🛡 Cybersecurity & Privacy 🛡 - News

Hexagon Announces Deal to Acquire PAS Global

The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.

163 views20:37

What's happening today: The election and online spending

🦿 What's happening today: The election and online spending 🦿

As Americans anxiously await clarity regarding final voting counts and results of yesterday's election, a new report found 26% of US consumers correlate who will win with how much they'll spend.

📖 Read

via "Tech Republic".

TechRepublic

As Americans anxiously await clarity regarding final voting counts and results of yesterday's election, a new report found 26% of US consumers correlate who will win with how much they'll spend.

161 views21:08

‼ CVE-2020-7128 ‼

A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.

📖 Read

via "National Vulnerability Database".

151 views21:42

‼ CVE-2020-28049 ‼

An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation.

📖 Read

via "National Vulnerability Database".

164 views21:42

❌ Google Forms Abused to Phish AT&T Credentials ❌

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.

📖 Read

via "Threat Post".

Google Forms Abused to Phish AT&T Credentials

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.

282 views21:53

❌ GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers ❌

Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.

📖 Read

via "Threat Post".

GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers

Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal.

154 views22:53

❌ Mysterious APT Leaves Curious ‘KilllSomeOne’ Clue ❌

APT cloaks identity using script-kiddie messages and advanced deployment and targeting techniques.

📖 Read

via "Threat Post".

Mysterious APT Leaves Curious ‘KilllSomeOne’ Clue

APT cloaks identity using script-kiddie messages and advanced deployment and targeting techniques.

155 views22:53

🕴 Disinformation Now the Top Concern Following Hack-Free Election Day 🕴

After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.

📖 Read

via "Dark Reading".

Disinformation Now the Top Concern Following Hack-Free Election Day

After an Election Day without foreign interference and cyberattacks, security experts turn their focus to disinformation.

150 views23:37

‼ CVE-2020-27691 ‼

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.

📖 Read

via "National Vulnerability Database".

142 views23:42

‼ CVE-2020-27692 ‼

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.

📖 Read

via "National Vulnerability Database".

156 views23:42

‼ CVE-2020-26207 ‼

DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.

📖 Read

via "National Vulnerability Database".

162 views23:42

‼ CVE-2020-27690 ‼

The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.

📖 Read

via "National Vulnerability Database".

179 views23:42

🕴 Ransom Payment No Guarantee Against Doxxing 🕴

Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware.

📖 Read

via "Dark Reading".

Ransom Payment No Guarantee Against Doxxing

Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware.

207 views01:07

‼ CVE-2020-25201 ‼

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.

📖 Read

via "National Vulnerability Database".

230 views01:47

‼ CVE-2020-27387 ‼

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.

📖 Read

via "National Vulnerability Database".

228 views06:48

❌ Malspam Campaign Milks Election Uncertainty ❌

Emails try to lure victims with malicious documents claiming to have information about voting interference.

📖 Read

via "Threat Post".

Malspam Campaign Milks Election Uncertainty

Emails try to lure victims with malicious documents claiming to have information about voting interference.

220 views13:27

‼ CVE-2020-7761 ‼

This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.

📖 Read

via "National Vulnerability Database".

206 views13:48

S3 Ep5: Chrome, Flash and malware for sale [Podcast]

⚠ S3 Ep5: Chrome, Flash and malware for sale [Podcast] ⚠

Here's the latest podcast - listen now!

📖 Read

via "Naked Security".

Naked Security

Here’s the latest podcast – listen now!

195 views14:39

🕴 The One Critical Element to Hardening Your Employees' Mobile Security 🕴

COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.

📖 Read

via "Dark Reading".

The One Critical Element to Hardening Your Employees' Mobile Security

COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.

188 views15:08

❌ Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched ❌

Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.

📖 Read

via "Threat Post".

Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.

183 views15:27