‼ CVE-2020-24525 ‼
📖 Read
via "National Vulnerability Database".
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26804 ‼
📖 Read
via "National Vulnerability Database".
In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Also, in this page, users can upload attachments with the shared announcements. This "Upload Attachment" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26803 ‼
📖 Read
via "National Vulnerability Database".
In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12334 ‼
📖 Read
via "National Vulnerability Database".
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12326 ‼
📖 Read
via "National Vulnerability Database".
Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12349 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12345 ‼
📖 Read
via "National Vulnerability Database".
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12353 ‼
📖 Read
via "National Vulnerability Database".
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12333 ‼
📖 Read
via "National Vulnerability Database".
Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15783 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-0573 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28414 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8669 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28415 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27386 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24456 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
❌ Animal Jam Hacked, 46M Records Roam the Dark Web ❌
📖 Read
via "Threat Post".
Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum.📖 Read
via "Threat Post".
Threat Post
Animal Jam Hacked, 46M Records Roam the Dark Web
Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum.
🦿 Hackers for hire target victims with cyber espionage campaign 🦿
📖 Read
via "Tech Republic".
The victims reside in the US and several other countries, while many of the targeted organizations are financial institutions, says BlackBerry.📖 Read
via "Tech Republic".
TechRepublic
Hackers for hire target victims with cyber espionage campaign
The victims reside in the US and several other countries, while many of the targeted organizations are financial institutions, says BlackBerry.
❌ Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software ❌
📖 Read
via "Threat Post".
The modular malware is highly sophisticated but may not be able to capture credit-card info.📖 Read
via "Threat Post".
Threat Post
Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software
The modular malware is highly sophisticated but may not be able to capture credit-card info.
🕴 Credential Stuffing Fills E-commerce Pipeline in 2020 🕴
📖 Read
via "Dark Reading".
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.📖 Read
via "Dark Reading".
Dark Reading
Credential Stuffing Fills E-commerce Pipeline in 2020
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.
🕴 Manufacturing Sees Rising Ransomware Threat 🕴
📖 Read
via "Dark Reading".
Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.📖 Read
via "Dark Reading".
Dark Reading
Manufacturing Sees Rising Ransomware Threat
Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.