π΄ How Retailers Can Fight Fraud and Abuse This Holiday Season π΄
π Read
via "Dark Reading".
Online shopping will be more popular than ever with consumers... and with malicious actors too.π Read
via "Dark Reading".
Dark Reading
How Retailers Can Fight Fraud and Abuse This Holiday Season
Online shopping will be more popular than ever with consumers... and with malicious actors too.
β Facebook patches Messenger audio snooping bug β update now! β
π Read
via "Naked Security".
Do you ever make, ahem, "pointed remarks" just before answering calls from people you would rather avoid?π Read
via "Naked Security".
Naked Security
Facebook patches Messenger audio snooping bug β update now!
Do you ever make, ahem, βpointed remarksβ just before answering calls from people you would rather avoid?
β Naked Security Live β Beat the Threat! β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - how to beat the crooks! Watch now...π Read
via "Naked Security".
Naked Security
Naked Security Live β Beat the Threat!
Hereβs the latest Naked Security Live video β how to beat the crooks! Watch nowβ¦
π΄ 3 Steps CISOs Can Take to Convey Strategy for Budget Presentations π΄
π Read
via "Dark Reading".
Answering these questions will help CISOs define a plan and take the organization in a positive direction.π Read
via "Dark Reading".
Dark Reading
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
βΌ CVE-2020-28053 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27985 βΌ
π Read
via "National Vulnerability Database".
Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows local users to obtain root access by editing and executing /home/<user>/SecurityOnion/setup/so-setup.π Read
via "National Vulnerability Database".
π TestSSL 3.0.4 π
π Read
via "Packet Storm Security".
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.π Read
via "Packet Storm Security".
Packetstormsecurity
TestSSL 3.0.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π AIEngine 2.0.1 π
π Read
via "Packet Storm Security".
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.π Read
via "Packet Storm Security".
Packetstormsecurity
AIEngine 2.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Manchester United: IT Systems Disrupted in Cyberattack β
π Read
via "Threat Post".
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.π Read
via "Threat Post".
Threat Post
Manchester United: IT Systems Disrupted in Cyberattack
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.
βΌ CVE-2020-7777 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28421 βΌ
π Read
via "National Vulnerability Database".
CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2018-20804 βΌ
π Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.π Read
via "National Vulnerability Database".
βΌ CVE-2018-20802 βΌ
π Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7926 βΌ
π Read
via "National Vulnerability Database".
A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.π Read
via "National Vulnerability Database".
βΌ CVE-2019-2393 βΌ
π Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20923 βΌ
π Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7925 βΌ
π Read
via "National Vulnerability Database".
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.π Read
via "National Vulnerability Database".
βΌ CVE-2020-1778 βΌ
π Read
via "National Vulnerability Database".
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20924 βΌ
π Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2019-14553 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.π Read
via "National Vulnerability Database".
βΌ CVE-2019-2392 βΌ
π Read
via "National Vulnerability Database".
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.π Read
via "National Vulnerability Database".