❌ Nvidia Warns Windows Gamers of GeForce NOW Flaw ❌
📖 Read
via "Threat Post".
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW.📖 Read
via "Threat Post".
Threat Post
Nvidia Warns Windows Gamers of GeForce NOW Flaw
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW.
‼ CVE-2020-8353 ‼
📖 Read
via "National Vulnerability Database".
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8354 ‼
📖 Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8352 ‼
📖 Read
via "National Vulnerability Database".
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5426 ‼
📖 Read
via "National Vulnerability Database".
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.📖 Read
via "National Vulnerability Database".
🕴 9 New Tactics to Spread Security Awareness 🕴
📖 Read
via "Dark Reading".
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.📖 Read
via "Dark Reading".
Dark Reading
9 New Tactics to Spread Security Awareness
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.
🕴 Barracuda to Acquire Fyde for Zero-Trust Capabilities 🕴
📖 Read
via "Dark Reading".
Plans call for expanding the Barracuda CloudGen SASE platform.📖 Read
via "Dark Reading".
Dark Reading
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Plans call for expanding the Barracuda CloudGen SASE platform.
🔏 Best Practices for Organizations to Mitigate Risks in Collaboration Software 🔏
📖 Read
via "Digital Guardian".
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.📖 Read
via "Digital Guardian".
Digital Guardian
Best Practices for Organizations to Mitigate Risks in Collaboration Software
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.
❌ Silver Peak SD-WAN Bugs Allow for Network Takeover ❌
📖 Read
via "Threat Post".
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.📖 Read
via "Threat Post".
Threat Post
Silver Peak SD-WAN Bugs Allow for Network Takeover
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.
🕴 3 Tips For Successfully Running Tech Outside the IT Department 🕴
📖 Read
via "Dark Reading".
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.📖 Read
via "Dark Reading".
Dark Reading
3 Tips For Successfully Running Tech Outside the IT Department
When marketing opts for extra-departmental IT, coordination and communication are required to keep things secured.
🕴 Security Hiring Plans Remain Constant Despite Pandemic 🕴
📖 Read
via "Dark Reading".
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.📖 Read
via "Dark Reading".
Dark Reading
Security Hiring Plans Remain Constant Despite Pandemic
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.
‼ CVE-2020-26218 ‼
📖 Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26219 ‼
📖 Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0.📖 Read
via "National Vulnerability Database".
🕴 Want to Avoid an Extreme Cyberloss? Focus on the Basics 🕴
📖 Read
via "Dark Reading".
New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.📖 Read
via "Dark Reading".
Dark Reading
Want to Avoid an Extreme Cyberloss? Focus on the Basics
New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.
🕴 NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains 🕴
📖 Read
via "Dark Reading".
The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting, loan- and unemployment fraud.📖 Read
via "Dark Reading".
Dark Reading
NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains
The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting
‼ CVE-2020-26221 ‼
📖 Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. The issue is patched in version 2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1999 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26220 ‼
📖 Read
via "National Vulnerability Database".
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5992 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2022 ‼
📖 Read
via "National Vulnerability Database".
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2048 ‼
📖 Read
via "National Vulnerability Database".
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.📖 Read
via "National Vulnerability Database".