🕴 Preventing and Mitigating DDoS Attacks: It's Elementary 🕴
📖 Read
via "Dark Reading".
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.📖 Read
via "Dark Reading".
Dark Reading
Preventing and Mitigating DDoS Attacks: It's Elementary
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.
‼ CVE-2020-25655 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8133 ‼
📖 Read
via "National Vulnerability Database".
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8268 ‼
📖 Read
via "National Vulnerability Database".
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9300 ‼
📖 Read
via "National Vulnerability Database".
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure deployment guidelines the risk of this is lowered, as this may only be exploited by an authenticated user.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8276 ‼
📖 Read
via "National Vulnerability Database".
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9299 ‼
📖 Read
via "National Vulnerability Database".
There were XSS vulnerabilities discovered and reported in the Dispatch application, affecting name and description parameters of Incident Priority, Incident Type, Tag Type, and Incident Filter. This vulnerability can be exploited by an authenticated user.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8150 ‼
📖 Read
via "National Vulnerability Database".
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.📖 Read
via "National Vulnerability Database".
🛠 Windows File Enumeration Intel Gathering Tool 2.2 🛠
📖 Read
via "Packet Storm Security".
NtFileSins.py is a Windows file enumeration intel gathering tool.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Windows File Enumeration Intel Gathering Tool 2.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Etherify Radio Signal Analysis Tool 🛠
📖 Read
via "Packet Storm Security".
Etherify is an interesting tool that analyzes radio signals transmitted by transmission rates via ethernet.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Etherify Radio Signal Analysis Tool ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Insecure APIs a Growing Risk for Organizations 🕴
📖 Read
via "Dark Reading".
Security models for application programming interfaces haven't kept pace with requirements of a non-perimeter world, Forrester says.📖 Read
via "Dark Reading".
Dark Reading
Insecure APIs a Growing Risk for Organizations
Security models for application programming interfaces haven't kept pace with requirements of a non-perimeter world, Forrester says.
❌ Ultimate Member Plugin for WordPress Allows Site Takeover ❌
📖 Read
via "Threat Post".
Three critical security bugs allow for easy privilege escalation to an administrator role.📖 Read
via "Threat Post".
Threat Post
Ultimate Member Plugin for WordPress Allows Site Takeover
Three critical security bugs allow for easy privilege escalation to an administrator role.
🛠 OATH Toolkit 2.6.3 🛠
📖 Read
via "Packet Storm Security".
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.📖 Read
via "Packet Storm Security".
Packetstormsecurity
OATH Toolkit 2.6.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2020-23136 ‼
📖 Read
via "National Vulnerability Database".
Microweber v1.1.18 is affected by no session expiry after log-out.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23138 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23140 ‼
📖 Read
via "National Vulnerability Database".
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-23139 ‼
📖 Read
via "National Vulnerability Database".
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14366 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw📖 Read
via "National Vulnerability Database".
❌ Cyberattack on UVM Health Network Impedes Chemotherapy Appointments ❌
📖 Read
via "Threat Post".
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.📖 Read
via "Threat Post".
Threat Post
Cyberattack on UVM Health Network Impedes Chemotherapy Appointments
The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.
❌ Trump Site Alleging AZ Election Fraud Exposes Voter Data ❌
📖 Read
via "Threat Post".
Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection.📖 Read
via "Threat Post".
Threat Post
Trump Site Alleging AZ Election Fraud Exposes Voter Data
Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection.
🕴 Data Privacy Gets Solid Upgrade With Early Adopters 🕴
📖 Read
via "Dark Reading".
The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data.📖 Read
via "Dark Reading".
Dark Reading
Data Privacy Gets Solid Upgrade With Early Adopters
The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Le