βΌ CVE-2020-27180 βΌ
π Read
via "National Vulnerability Database".
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7753 βΌ
π Read
via "National Vulnerability Database".
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) [DNP] via trim().π Read
via "National Vulnerability Database".
βΌ CVE-2020-27182 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27183 βΌ
π Read
via "National Vulnerability Database".
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8956 βΌ
π Read
via "National Vulnerability Database".
Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.π Read
via "National Vulnerability Database".
β Google Boots 21 Bogus Gaming Apps from Play Marketplace β
π Read
via "Threat Post".
Android apps packed with malware from HiddenAds family downloaded 8 million times from the online marketplace.π Read
via "Threat Post".
Threat Post
Google Boots 21 Bogus Gaming Apps from Play Marketplace
Android apps packed with malware from HiddenAds family downloaded 8 million times from the online marketplace.
β Holiday Shopping Craze, COVID-19 Spur Retail Security Storm β
π Read
via "Threat Post".
Veracode's Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.π Read
via "Threat Post".
Threat Post
Holiday Shopping Craze, COVID-19 Spur Retail Security Storm
Veracode's Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.
π΄ COVID-19: Latest Security News & Commentary π΄
π Read
via "Dark Reading".
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.π Read
via "Dark Reading".
Dark Reading
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
β Majority of Microsoft 365 Admins Donβt Enable MFA β
π Read
via "Threat Post".
Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.π Read
via "Threat Post".
Threat Post
Majority of Microsoft 365 Admins Donβt Enable MFA
Beyond admins, researchers say that 97 percent of all total Microsoft 365 users do not use multi-factor authentication.
π¦Ώ How foreign actors are trying to undermine the US presidential election π¦Ώ
π Read
via "Tech Republic".
Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.π Read
via "Tech Republic".
TechRepublic
How foreign actors are trying to undermine the US presidential election
Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.
π¦Ώ FBI: Hotel Wi-Fi is not safe π¦Ώ
π Read
via "Tech Republic".
While hotel Wi-Fi is convenient, security is not the priority, federal government says.π Read
via "Tech Republic".
TechRepublic
FBI: Hotel Wi-Fi is not safe
While hotel Wi-Fi is convenient, security is not the priority, federal government says.
β LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes β
π Read
via "Threat Post".
Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers.π Read
via "Threat Post".
Threat Post
Researchers: LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes
Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers.
βΌ CVE-2020-6023 βΌ
π Read
via "National Vulnerability Database".
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10256 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.π Read
via "National Vulnerability Database".
π΄ Employees Aware of Emailed Threats Open Suspicious Messages π΄
π Read
via "Dark Reading".
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.π Read
via "Dark Reading".
Dark Reading
Employees Aware of Emailed Threats Open Suspicious Messages
A survey of 1,000 employees finds 96% of employees are aware of digital threats, but 45% click emails they consider to be suspicious.
π¦Ώ Going passwordless might be safer for organizations π¦Ώ
π Read
via "Tech Republic".
Passwords are a constant struggle for businesses and IT departments. There are other ways to stay safe.π Read
via "Tech Republic".
TechRepublic
Going passwordless might be safer for organizations
Passwords are a constant struggle for businesses and IT departments. There are other ways to stay safe.
π΄ Akamai Acquires Asavie π΄
π Read
via "Dark Reading".
Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.π Read
via "Dark Reading".
Dark Reading
Akamai Acquires Asavie
Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.
π¦Ώ Top 5 things to know about EU-US data privacy π¦Ώ
π Read
via "Tech Republic".
For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.π Read
via "Tech Republic".
TechRepublic
Top 5 things to know about EU-US data privacy
For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.
π¦Ώ Top 5 things to know about EU-US data privacy π¦Ώ
π Read
via "Tech Republic".
For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.π Read
via "Tech Republic".
TechRepublic
Top 5 things to know about EU-US data privacy
For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.
π΄ MITRE Shield Matrix Highlights Deception & Concealment Technology π΄
π Read
via "Dark Reading".
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.π Read
via "Dark Reading".
Dark Reading
MITRE Shield Matrix Highlights Deception & Concealment Technology
The role that these technologies play in the MITRE Shield matrix is a clear indicator that they are an essential part of today's security landscape.
β Facebook βcopyright violationβ tries to get past 2FA β donβt fall for it! β
π Read
via "Naked Security".
Watch out for "Facebook copyright violation" emails - even if they link straight back to Facebook.comπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News