🕴 A Call for Change in Physical Security 🕴
📖 Read
via "Dark Reading".
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?📖 Read
via "Dark Reading".
Dark Reading
A Call for Change in Physical Security
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
⚠ How to do cybersecurity – join us online for the Sophos Evolve event! ⚠
📖 Read
via "Naked Security".
Join us this week or next week for a free online event to learn how cybersecurity is evolving, and why.📖 Read
via "Naked Security".
Naked Security
How to do cybersecurity – join us online for the Sophos Evolve event
Join us this week or next week for a free online event to learn how cybersecurity is evolving, and why.
❌ Exposed Database Reveals 100K+ Compromised Facebook Accounts ❌
📖 Read
via "Threat Post".
Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others.📖 Read
via "Threat Post".
Threat Post
Exposed Database Reveals 100K+ Compromised Facebook Accounts
Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others.
🛠 nfstream 6.2.3 🛠
📖 Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.📖 Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.2.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Machosec 1.0 🛠
📖 Read
via "Packet Storm Security".
Machosec is a script that checks the security of Mach-O 64-bit executables and application bundles for dyld injection vulnerabilities, LC_RPATH vulnerabilities leading to dyld injection, symlinks pointing to attacker controlled locations, writable by others vulnerabilities, missing stack canaries, disabled PIE (ASLR), and disabled FORTIFY_SOURCE (keeping insecure functions such as strcpy, memcpy etc.).📖 Read
via "Packet Storm Security".
Packetstormsecurity
Machosec 1.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2020-27422 ‼
📖 Read
via "National Vulnerability Database".
In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25209 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27627 ‼
📖 Read
via "National Vulnerability Database".
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13772 ‼
📖 Read
via "National Vulnerability Database".
In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25207 ‼
📖 Read
via "National Vulnerability Database".
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13769 ‼
📖 Read
via "National Vulnerability Database".
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27626 ‼
📖 Read
via "National Vulnerability Database".
JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27423 ‼
📖 Read
via "National Vulnerability Database".
Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27622 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26129 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25013 ‼
📖 Read
via "National Vulnerability Database".
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27625 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27459 ‼
📖 Read
via "National Vulnerability Database".
Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13773 ‼
📖 Read
via "National Vulnerability Database".
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24366 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.📖 Read
via "National Vulnerability Database".