βΌ CVE-2020-27691 βΌ
π Read
via "National Vulnerability Database".
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27692 βΌ
π Read
via "National Vulnerability Database".
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration server settings (responsible for managing devices remotely). This makes it possible to remotely reboot the device or upload malicious firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26207 βΌ
π Read
via "National Vulnerability Database".
DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary code execution if a user is tricked into opening a specially crafted `.dbschema` file. The patch was released in v2.7.4.3. As a workaround, ensure `.dbschema` files from untrusted sources are not opened.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27690 βΌ
π Read
via "National Vulnerability Database".
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.π Read
via "National Vulnerability Database".
π΄ Ransom Payment No Guarantee Against Doxxing π΄
π Read
via "Dark Reading".
Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware.π Read
via "Dark Reading".
Dark Reading
Ransom Payment No Guarantee Against Doxxing
Several organizations that paid a ransom to keep attackers from releasing stolen data saw it leaked anyway, according to Coveware.
βΌ CVE-2020-25201 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27387 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.π Read
via "National Vulnerability Database".
β Malspam Campaign Milks Election Uncertainty β
π Read
via "Threat Post".
Emails try to lure victims with malicious documents claiming to have information about voting interference.π Read
via "Threat Post".
Threat Post
Malspam Campaign Milks Election Uncertainty
Emails try to lure victims with malicious documents claiming to have information about voting interference.
βΌ CVE-2020-7761 βΌ
π Read
via "National Vulnerability Database".
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.π Read
via "National Vulnerability Database".
β S3 Ep5: Chrome, Flash and malware for sale [Podcast] β
π Read
via "Naked Security".
Here's the latest podcast - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep5: Chrome, Flash and malware for sale [Podcast]
Hereβs the latest podcast β listen now!
π΄ The One Critical Element to Hardening Your Employees' Mobile Security π΄
π Read
via "Dark Reading".
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.π Read
via "Dark Reading".
Dark Reading
The One Critical Element to Hardening Your Employees' Mobile Security
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.
β Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched β
π Read
via "Threat Post".
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.π Read
via "Threat Post".
Threat Post
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.
βΌ CVE-2020-7763 βΌ
π Read
via "National Vulnerability Database".
This affects the package phantom-html-to-pdf before 0.6.1.π Read
via "National Vulnerability Database".
π΄ Online Users Feel Safe, But Risky Behavior Abounds π΄
π Read
via "Dark Reading".
New research also shows a divide between younger and older users in their security practices, including use of two-factor authentication and how often software updates are performed.π Read
via "Dark Reading".
Dark Reading
Online Users Feel Safe, But Risky Behavior Abounds
New research also shows a divide between younger and older users in their security practices, including use of two-factor authentication and how often software updates are performed.
π¦Ώ Don't click on ransomware disguised as political ads π¦Ώ
π Read
via "Tech Republic".
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.π Read
via "Tech Republic".
TechRepublic
It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.
βΌ CVE-2020-27402 βΌ
π Read
via "National Vulnerability Database".
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15949 βΌ
π Read
via "National Vulnerability Database".
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.π Read
via "National Vulnerability Database".
π΄ Cado Security Gets $1.5 Million Seed π΄
π Read
via "Dark Reading".
The seed funding round was led by Ten Eleven Ventures.π Read
via "Dark Reading".
Dark Reading
Cado Security Gets $1.5 Million Seed
The seed funding round was led by Ten Eleven Ventures.
π¦Ώ How to defend your organization against social engineering attacks π¦Ώ
π Read
via "Tech Republic".
A security awareness program backed by multi-factor authentication can help protect your critical assets, says NordVPN Teams.π Read
via "Tech Republic".
TechRepublic
How to defend your organization against social engineering attacks
A security awareness program backed by multi-factor authentication can help protect your critical assets, says NordVPN Teams.
π΄ Digital Transformation Means Security Must Also Transform π΄
π Read
via "Dark Reading".
Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.π Read
via "Dark Reading".
Dark Reading
Digital Transformation Means Security Must Also Transform
Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.
π¦Ώ How to enable end-to-end encryption for the Nextcloud app π¦Ώ
π Read
via "Tech Republic".
Learn how you can enable the new Nextcloud end-to-end encryption.π Read
via "Tech Republic".
TechRepublic
Nextcloud app: How to enable end-to-end encryption
Learn how you can enable the new Nextcloud end-to-end encryption.