βΌ CVE-2020-22275 βΌ
π Read
via "National Vulnerability Database".
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8036 βΌ
π Read
via "National Vulnerability Database".
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.π Read
via "National Vulnerability Database".
π΄ Hexagon Announces Deal to Acquire PAS Global π΄
π Read
via "Dark Reading".
The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.π Read
via "Dark Reading".
Dark Reading
Hexagon Announces Deal to Acquire PAS Global
The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.
π¦Ώ What's happening today: The election and online spending π¦Ώ
π Read
via "Tech Republic".
As Americans anxiously await clarity regarding final voting counts and results of yesterday's election, a new report found 26% of US consumers correlate who will win with how much they'll spend.π Read
via "Tech Republic".
TechRepublic
What's happening today: The election and online spending
As Americans anxiously await clarity regarding final voting counts and results of yesterday's election, a new report found 26% of US consumers correlate who will win with how much they'll spend.
βΌ CVE-2020-7128 βΌ
π Read
via "National Vulnerability Database".
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28049 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.π Read
via "National Vulnerability Database".
β Google Forms Abused to Phish AT&T Credentials β
π Read
via "Threat Post".
More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.π Read
via "Threat Post".
Threat Post
Google Forms Abused to Phish AT&T Credentials
More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.
β GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers β
π Read
via "Threat Post".
Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.π Read
via "Threat Post".
Threat Post
GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers
Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.
β Mysterious APT Leaves Curious βKilllSomeOneβ Clue β
π Read
via "Threat Post".
APT cloaks identity using script-kiddie messages and advanced deployment and targeting techniques.π Read
via "Threat Post".
Threat Post
Mysterious APT Leaves Curious βKilllSomeOneβ Clue
APT cloaks identity using script-kiddie messages and advanced deployment and targeting techniques.
π΄ Disinformation Now the Top Concern Following Hack-Free Election Day π΄
π Read
via "Dark Reading".
After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.π Read
via "Dark Reading".
Dark Reading
Disinformation Now the Top Concern Following Hack-Free Election Day
After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.
βΌ CVE-2020-27691 βΌ
π Read
via "National Vulnerability Database".
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27692 βΌ
π Read
via "National Vulnerability Database".
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26207 βΌ
π Read
via "National Vulnerability Database".
DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27690 βΌ
π Read
via "National Vulnerability Database".
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.π Read
via "National Vulnerability Database".
π΄ Ransom Payment No Guarantee Against Doxxing π΄
π Read
via "Dark Reading".
Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware.π Read
via "Dark Reading".
Dark Reading
Ransom Payment No Guarantee Against Doxxing
Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware.
βΌ CVE-2020-25201 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27387 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.π Read
via "National Vulnerability Database".
β Malspam Campaign Milks Election Uncertainty β
π Read
via "Threat Post".
Emails try to lure victims with malicious documents claiming to have information about voting interference.π Read
via "Threat Post".
Threat Post
Malspam Campaign Milks Election Uncertainty
Emails try to lure victims with malicious documents claiming to have information about voting interference.
βΌ CVE-2020-7761 βΌ
π Read
via "National Vulnerability Database".
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.π Read
via "National Vulnerability Database".
β S3 Ep5: Chrome, Flash and malware for sale [Podcast] β
π Read
via "Naked Security".
Here's the latest podcast - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep5: Chrome, Flash and malware for sale [Podcast]
Hereβs the latest podcast β listen now!
π΄ The One Critical Element to Hardening Your Employees' Mobile Security π΄
π Read
via "Dark Reading".
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.π Read
via "Dark Reading".
Dark Reading
The One Critical Element to Hardening Your Employees' Mobile Security
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.