βΌ CVE-2020-26552 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28914 βΌ
π Read
via "National Vulnerability Database".
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26548 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26216 βΌ
π Read
via "National Vulnerability Database".
TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28130 βΌ
π Read
via "National Vulnerability Database".
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).π Read
via "National Vulnerability Database".
π΄ Nearly Two Dozen AWS APIs Are Vulnerable to Abuse π΄
π Read
via "Dark Reading".
Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.π Read
via "Dark Reading".
Dark Reading
Nearly Two Dozen AWS APIs Are Vulnerable to Abuse
Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.
βΌ CVE-2020-28183 βΌ
π Read
via "National Vulnerability Database".
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28917 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28915 βΌ
π Read
via "National Vulnerability Database".
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.π Read
via "National Vulnerability Database".
β Firing of CISA Chief Christopher Krebs Widely Condemned β
π Read
via "Threat Post".
President Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.π Read
via "Threat Post".
Threat Post
Firing of CISA Chief Christopher Krebs Widely Condemned
President Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.
π¦Ώ Microsoft's new security chip takes PC protection to a higher level π¦Ώ
π Read
via "Tech Republic".
Intel, AMD and Qualcomm will use the Microsoft-designed Pluton security processor from Xbox One and Azure Sphere in future SoCs to deliver better protection than a TPM.π Read
via "Tech Republic".
π¦Ώ Zoom: These new features will prevent trolls and meeting-crashers π¦Ώ
π Read
via "Tech Republic".
Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links.π Read
via "Tech Republic".
TechRepublic
Zoom: These new features will prevent trolls and meeting-crashers
Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links.
π¦Ώ "123456" tops list of most common passwords for 2020 π¦Ώ
π Read
via "Tech Republic".
People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.π Read
via "Tech Republic".
TechRepublic
"123456" tops list of most common passwords for 2020
People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.
π¦Ώ How to improve the security of your public cloud π¦Ώ
π Read
via "Tech Republic".
Almost all the professionals who responded to a survey from BitGlass were concerned about the security of their public cloud apps and data.π Read
via "Tech Republic".
TechRepublic
How to improve the security of your public cloud
Almost all the professionals who responded to a survey from BitGlass were concerned about the security of their public cloud apps and data.
π΄ Researchers Say They've Developed Fastest Open Source IDS/IPS π΄
π Read
via "Dark Reading".
With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab.π Read
via "Dark Reading".
Dark Reading
Researchers Say They've Developed Fastest Open Source IDS/IPS
With a five-processor core, Pigasus delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab.
β Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world β
π Read
via "Naked Security".
Here's the latest Sophos Threat Report - learn what cybercriminals are up to on Windows, Linux, Android and moreπ Read
via "Naked Security".
Naked Security
Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world
Hereβs the latest Sophos Threat Report β learn what cybercriminals are up to on Windows, Linux, Android and more
π΄ How to Identify Cobalt Strike on Your Network π΄
π Read
via "Dark Reading".
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.π Read
via "Dark Reading".
Dark Reading
How to Identify Cobalt Strike on Your Network
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
π¦Ώ Security experts level criticism at Apple after Big Sur launch issues π¦Ώ
π Read
via "Tech Republic".
Users took to social media to complain about slow systems with one report pointing to an OCSP responder as the culprit.π Read
via "Tech Republic".
TechRepublic
Security experts level criticism at Apple after Big Sur launch issues
Users took to social media to complain about slow systems with one report pointing to an OCSP responder as the culprit.
π¦Ώ 66% of companies say it would take 5 or more days to fully recover from a ransomware attack ransom not paid π¦Ώ
π Read
via "Tech Republic".
Veritas research finds data protection strategies are not keeping pace with the complexity of the attacks enterprises are facing.π Read
via "Tech Republic".
TechRepublic
66% of companies say it would take 5 or more days to fully recover from a ransomware attack ransom not paid
Veritas research finds data protection strategies are not keeping pace with the complexity of the attacks enterprises are facing.
π¦Ώ How remote working poses security risks for your organization π¦Ώ
π Read
via "Tech Republic".
Companies are at greater risk due to phishing attacks, password sharing, and unsecured personal devices, says SailPoint.π Read
via "Tech Republic".
TechRepublic
How remote working poses security risks for your organization
Companies are at greater risk due to phishing attacks, password sharing, and unsecured personal devices, says SailPoint.
βΌ CVE-2020-24723 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.π Read
via "National Vulnerability Database".