‼ CVE-2020-27982 ‼
📖 Read
via "National Vulnerability Database".
IceWarp 11.4.5.0 allows XSS via the language parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7758 ‼
📖 Read
via "National Vulnerability Database".
This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9368 ‼
📖 Read
via "National Vulnerability Database".
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8183 ‼
📖 Read
via "National Vulnerability Database".
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6014 ‼
📖 Read
via "National Vulnerability Database".
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.📖 Read
via "National Vulnerability Database".
🕴 Microsoft & Others Catalog Threats to Machine Learning Systems 🕴
📖 Read
via "Dark Reading".
Thirteen organizations worked together to create a dictionary of techniques used to attack ML models and warn that such malicious efforts will become more common.📖 Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
🕴 California's Prop. 24 Splits Privacy Advocates 🕴
📖 Read
via "Dark Reading".
Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.📖 Read
via "Dark Reading".
Dark Reading
California's Prop. 24 Splits Privacy Advocates
Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.
‼ CVE-2020-9861 ‼
📖 Read
via "National Vulnerability Database".
A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16001 ‼
📖 Read
via "National Vulnerability Database".
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15973 ‼
📖 Read
via "National Vulnerability Database".
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16007 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15987 ‼
📖 Read
via "National Vulnerability Database".
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16010 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-6557 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.📖 Read
via "National Vulnerability Database".
🕴 6 Cybersecurity Lessons From 2020 🕴
📖 Read
via "Dark Reading".
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.📖 Read
via "Dark Reading".
Dark Reading
6 Cybersecurity Lessons From 2020
The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.
❌ Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw ❌
📖 Read
via "Threat Post".
The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.📖 Read
via "Threat Post".
Threat Post
Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.
🦿 It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads 🦿
📖 Read
via "Tech Republic".
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.📖 Read
via "Tech Republic".
TechRepublic
It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.
🕴 Reworking the Taxonomy for Richer Risk Assessments 🕴
📖 Read
via "Dark Reading".
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.📖 Read
via "Dark Reading".
Dark Reading
Reworking the Taxonomy for Richer Risk Assessments
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.
‼ CVE-2020-4649 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.📖 Read
via "National Vulnerability Database".
❌ Media Comms Giant Says Ransomware Hit Will Cost Millions ❌
📖 Read
via "Threat Post".
Aussie firm Isentia said "remediation and foregone revenue" could total $8.5 million AUS or more.📖 Read
via "Threat Post".
Threat Post
Media Comms Giant Says Ransomware Hit Will Cost Millions
Aussie firm Isentia said "remediation and foregone revenue" could total $8.5 million AUS or more.
🕴 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time 🕴
📖 Read
via "Dark Reading".
This year has been the ultimate test of business resilience, and if anything has become clear, it's this: Security pros need to get to work and overhaul their playbooks in preparation for multilayered attacks.📖 Read
via "Dark Reading".
Dark Reading
9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time
This year has been the ultimate test of business resilience, and if anything has become clear, it's this: Security pros need to get to work and overhaul their playbooks in preparation for multilayered attacks.