database".
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.π Read
via "National Vulnerability Database".
β βAmong Usβ Mobile Game Under Siege by Attackers β
π Read
via "Threat Post".
Ongoing attacks on the wildly popular game Among Us are testing developersβ ability to keep up.π Read
via "Threat Post".
Threat Post
βAmong Usβ Mobile Game Under Siege by Attackers
Ongoing attacks on the wildly popular game Among Us are testing developersβ ability to keep up.
π¦Ώ Enterprises confident Chief Sustainability Officer (CSO) will improve cybersecurity π¦Ώ
π Read
via "Tech Republic".
98% of enterprises want CSOs, but 56% of industrial businesses don't have plans to introduce one to their company, according to a new Kaspersky report.π Read
via "Tech Republic".
TechRepublic
Enterprises confident Chief Sustainability Officer (CSO) will improve cybersecurity
98% of enterprises want CSOs, but 56% of industrial businesses don't have plans to introduce one to their company, according to a new Kaspersky report.
βΌ CVE-2017-18925 βΌ
π Read
via "National Vulnerability Database".
opentmpfiles through 0.3.1 allows local users to take ownership of arbitrary files because d entries are mishandled and allow a symlink attack.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26566 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26161 βΌ
π Read
via "National Vulnerability Database".
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.π Read
via "National Vulnerability Database".
π Former Healthcare Exec Sentenced for Sabotaging COVID-19 Supply Deliveries π
π Read
via "Digital Guardian".
The ex-VP conducted an intrusion into his former employerβs package shipping system and delayed PPE essential to healthcare workers.π Read
via "Digital Guardian".
Digital Guardian
Former Healthcare Exec Sentenced for Sabotaging COVID-19 Supply Deliveries
The ex-VP conducted an intrusion into his former employerβs package shipping system and delayed PPE essential to healthcare workers.
π΄ Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach π΄
π Read
via "Dark Reading".
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Extort Psychotherapy Patients Following Vastaamo Breach
An attacker is running a Tor site to leak the session notes of 300 patients at Vastaamo, a Finnish psychotherapy facility.
βΌ CVE-2020-1915 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
β Microsoft IE Browser Death March Hastens β
π Read
via "Threat Post".
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.π Read
via "Threat Post".
Threat Post
Microsoft IE Browser Death March Hastens
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.
π΄ Neural Networks Help Users Pick More-Secure Passwords π΄
π Read
via "Dark Reading".
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.π Read
via "Dark Reading".
Dark Reading
Neural Networks Help Users Pick More-Secure Passwords
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
βΌ CVE-2020-27743 βΌ
π Read
via "National Vulnerability Database".
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.π Read
via "National Vulnerability Database".
β Phone scamming β friends donβt let friends get vished! β
π Read
via "Naked Security".
You probably back yourself not to be flattered or scared by a voice scammer - but what about vulnerable friends or relatives?π Read
via "Naked Security".
Naked Security
Phone scamming β friends donβt let friends get vished!
You probably back yourself not to be flattered or scared by a voice scammer β but what about vulnerable friends or relatives?
βΌ CVE-2018-21269 βΌ
π Read
via "National Vulnerability Database".
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27180 βΌ
π Read
via "National Vulnerability Database".
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7753 βΌ
π Read
via "National Vulnerability Database".
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().π Read
via "National Vulnerability Database".
βΌ CVE-2020-27182 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27183 βΌ
π Read
via "National Vulnerability Database".
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8956 βΌ
π Read
via "National Vulnerability Database".
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.π Read
via "National Vulnerability Database".