βΌ CVE-2020-0442 βΌ
π Read
via "National Vulnerability Database".
In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-147358092π Read
via "National Vulnerability Database".
βΌ CVE-2020-0424 βΌ
π Read
via "National Vulnerability Database".
In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564π Read
via "National Vulnerability Database".
βΌ CVE-2020-0450 βΌ
π Read
via "National Vulnerability Database".
In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-157650336π Read
via "National Vulnerability Database".
βΌ CVE-2020-24384 βΌ
π Read
via "National Vulnerability Database".
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2020-0418 βΌ
π Read
via "National Vulnerability Database".
In getPermissionInfosForGroup of Utils.java, there is a logic error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153879813π Read
via "National Vulnerability Database".
βΌ CVE-2020-0445 βΌ
π Read
via "National Vulnerability Database".
There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527π Read
via "National Vulnerability Database".
βΌ CVE-2020-0437 βΌ
π Read
via "National Vulnerability Database".
In CellBroadcastReceiver's intent handlers, there is a possible denial of service due to a missing permission check. This could lead to local denial of service of emergency alerts with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-162741784π Read
via "National Vulnerability Database".
π Falco 0.26.2 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.26.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ DDoS attacks: How to combat the latest tactics π¦Ώ
π Read
via "Tech Republic".
With DDoS-as-a-Service, criminals with a little know-how can launch denial of service attacks for just a few dollars, says Digital Shadows.π Read
via "Tech Republic".
TechRepublic
DDoS attacks: How to combat the latest tactics
With DDoS-as-a-Service, criminals with a little know-how can launch denial of service attacks for just a few dollars, says Digital Shadows.
β Ghimob Android Banking Trojan Targets 153 Mobile Apps β
π Read
via "Threat Post".
A banking trojan is targeting mobile app users in Brazil - and researchers warn that its operator has big plans to expand abroad.π Read
via "Threat Post".
Threat Post
Ghimob Android Banking Trojan Targets 153 Mobile Apps
A banking trojan is targeting mobile app users in Brazil - and researchers warn that its operator has big plans to expand abroad.
βΌ CVE-2020-7766 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5388 βΌ
π Read
via "National Vulnerability Database".
Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4760 βΌ
π Read
via "National Vulnerability Database".
IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188737.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12485 βΌ
π Read
via "National Vulnerability Database".
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28267 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4704 βΌ
π Read
via "National Vulnerability Database".
IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187189.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4568 βΌ
π Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184157.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13927 βΌ
π Read
via "National Vulnerability Database".
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-defaultπ Read
via "National Vulnerability Database".
β Apple to Deliver βPrivacy Labelsβ for Apps, Revealing Data-Sharing Details β
π Read
via "Threat Post".
Developers will have to reveal how data is shared with any βthird-party partners,β which include analytics tools, advertising networks, third-party SDKs or other external vendors.π Read
via "Threat Post".
Threat Post
Apple to Deliver βPrivacy Labelsβ for Apps, Revealing Data-Sharing Details
Developers will have to reveal how data is shared with any βthird-party partners,β which include analytics tools, advertising networks, third-party SDKs or other external vendors.
π΄ The Double-Edged Sword of Cybersecurity Insurance π΄
π Read
via "Dark Reading".
With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data.π Read
via "Dark Reading".
Dark Reading
The Edge
With ransomware on the rise, more organizations are opting to purchase cyber insurance -- tipping off criminals about how much to demand for access back to pilfered systems and data.
π¦Ώ Phishing, deepfakes, and ramsomware: How coronavirus-related cyberthreats will persist in 2021 π¦Ώ
π Read
via "Tech Republic".
The pandemic and 5G speed create wider attack capabilities. Phishing emails and other threats will continue to exploit COVID-19 and its side effects, says Check Point Research.π Read
via "Tech Republic".
TechRepublic
Phishing, deepfakes, and ransomware: How coronavirus-related cyberthreats will persist in 2021
The pandemic and 5G speed create wider attack capabilities. Phishing emails and other threats will continue to exploit COVID-19 and its side effects, says Check Point Research.