βΌ CVE-2020-3638 βΌ
π Read
via "National Vulnerability Database".
u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper access control' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, QCA6390, QCS404, QCS610, Rennell, SA515M, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
βΌ CVE-2020-11174 βΌ
π Read
via "National Vulnerability Database".
u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130π Read
via "National Vulnerability Database".
βΌ CVE-2020-3693 βΌ
π Read
via "National Vulnerability Database".
u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8098, Bitra, MSM8909W, MSM8996AU, Nicobar, QCM2150, QCS605, Saipan, SDM429W, SDX20, SM6150, SM8150, SM8250, SXR2130π Read
via "National Vulnerability Database".
π΄ As Businesses Go Remote, Hackers Find New Security Gaps π΄
π Read
via "Dark Reading".
Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year.π Read
via "Dark Reading".
Dark Reading
As Businesses Go Remote, Hackers Find New Security Gaps
Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year.
π΄ How Can I Help Remote Workers Secure Their Home Routers? π΄
π Read
via "Dark Reading".
The most effective way is with employee security education.π Read
via "Dark Reading".
Dark Reading
How Can I Help Remote Workers Secure Their Home Routers?
The most effective way is with employee security education.
β Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape β
π Read
via "Threat Post".
Google Project Zero disclosed the bug before a patch becomes available from Microsoft.π Read
via "Threat Post".
Threat Post
Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
Google Project Zero disclosed the bug before a patch becomes available from Microsoft.
π΄ Fraud Prevention Strategies to Prepare for the Future π΄
π Read
via "Dark Reading".
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.π Read
via "Dark Reading".
Dark Reading
Fraud Prevention Strategies to Prepare for the Future
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.
β Scammers Abuse Google Drive to Send Malicious Links β
π Read
via "Threat Post".
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.π Read
via "Threat Post".
Threat Post
Scammers Abuse Google Drive to Send Malicious Links
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.
β Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach β
π Read
via "Threat Post".
JM Bullion fell victim to a payment-card skimmer, which was in place for five months.π Read
via "Threat Post".
Threat Post
Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach
JM Bullion fell victim to a payment-card skimmer, which was in place for five months.
π SQLMAP - Automatic SQL Injection Tool 1.4.11 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.11 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Samhain File Integrity Checker 4.4.3 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ It's an urgent plea this Election Eve: Don't click on ransomware disguised as political ads π¦Ώ
π Read
via "Tech Republic".
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.π Read
via "Tech Republic".
TechRepublic
It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.
βΌ CVE-2018-19951 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.π Read
via "National Vulnerability Database".
βΌ CVE-2018-19955 βΌ
π Read
via "National Vulnerability Database".
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.π Read
via "National Vulnerability Database".
β WordPress Pushes Out Multiple Flawed Security Updates β
π Read
via "Threat Post".
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.π Read
via "Threat Post".
Threat Post
WordPress Pushes Out Multiple Flawed Security Updates
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.
π Digital Guardian Provides Customers Protection Following Spread of Ryuk Ransomware π
π Read
via "Digital Guardian".
Weβve released a free policy pack to help customers, especially those in the healthcare and public health sector, protect against the latest Ryuk ransomware campaign.π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Provides Customers Protection Following Spread of Ryuk Ransomware
Weβve released a free policy pack to help customers, especially those in the healthcare and public health sector, protect against the latest Ryuk ransomware campaign.
π΄ Windows Zero-Day Used with Chrome Flaw in Targeted Attacks π΄
π Read
via "Dark Reading".
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.π Read
via "Dark Reading".
Darkreading
Windows Zero-Day Used with Chrome Flaw in Targeted Attacks
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.
β Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope β
π Read
via "Threat Post".
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.π Read
via "Threat Post".
Threat Post
Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.
β $100M Botnet Scheme Lands Cybercriminal 8 Years in Jail β
π Read
via "Threat Post".
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.π Read
via "Threat Post".
Threat Post
$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.
π΄ Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation π΄
π Read
via "Dark Reading".
Cybercrime scheme netted more than $100 million.π Read
via "Dark Reading".
Dark Reading
Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation
Cybercrime scheme netted more than $100 million.
π¦Ώ Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021. π¦Ώ
π Read
via "Tech Republic".
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.π Read
via "Tech Republic".
TechRepublic
Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021.
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.