‼ CVE-2020-5426 ‼
📖 Read
via "National Vulnerability Database".
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.📖 Read
via "National Vulnerability Database".
🕴 9 New Tactics to Spread Security Awareness 🕴
📖 Read
via "Dark Reading".
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.📖 Read
via "Dark Reading".
Dark Reading
9 New Tactics to Spread Security Awareness
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.
🕴 Barracuda to Acquire Fyde for Zero-Trust Capabilities 🕴
📖 Read
via "Dark Reading".
Plans call for expanding the Barracuda CloudGen SASE platform.📖 Read
via "Dark Reading".
Dark Reading
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Plans call for expanding the Barracuda CloudGen SASE platform.
🔏 Best Practices for Organizations to Mitigate Risks in Collaboration Software 🔏
📖 Read
via "Digital Guardian".
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.📖 Read
via "Digital Guardian".
Digital Guardian
Best Practices for Organizations to Mitigate Risks in Collaboration Software
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.
❌ Silver Peak SD-WAN Bugs Allow for Network Takeover ❌
📖 Read
via "Threat Post".
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.📖 Read
via "Threat Post".
Threat Post
Silver Peak SD-WAN Bugs Allow for Network Takeover
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.
🕴 3 Tips For Successfully Running Tech Outside the IT Department 🕴
📖 Read
via "Dark Reading".
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.📖 Read
via "Dark Reading".
Dark Reading
3 Tips For Successfully Running Tech Outside the IT Department
When marketing opts for extra-departmental IT, coordination and communication are required to keep things secured.
🕴 Security Hiring Plans Remain Constant Despite Pandemic 🕴
📖 Read
via "Dark Reading".
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.📖 Read
via "Dark Reading".
Dark Reading
Security Hiring Plans Remain Constant Despite Pandemic
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.
‼ CVE-2020-26218 ‼
📖 Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26219 ‼
📖 Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0.📖 Read
via "National Vulnerability Database".
🕴 Want to Avoid an Extreme Cyberloss? Focus on the Basics 🕴
📖 Read
via "Dark Reading".
New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.📖 Read
via "Dark Reading".
Dark Reading
Want to Avoid an Extreme Cyberloss? Focus on the Basics
New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.
🕴 NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains 🕴
📖 Read
via "Dark Reading".
The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting, loan- and unemployment fraud.📖 Read
via "Dark Reading".
Dark Reading
NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains
The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting
‼ CVE-2020-26221 ‼
📖 Read
via "National Vulnerability Database".
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. The issue is patched in version 2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1999 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26220 ‼
📖 Read
via "National Vulnerability Database".
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-5992 ‼
📖 Read
via "National Vulnerability Database".
NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2022 ‼
📖 Read
via "National Vulnerability Database".
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2048 ‼
📖 Read
via "National Vulnerability Database".
An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2000 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-2050 ‼
📖 Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7770 ‼
📖 Read
via "National Vulnerability Database".
This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.📖 Read
via "National Vulnerability Database".
🕴 Like the Energizer Bunny, Trickbot Goes On and On 🕴
📖 Read
via "Dark Reading".
Recent efforts to take down the virulent botnet have been largely -- but not entirely -- successful.📖 Read
via "Dark Reading".
Dark Reading
Like the Energizer Bunny, Trickbot Goes On and On
Recent efforts to take down the virulent botnet have been largely -- but not entirely -- successful.