‼ CVE-2018-4339 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with a new entitlement. This issue is fixed in iOS 12.1. A local user may be able to read a persistent device identifier.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8858 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9941 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. A remote attacker may be able to unexpectedly alter application state.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9782 ‼
📖 Read
via "National Vulnerability Database".
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25765 ‼
📖 Read
via "National Vulnerability Database".
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-8715 ‼
📖 Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. An application may be able to execute arbitrary code with system privileges.📖 Read
via "National Vulnerability Database".
🕴 Survey Uncovers High Level of Concern Over Firewalls 🕴
📖 Read
via "Dark Reading".
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.📖 Read
via "Dark Reading".
Dark Reading
Survey Uncovers High Level of Concern Over Firewalls
More than half of respondents are planning to reduce their network firewall footprint because of what they see as limitations in the technology.
‼ CVE-2020-16140 ‼
📖 Read
via "National Vulnerability Database".
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27957 ‼
📖 Read
via "National Vulnerability Database".
The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27956 ‼
📖 Read
via "National Vulnerability Database".
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).📖 Read
via "National Vulnerability Database".
🦿 Security firm identifies 5 biggest cybersecurity risks for hospitals and healthcare organizations 🦿
📖 Read
via "Tech Republic".
Wandera finds malicious network traffic and configuration vulnerabilities on mobile devices as popular entry points for cybercriminals.📖 Read
via "Tech Republic".
TechRepublic
The 5 biggest cybersecurity threats for the healthcare industry
Wandera finds malicious network traffic and configuration vulnerabilities on mobile devices as popular entry points for cybercriminals.
❌ Trump Campaign Website Defaced by Cryptocurrency Scam ❌
📖 Read
via "Threat Post".
Hackers claim to have access to classified information linking the president to the origin of the coronavirus and criminal collusion with foreign actors.📖 Read
via "Threat Post".
Threat Post
Trump Campaign Website Defaced by Cryptocurrency Scam
Hackers claim to have access to classified information linking the president to the origin of the coronavirus and criminal collusion with foreign actors.
❌ Experts Weigh in on E-Commerce Security Amid Snowballing Threats ❌
📖 Read
via "Threat Post".
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.📖 Read
via "Threat Post".
Threat Post
Experts Weigh in on E-Commerce Security Amid Snowballing Threats
How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.
‼ CVE-2020-5145 ‼
📖 Read
via "National Vulnerability Database".
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.📖 Read
via "National Vulnerability Database".
❌ North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn ❌
📖 Read
via "Threat Post".
The Kimsuky/Hidden Cobra APT is going after the commercial sector, according to CISA.📖 Read
via "Threat Post".
Threat Post
North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
The Kimsuky/Hidden Cobra APT is going after the commercial sector, according to CISA.
❌ Election Security: How Mobile Devices Are Shaping the Way We Work, Play and Vote ❌
📖 Read
via "Threat Post".
With the election just a week away, cybercriminals are ramping up mobile attacks on citizens under the guise of campaign communications.📖 Read
via "Threat Post".
Threat Post
Election Security: How Mobile Devices Are Shaping the Way We Work, Play and Vote
With the election just a week away, cybercriminals are ramping up mobile attacks on citizens under the guise of campaign communications.
🕴 Physical Security Has a Lot of Catching Up to Do 🕴
📖 Read
via "Dark Reading".
The transformation we need: merging the network operations center with the physical security operations center.📖 Read
via "Dark Reading".
Dark Reading
Physical Security Has a Lot of Catching Up to Do
The transformation we need: merging the network operations center with the physical security operations center.
‼ CVE-2020-8240 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8261 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8239 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC.📖 Read
via "National Vulnerability Database".
❌ Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees ❌
📖 Read
via "Threat Post".
The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.📖 Read
via "Threat Post".
Threat Post
Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees
The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.