‼ CVE-2020-0573 ‼
📖 Read
via "National Vulnerability Database".
Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28414 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-8669 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28415 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27386 ‼
📖 Read
via "National Vulnerability Database".
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24456 ‼
📖 Read
via "National Vulnerability Database".
Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
❌ Animal Jam Hacked, 46M Records Roam the Dark Web ❌
📖 Read
via "Threat Post".
Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum.📖 Read
via "Threat Post".
Threat Post
Animal Jam Hacked, 46M Records Roam the Dark Web
Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum.
🦿 Hackers for hire target victims with cyber espionage campaign 🦿
📖 Read
via "Tech Republic".
The victims reside in the US and several other countries, while many of the targeted organizations are financial institutions, says BlackBerry.📖 Read
via "Tech Republic".
TechRepublic
Hackers for hire target victims with cyber espionage campaign
The victims reside in the US and several other countries, while many of the targeted organizations are financial institutions, says BlackBerry.
❌ Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software ❌
📖 Read
via "Threat Post".
The modular malware is highly sophisticated but may not be able to capture credit-card info.📖 Read
via "Threat Post".
Threat Post
Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software
The modular malware is highly sophisticated but may not be able to capture credit-card info.
🕴 Credential Stuffing Fills E-commerce Pipeline in 2020 🕴
📖 Read
via "Dark Reading".
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.📖 Read
via "Dark Reading".
Dark Reading
Credential Stuffing Fills E-commerce Pipeline in 2020
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.
🕴 Manufacturing Sees Rising Ransomware Threat 🕴
📖 Read
via "Dark Reading".
Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.📖 Read
via "Dark Reading".
Dark Reading
Manufacturing Sees Rising Ransomware Threat
Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.
🕴 'Pay2Key' Could Become Next Big Ransomware Threat 🕴
📖 Read
via "Dark Reading".
Researchers from Check Point say an Iranian-based threat actor has successfully attacked multiple Israeli companies could soon go global.📖 Read
via "Dark Reading".
Dark Reading
'Pay2Key' Could Become Next Big Ransomware Threat
Researchers from Check Point say an Iranian-based threat actor has successfully attacked multiple Israeli companies could soon go global.
‼ CVE-2020-13877 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27193 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24719 ‼
📖 Read
via "National Vulnerability Database".
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-17494 ‼
📖 Read
via "National Vulnerability Database".
Untangle Firewall NG before 16.0 uses MD5 for passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7033 ‼
📖 Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7032 ‼
📖 Read
via "National Vulnerability Database".
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.📖 Read
via "National Vulnerability Database".
🦿 How to temporarily mitigate SAD DNS for Linux servers and desktops 🦿
📖 Read
via "Tech Republic".
Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops.📖 Read
via "Tech Republic".
TechRepublic
SAD DNS cache poisoning: A temporary fix for Linux servers and desktops
Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops.
🛠 TOR Virtual Network Tunneling Tool 0.4.4.6 🛠
📖 Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).📖 Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.4.6 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ Ticketmaster Scores Hefty Fine Over 2018 Data Breach ❌
📖 Read
via "Threat Post".
The events giant faces a GDPR-related penalty in the U.K., and more could follow.📖 Read
via "Threat Post".
Threat Post
Ticketmaster Scores Hefty Fine Over 2018 Data Breach
The events giant faces a GDPR-related penalty in the U.K., and more could follow.