βΌ CVE-2020-27387 βΌ
π Read
via "National Vulnerability Database".
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.π Read
via "National Vulnerability Database".
β Malspam Campaign Milks Election Uncertainty β
π Read
via "Threat Post".
Emails try to lure victims with malicious documents claiming to have information about voting interference.π Read
via "Threat Post".
Threat Post
Malspam Campaign Milks Election Uncertainty
Emails try to lure victims with malicious documents claiming to have information about voting interference.
βΌ CVE-2020-7761 βΌ
π Read
via "National Vulnerability Database".
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.π Read
via "National Vulnerability Database".
β S3 Ep5: Chrome, Flash and malware for sale [Podcast] β
π Read
via "Naked Security".
Here's the latest podcast - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep5: Chrome, Flash and malware for sale [Podcast]
Hereβs the latest podcast β listen now!
π΄ The One Critical Element to Hardening Your Employees' Mobile Security π΄
π Read
via "Dark Reading".
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.π Read
via "Dark Reading".
Dark Reading
The One Critical Element to Hardening Your Employees' Mobile Security
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.
β Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched β
π Read
via "Threat Post".
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.π Read
via "Threat Post".
Threat Post
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.
βΌ CVE-2020-7763 βΌ
π Read
via "National Vulnerability Database".
This affects the package phantom-html-to-pdf before 0.6.1.π Read
via "National Vulnerability Database".
π΄ Online Users Feel Safe, But Risky Behavior Abounds π΄
π Read
via "Dark Reading".
New research also shows a divide between younger and older users in their security practices, including use of two-factor authentication and how often software updates are performed.π Read
via "Dark Reading".
Dark Reading
Online Users Feel Safe, But Risky Behavior Abounds
New research also shows a divide between younger and older users in their security practices, including use of two-factor authentication and how often software updates are performed.
π¦Ώ Don't click on ransomware disguised as political ads π¦Ώ
π Read
via "Tech Republic".
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.π Read
via "Tech Republic".
TechRepublic
It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.
βΌ CVE-2020-27402 βΌ
π Read
via "National Vulnerability Database".
The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15949 βΌ
π Read
via "National Vulnerability Database".
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover.π Read
via "National Vulnerability Database".
π΄ Cado Security Gets $1.5 Million Seed π΄
π Read
via "Dark Reading".
The seed funding round was led by Ten Eleven Ventures.π Read
via "Dark Reading".
Dark Reading
Cado Security Gets $1.5 Million Seed
The seed funding round was led by Ten Eleven Ventures.
π¦Ώ How to defend your organization against social engineering attacks π¦Ώ
π Read
via "Tech Republic".
A security awareness program backed by multi-factor authentication can help protect your critical assets, says NordVPN Teams.π Read
via "Tech Republic".
TechRepublic
How to defend your organization against social engineering attacks
A security awareness program backed by multi-factor authentication can help protect your critical assets, says NordVPN Teams.
π΄ Digital Transformation Means Security Must Also Transform π΄
π Read
via "Dark Reading".
Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.π Read
via "Dark Reading".
Dark Reading
Digital Transformation Means Security Must Also Transform
Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.
π¦Ώ How to enable end-to-end encryption for the Nextcloud app π¦Ώ
π Read
via "Tech Republic".
Learn how you can enable the new Nextcloud end-to-end encryption.π Read
via "Tech Republic".
TechRepublic
Nextcloud app: How to enable end-to-end encryption
Learn how you can enable the new Nextcloud end-to-end encryption.
π¦Ώ How to manage your personal information for your Google account π¦Ώ
π Read
via "Tech Republic".
In the name of security, you should make sure the information displayed on your Google account is limited. Jack Wallen shows you how.π Read
via "Tech Republic".
TechRepublic
How to manage your personal information for your Google account
In the name of security, you should make sure the information displayed on your Google account is limited. Jack Wallen shows you how.
π¦Ώ How to manage personal information for your Google account π¦Ώ
π Read
via "Tech Republic".
In the name of security, make sure the information displayed on your Google account is limited. Jack Wallen shows you how.π Read
via "Tech Republic".
TechRepublic
How to manage personal information for your Google account
In the name of security, make sure the information displayed on your Google account is limited. Jack Wallen shows you how.
βΌ CVE-2018-1725 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26507 βΌ
π Read
via "National Vulnerability Database".
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the Γ’β¬œNotesΓ’β¬οΏ½ functionality in the main screen, an attacker can inject a payload into the Γ’β¬œDescriptionΓ’β¬οΏ½ field under the Γ’β¬œInsert To-DoΓ’β¬οΏ½ option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the userΓ’β¬β’s PC.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4097 βΌ
π Read
via "National Vulnerability Database".
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14240 βΌ
π Read
via "National Vulnerability Database".
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.π Read
via "National Vulnerability Database".