βΌ CVE-2020-27986 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is "it is the administrator's responsibility to configure it."π Read
via "National Vulnerability Database".
βΌ CVE-2020-11487 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11488 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.π Read
via "National Vulnerability Database".
β Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns β
π Read
via "Threat Post".
Malicious redirection websites are using typosquatting and impersonation to attack unwary visitors.π Read
via "Threat Post".
Threat Post
Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns
Malicious redirection websites are using typosquatting and impersonation to attack unwary visitors.
βΌ CVE-2020-27655 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7746 βΌ
π Read
via "National Vulnerability Database".
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.π Read
via "National Vulnerability Database".
β Bug-Bounty Awards Spike 26% in 2020 β
π Read
via "Threat Post".
The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify.π Read
via "Threat Post".
Threat Post
Bug-Bounty Awards Spike 26% in 2020
The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify.
π¦Ώ How phishing attacks are targeting schools and colleges π¦Ώ
π Read
via "Tech Republic".
Attackers are exploiting the need for schools to receive critical updates from teachers, principals, and department heads, says Barracuda.π Read
via "Tech Republic".
TechRepublic
How phishing attacks are targeting schools and colleges
Attackers are exploiting the need for schools to receive critical updates from teachers, principals, and department heads, says Barracuda.
π Digital Guardian Debuts Exclusive Offer for Forcepoint DLP Customers π
π Read
via "Digital Guardian".
With news the company will be acquired, Forcepoint DLP customers may be looking for a change.π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Debuts Exclusive Offer for Forcepoint DLP Customers
With news the company will be acquired, Forcepoint DLP customers may be looking for a change.
π΄ Is Your Encryption Ready for Quantum Threats? π΄
π Read
via "Dark Reading".
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.π Read
via "Dark Reading".
Dark Reading
Is Your Encryption Ready for Quantum Threats?
Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
β Oracle WebLogic Server RCE Flaw Under Active Attack β
π Read
via "Threat Post".
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.π Read
via "Threat Post".
Threat Post
Oracle WebLogic Server RCE Flaw Under Active Attack
The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
π¦Ώ FBI: Hospitals and healthcare providers face imminent ransomware threat π¦Ώ
π Read
via "Tech Republic".
The FBI warns of a threat against the healthcare sector from Ryuk ransomware, and one that's already affected some hospitals.π Read
via "Tech Republic".
TechRepublic
FBI: Hospitals and healthcare providers face imminent ransomware threat
The FBI warns of a threat against the healthcare sector from Ryuk ransomware, and one that's already affected some hospitals.
β Home Depot Confirms Data Breach in Order Confirmation SNAFU β
π Read
via "Threat Post".
Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information.π Read
via "Threat Post".
Threat Post
Home Depot Confirms Data Breach in Order Confirmation SNAFU
Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information.
π΄ How to Increase Voter Turnout & Reduce Fraud π΄
π Read
via "Dark Reading".
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?π Read
via "Dark Reading".
Dark Reading
How to Increase Voter Turnout & Reduce Fraud
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
β Buer Loader βmalware-as-a-serviceβ joins Emotet for ransomware delivery β
π Read
via "Naked Security".
A relative newcomer in the "malware-as-a-service" scene is starting to attract the big-money ransomware criminals.π Read
via "Naked Security".
Naked Security
Buer Loader βmalware-as-a-serviceβ joins Emotet for ransomware delivery
A relative newcomer in the βmalware-as-a-serviceβ scene is starting to attract the big-money ransomware criminals.
π΄ Cybercriminals Aim BEC Attacks at Education Industry π΄
π Read
via "Dark Reading".
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Aim BEC Attacks at Education Industry
Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
π΄ Why Defense, Not Offense, Will Determine Global Cyber Powers π΄
π Read
via "Dark Reading".
Darktrace director of strategic threat Marcus Fowlers explains what to expect from nation-state attackers in the months to come -- and why kindergarten classes are a good model for solid cybersecurity.π Read
via "Dark Reading".
Dark Reading
Why Defense, Not Offense, Will Determine Global Cyber Powers
Darktrace director of strategic threat Marcus Fowlers explains what to expect from nation-state attackers in the months to come -- and why kindergarten classes are a good model for solid cybersecurity.
π΄ How Healthcare Organizations Can Combat Ransomware π΄
π Read
via "Dark Reading".
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.π Read
via "Dark Reading".
Dark Reading
How Healthcare Organizations Can Combat Ransomware
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
π¦Ώ Business Email Compromise attacks are on the rise π¦Ώ
π Read
via "Tech Republic".
BEC campaigns continue to shift their targets from C-suite executives and finance employees to group mailboxes, says Abnormal Security.π Read
via "Tech Republic".
TechRepublic
Business Email Compromise attacks are on the rise
BEC campaigns continue to shift their targets from C-suite executives and finance employees to group mailboxes, says Abnormal Security.
π΄ Ransomware Wave Targets US Hospitals: What We Know So Far π΄
π Read
via "Dark Reading".
A joint advisory from the CSIA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.π Read
via "Dark Reading".
Dark Reading
Ransomware Wave Targets US Hospitals: What We Know So Far
A joint advisory from the CSIA, FBI, and HHS warns of an increased and imminent threat to US hospitals and healthcare providers.
π΄ Hackers Make Off With Millions From Wisconsin Republicans π΄
π Read
via "Dark Reading".
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.π Read
via "Dark Reading".
Dark Reading
Hackers Make Off With Millions From Wisconsin Republicans
According to the Wisconsin Republican Party, thieves used altered invoices to make off with $2.3 million in election funds.