‼ CVE-2020-3367 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.📖 Read
via "National Vulnerability Database".
🦿 Webex security flaw allows people to secretly sneak into meetings as "ghosts" 🦿
📖 Read
via "Tech Republic".
Now patched by Cisco, three flaws in Webex would have given intruders full access to a meeting without being seen, says IBM.📖 Read
via "Tech Republic".
TechRepublic
Webex security flaw allows people to secretly sneak into meetings as "ghosts"
Now patched by Cisco, three flaws in Webex would have given intruders full access to a meeting without being seen, says IBM.
❌ LAPD Bans Facial Recognition, Citing Privacy Concerns ❌
📖 Read
via "Threat Post".
The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.📖 Read
via "Threat Post".
Threat Post
LAPD Bans Facial Recognition, Citing Privacy Concerns
The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.
🔏 Congress Passes IoT Bill, Last Hurdle to Becoming Law 🔏
📖 Read
via "Digital Guardian".
The bill, which would establish cybersecurity guidelines for IoT devices purchased by the U.S. government, is on track to become law.📖 Read
via "Digital Guardian".
Digital Guardian
Congress Passes IoT Bill, Last Hurdle to Becoming Law
The bill, which would establish cybersecurity guidelines for IoT devices purchased by the U.S. government, is on track to become law.
🦿 GoPhish: How to run a phishing attack simulation 🦿
📖 Read
via "Tech Republic".
Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.📖 Read
via "Tech Republic".
TechRepublic
How to run a phishing attack simulation with GoPhish
Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.
‼ CVE-2020-28580 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28579 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28574 ‼
📖 Read
via "National Vulnerability Database".
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3586 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27695 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27696 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3441 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3482 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3419 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3531 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3470 ‼
📖 Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28578 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28572 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28581 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27697 ‼
📖 Read
via "National Vulnerability Database".
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-3471 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.📖 Read
via "National Vulnerability Database".