π¦Ώ Baidu Android apps caught leaking sensitive data from devices π¦Ώ
π Read
via "Tech Republic".
Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.π Read
via "Tech Republic".
TechRepublic
Baidu Android apps caught leaking sensitive data from devices
Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.
β Naked Security Live β Beat the Threat! β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - how to beat the crooks! Watch now...π Read
via "Naked Security".
Naked Security
Naked Security Live β Beat the Threat!
Hereβs the latest Naked Security Live video β how to beat the crooks! Watch nowβ¦
βΌ CVE-2020-4002 βΌ
π Read
via "National Vulnerability Database".
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4003 βΌ
π Read
via "National Vulnerability Database".
VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29006 βΌ
π Read
via "National Vulnerability Database".
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25472 βΌ
π Read
via "National Vulnerability Database".
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3985 βΌ
π Read
via "National Vulnerability Database".
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25473 βΌ
π Read
via "National Vulnerability Database".
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25474 βΌ
π Read
via "National Vulnerability Database".
SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4000 βΌ
π Read
via "National Vulnerability Database".
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25475 βΌ
π Read
via "National Vulnerability Database".
SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.π Read
via "National Vulnerability Database".
βΌ CVE-2020-3984 βΌ
π Read
via "National Vulnerability Database".
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4001 βΌ
π Read
via "National Vulnerability Database".
The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.π Read
via "National Vulnerability Database".
β Baidu Apps in Google Play Leak Sensitive Data β
π Read
via "Threat Post".
Cyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls.π Read
via "Threat Post".
Threat Post
Baidu Apps in Google Play Leak Sensitive Data
Cyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls.
β Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues β
π Read
via "Threat Post".
Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.π Read
via "Threat Post".
Threat Post
Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues
Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.
β Gift card hack exposed β you pay, they play β
π Read
via "Naked Security".
These crooks hacked into a network hoping to get everyone in the company to buy them gift cards.π Read
via "Naked Security".
Naked Security
Gift card hack exposed β you pay, they play
These crooks hacked into a network hoping to get everyone in the company to buy them gift cards.
π FBI Warns of Spoofed FBI Websites π
π Read
via "Digital Guardian".
The FBI is urging the American public to ensure they're getting "reliable and verified FBI information."π Read
via "Digital Guardian".
Digital Guardian
FBI Warns of Spoofed FBI Websites
The FBI is urging the American public to ensure they're getting "reliable and verified FBI information."
π΄ US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas π΄
π Read
via "Dark Reading".
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.π Read
via "Dark Reading".
Dark Reading
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
π΄ What's in Store for Privacy in 2021 π΄
π Read
via "Dark Reading".
Changes are coming to the privacy landscape, including more regulations and technologies.π Read
via "Dark Reading".
Dark Reading
What's in Store for Privacy in 2021
Changes are coming to the privacy landscape, including more regulations and technologies.
βΌ CVE-2020-13620 βΌ
π Read
via "National Vulnerability Database".
Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28994 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.π Read
via "National Vulnerability Database".