βΌ CVE-2020-17064 βΌ
π Read
via "National Vulnerability Database".
, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17019, CVE-2020-17065, CVE-2020-17066.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17102 βΌ
π Read
via "National Vulnerability Database".
, aka 'WebP Image Extensions Information Disclosure Vulnerability'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17058 βΌ
π Read
via "National Vulnerability Database".
, aka 'Microsoft Browser Memory Corruption Vulnerability'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16994 βΌ
π Read
via "National Vulnerability Database".
, aka 'Azure Sphere Unsigned Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17000 βΌ
π Read
via "National Vulnerability Database".
, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17021 βΌ
π Read
via "National Vulnerability Database".
, aka 'Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17018.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17085 βΌ
π Read
via "National Vulnerability Database".
, aka 'Microsoft Exchange Server Denial of Service Vulnerability'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17046 βΌ
π Read
via "National Vulnerability Database".
, aka 'Windows Error Reporting Denial of Service Vulnerability'.π Read
via "National Vulnerability Database".
β COVID-19 Data-Sharing App Leaked Healthcare Worker Info β
π Read
via "Threat Post".
Philippines COVID-KAYA app allowed for unauthorized access typically protected by βsuperuserβ credentials and also may have exposed patient data.π Read
via "Threat Post".
Threat Post
COVID-19 Data-Sharing App Leaked Healthcare Worker Info
Philippines COVID-KAYA app allowed for unauthorized access typically protected by βsuperuserβ credentials and also may have exposed patient data.
β High-Severity Cisco DoS Flaw Can Immobilize ASR Routers β
π Read
via "Threat Post".
The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software.π Read
via "Threat Post".
Threat Post
High-Severity Cisco DoS Flaw Can Immobilize ASR Routers
The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software.
π΄ How to Avoid Getting Killed by Ransomware π΄
π Read
via "Dark Reading".
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.π Read
via "Dark Reading".
Dark Reading
How to Avoid Getting Killed by Ransomware
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
βΌ CVE-2020-4685 βΌ
π Read
via "National Vulnerability Database".
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.π Read
via "National Vulnerability Database".
π nfstream 6.2.2 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.2.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-15275 βΌ
π Read
via "National Vulnerability Database".
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27523 βΌ
π Read
via "National Vulnerability Database".
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27524 βΌ
π Read
via "National Vulnerability Database".
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.π Read
via "National Vulnerability Database".
π΄ Former Microsoft Software Engineer Sentenced to 9 Years in Prison π΄
π Read
via "Dark Reading".
The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.π Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β βInstant bank fraudβ hoax is back β donβt spread fake news! β
π Read
via "Naked Security".
You need to spread the word to your family and friends NOT to spread the word to their family and friendsπ Read
via "Naked Security".
Naked Security
βInstant bank fraudβ hoax is back β donβt spread fake news!
You need to spread the word to your family and friends NOT to spread the word to their family and friends
β Smishing attack tells you βmobile payment problemβ β donβt fall for it! β
π Read
via "Naked Security".
Don't be fooled by a website that looks OK - it's easy for crooks to make an exact copy. (This time, they got just one letter wrong.)π Read
via "Naked Security".
Naked Security
Smishing attack tells you βmobile payment problemβ β donβt fall for it!
Donβt be fooled by a website that looks OK β itβs easy for crooks to make an exact copy. (This time, they got just one letter wrong.)
β Minecraft Apps on Google Play Fleece Players Out of Big Money β
π Read
via "Threat Post".
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.π Read
via "Threat Post".
Threat Post
Minecraft Apps on Google Play Fleece Players Out of Big Money
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.
β Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic β
π Read
via "Threat Post".
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.π Read
via "Threat Post".
Threat Post
Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.