π΄ Windows Zero-Day Used with Chrome Flaw in Targeted Attacks π΄
π Read
via "Dark Reading".
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.π Read
via "Dark Reading".
Darkreading
Windows Zero-Day Used with Chrome Flaw in Targeted Attacks
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.
β Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope β
π Read
via "Threat Post".
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.π Read
via "Threat Post".
Threat Post
Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.
β $100M Botnet Scheme Lands Cybercriminal 8 Years in Jail β
π Read
via "Threat Post".
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.π Read
via "Threat Post".
Threat Post
$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.
π΄ Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation π΄
π Read
via "Dark Reading".
Cybercrime scheme netted more than $100 million.π Read
via "Dark Reading".
Dark Reading
Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation
Cybercrime scheme netted more than $100 million.
π¦Ώ Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021. π¦Ώ
π Read
via "Tech Republic".
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.π Read
via "Tech Republic".
TechRepublic
Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021.
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.
π΄ New Tools Make North Korea's Kimsuky Group More Dangerous π΄
π Read
via "Dark Reading".
Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.π Read
via "Dark Reading".
Dark Reading
New Tools Make North Korea's Kimsuky Group More Dangerous
Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.
βΌ CVE-2020-26939 βΌ
π Read
via "National Vulnerability Database".
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27982 βΌ
π Read
via "National Vulnerability Database".
IceWarp 11.4.5.0 allows XSS via the language parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7758 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9368 βΌ
π Read
via "National Vulnerability Database".
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8183 βΌ
π Read
via "National Vulnerability Database".
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6014 βΌ
π Read
via "National Vulnerability Database".
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.π Read
via "National Vulnerability Database".
π΄ Microsoft & Others Catalog Threats to Machine Learning Systems π΄
π Read
via "Dark Reading".
Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ California's Prop. 24 Splits Privacy Advocates π΄
π Read
via "Dark Reading".
Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.π Read
via "Dark Reading".
Dark Reading
California's Prop. 24 Splits Privacy Advocates
Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.
βΌ CVE-2020-9861 βΌ
π Read
via "National Vulnerability Database".
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16001 βΌ
π Read
via "National Vulnerability Database".
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15973 βΌ
π Read
via "National Vulnerability Database".
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16007 βΌ
π Read
via "National Vulnerability Database".
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15987 βΌ
π Read
via "National Vulnerability Database".
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16010 βΌ
π Read
via "National Vulnerability Database".
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6557 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.π Read
via "National Vulnerability Database".