βΌ CVE-2020-8278 βΌ
π Read
via "National Vulnerability Database".
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20933 βΌ
π Read
via "National Vulnerability Database".
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).π Read
via "National Vulnerability Database".
βΌ CVE-2020-8277 βΌ
π Read
via "National Vulnerability Database".
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.π Read
via "National Vulnerability Database".
π¦Ώ Microsoft gives Linux a security boost with these new attack detection tools π¦Ώ
π Read
via "Tech Republic".
Linux endpoint detection and response will help Microsoft Defender customers secure Linux servers and networks against security nasties.π Read
via "Tech Republic".
β Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks β
π Read
via "Threat Post".
While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks - from phishing to ransomware.π Read
via "Threat Post".
Threat Post
Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks
While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks - from phishing to ransomware.
π΄ Unpatched Browsers Abound, Study Shows π΄
π Read
via "Dark Reading".
Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says.π Read
via "Dark Reading".
Dark Reading
Unpatched Browsers Abound, Study Shows
Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says.
β APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies β
π Read
via "Threat Post".
Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victimsβ networks.π Read
via "Threat Post".
Threat Post
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victimsβ networks.
π΄ 2021 Cybersecurity Spending: How to Maximize Value π΄
π Read
via "Dark Reading".
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.π Read
via "Dark Reading".
Dark Reading
2021 Cybersecurity Spending: How to Maximize Value
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
π¦Ώ Consumers share their top frustrations about online retail purchasing π¦Ώ
π Read
via "Tech Republic".
People say they've abandoned purchases at online retail stores because of the hassle of dealing with passwords, according to the FIDO Alliance.π Read
via "Tech Republic".
TechRepublic
Consumers share their top frustrations about online retail purchasing
People say they've abandoned purchases at online retail stores because of the hassle of dealing with passwords, according to the FIDO Alliance.
π TestSSL 3.0.3 π
π Read
via "Packet Storm Security".
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.π Read
via "Packet Storm Security".
Packetstormsecurity
TestSSL 3.0.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TCMalloc Inspector Tool π
π Read
via "Packet Storm Security".
TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.π Read
via "Packet Storm Security".
Packetstormsecurity
TCMalloc Inspector Tool β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ New Proposed DNS Security Features Released π΄
π Read
via "Dark Reading".
Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.π Read
via "Dark Reading".
Dark Reading
New Proposed DNS Security Features Released
Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.
β IoT Cybersecurity Improvement Act Passed, Heads to Presidentβs Desk β
π Read
via "Threat Post".
Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.π Read
via "Threat Post".
Threat Post
IoT Cybersecurity Improvement Act Passed, Heads to Presidentβs Desk
Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.
β Food-Supply Giant Americold Admits Cyberattack β
π Read
via "Threat Post".
A reported ransomware attack took down operations at the company, which in talks for COVID-19 vaccine-distribution contracts.π Read
via "Threat Post".
Threat Post
Food-Supply Giant Americold Admits Cyberattack
A reported ransomware attack took down operations at the company, which in talks for COVID-19 vaccine-distribution contracts.
βΌ CVE-2020-11830 βΌ
π Read
via "National Vulnerability Database".
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11831 βΌ
π Read
via "National Vulnerability Database".
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28054 βΌ
π Read
via "National Vulnerability Database".
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4718 βΌ
π Read
via "National Vulnerability Database".
IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11829 βΌ
π Read
via "National Vulnerability Database".
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4701 βΌ
π Read
via "National Vulnerability Database".
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9049 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CΓ’β¬Β’CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.π Read
via "National Vulnerability Database".