βΌ CVE-2020-1915 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.π Read
via "National Vulnerability Database".
β Microsoft IE Browser Death March Hastens β
π Read
via "Threat Post".
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.π Read
via "Threat Post".
Threat Post
Microsoft IE Browser Death March Hastens
Internet Explorer redirects more traffic to Edge Chromium browser as Microsoft warns of the upcoming demise of the once dominant browser.
π΄ Neural Networks Help Users Pick More-Secure Passwords π΄
π Read
via "Dark Reading".
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.π Read
via "Dark Reading".
Dark Reading
Neural Networks Help Users Pick More-Secure Passwords
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
βΌ CVE-2020-27743 βΌ
π Read
via "National Vulnerability Database".
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.π Read
via "National Vulnerability Database".
β Phone scamming β friends donβt let friends get vished! β
π Read
via "Naked Security".
You probably back yourself not to be flattered or scared by a voice scammer - but what about vulnerable friends or relatives?π Read
via "Naked Security".
Naked Security
Phone scamming β friends donβt let friends get vished!
You probably back yourself not to be flattered or scared by a voice scammer β but what about vulnerable friends or relatives?
βΌ CVE-2018-21269 βΌ
π Read
via "National Vulnerability Database".
checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27180 βΌ
π Read
via "National Vulnerability Database".
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7753 βΌ
π Read
via "National Vulnerability Database".
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().π Read
via "National Vulnerability Database".
βΌ CVE-2020-27182 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27183 βΌ
π Read
via "National Vulnerability Database".
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8956 βΌ
π Read
via "National Vulnerability Database".
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.π Read
via "National Vulnerability Database".
β Google Boots 21 Bogus Gaming Apps from Play Marketplace β
π Read
via "Threat Post".
Android apps packed with malware from HiddenAds family downloaded 8 million times from the online marketplace.π Read
via "Threat Post".
Threat Post
Google Boots 21 Bogus Gaming Apps from Play Marketplace
Android apps packed with malware from HiddenAds family downloaded 8 million times from the online marketplace.
β Holiday Shopping Craze, COVID-19 Spur Retail Security Storm β
π Read
via "Threat Post".
Veracode's Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.π Read
via "Threat Post".
Threat Post
Holiday Shopping Craze, COVID-19 Spur Retail Security Storm
Veracode's Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.
π΄ COVID-19: Latest Security News & Commentary π΄
π Read
via "Dark Reading".
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.π Read
via "Dark Reading".
Dark Reading
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
β Majority of Microsoft 365 Admins Donβt Enable MFA β
π Read
via "Threat Post".
Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.π Read
via "Threat Post".
Threat Post
Majority of Microsoft 365 Admins Donβt Enable MFA
Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.
π¦Ώ How foreign actors are trying to undermine the US presidential election π¦Ώ
π Read
via "Tech Republic".
Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.π Read
via "Tech Republic".
TechRepublic
How foreign actors are trying to undermine the US presidential election
Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.
π¦Ώ FBI: Hotel Wi-Fi is not safe π¦Ώ
π Read
via "Tech Republic".
While hotel Wi-Fi is convenient, security is not the priority, federal government says.π Read
via "Tech Republic".
TechRepublic
FBI: Hotel Wi-Fi is not safe
While hotel Wi-Fi is convenient, security is not the priority, federal government says.
β LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes β
π Read
via "Threat Post".
Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers.π Read
via "Threat Post".
Threat Post
Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes
Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers.
βΌ CVE-2020-6023 βΌ
π Read
via "National Vulnerability Database".
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10256 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.π Read
via "National Vulnerability Database".
π΄ Employees Aware of Emailed Threats Open Suspicious Messages π΄
π Read
via "Dark Reading".
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.π Read
via "Dark Reading".
Dark Reading
Employees Aware of Emailed Threats Open Suspicious Messages
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.