β GO SMS Pro Android App Exposes Private Photos, Videos and Messages β
π Read
via "Threat Post".
The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content.π Read
via "Threat Post".
Threat Post
GO SMS Pro Android App Exposes Private Photos, Videos and Messages
The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content.
π FIN7 Hacker Pleads Guilty π
π Read
via "Digital Guardian".
Another hacker associated with FIN7 β a group responsible for hacking more than 100 US companies and stealing 15 million credit card details β plead guilty this week.π Read
via "Digital Guardian".
Digital Guardian
FIN7 Hacker Pleads Guilty
Another hacker associated with FIN7 β a group responsible for hacking more than 100 US companies and stealing 15 million credit card details β plead guilty this week.
π΄ Go SMS Pro Messaging App Exposed Users' Private Media Files π΄
π Read
via "Dark Reading".
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.π Read
via "Dark Reading".
Dark Reading
Go SMS Pro Messaging App Exposed Users' Private Media Files
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
π¦Ώ Brave Rewards: How to disable the feature π¦Ώ
π Read
via "Tech Republic".
Brave is a browser that should be on your radar. However, it does include the Brave Rewards feature that some users might want to disable. Learn how to turn off this option.π Read
via "Tech Republic".
TechRepublic
How to disable the Brave Rewards feature
Brave is a browser that should be on your radar. However, it does include the Brave Rewards feature that some users might want to disable. Learn how to turn off this option.
βΌ CVE-2020-28949 βΌ
π Read
via "National Vulnerability Database".
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28948 βΌ
π Read
via "National Vulnerability Database".
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28941 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28924 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28951 βΌ
π Read
via "National Vulnerability Database".
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.π Read
via "National Vulnerability Database".
β German COVID-19 Contact-Tracing Vulnerability Allowed RCE β
π Read
via "Threat Post".
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.π Read
via "Threat Post".
Threat Post
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
Bug hunters at GitHub Security Lab help shore up German contact tracing app security, crediting open-source collaboration.
β Robot Vacuums Suck Up Sensitive Audio in βLidarPhoneβ Hack β
π Read
via "Threat Post".
Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.π Read
via "Threat Post".
Threat Post
Robot Vacuums Suck Up Sensitive Audio in βLidarPhoneβ Hack
Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.
π¦Ώ How phishing attacks are exploiting Google's own tools and services π¦Ώ
π Read
via "Tech Republic".
Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.π Read
via "Tech Republic".
TechRepublic
How phishing attacks are exploiting Google's own tools and services
Cybercriminals are taking advantage of Google's open and accessible online tools to skirt past the usual security filters, says Armorblox.
π΄ Cybercriminals Get Creative With Google Services π΄
π Read
via "Dark Reading".
Attacks take advantage of popular services, including Google Forms and Google Docs.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Get Creative With Google Services
Attacks take advantage of popular services, including Google Forms and Google Docs.
βΌ CVE-2020-7566 βΌ
π Read
via "National Vulnerability Database".
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7551 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7554 βΌ
π Read
via "National Vulnerability Database".
A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7571 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7567 βΌ
π Read
via "National Vulnerability Database".
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28210 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7557 βΌ
π Read
via "National Vulnerability Database".
A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7570 βΌ
π Read
via "National Vulnerability Database".
A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.π Read
via "National Vulnerability Database".