βΌ CVE-2020-29056 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29061 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26241 βΌ
π Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29071 βΌ
π Read
via "National Vulnerability Database".
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29072 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26242 βΌ
π Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26240 βΌ
π Read
via "National Vulnerability Database".
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24π Read
via "National Vulnerability Database".
β S3 Ep8: A conversation with Katie Moussouris β
π Read
via "Naked Security".
Here's the latest Naked Security Podcast - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep8: A conversation with Katie Moussouris [Podcast]
Hereβs the latest Naked Security Podcast β listen now!
β Light-Based Attacks Expand in the Digital Home β
π Read
via "Threat Post".
The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.π Read
via "Threat Post".
Threat Post
Laser-Based Hacking from Afar Goes Beyond Amazon Alexa
The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.
π΄ Why Security Awareness Training Should Be Backed by Security by Design π΄
π Read
via "Dark Reading".
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.π Read
via "Dark Reading".
Dark Reading
Why Security Awareness Training Should Be Backed by Security by Design
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
π΄ Prevention Is Better Than the Cure When Securing Cloud-Native Deployments π΄
π Read
via "Dark Reading".
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.π Read
via "Dark Reading".
Dark Reading
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
The OODA loop shows us how to secure cloud-native deployments and prevent breaches before they occur.
β How to Update Your Remote Access Policy β And Why You Should Now β
π Read
via "Threat Post".
Reducing the risks of remote work starts with updating the access policies of yesterday.π Read
via "Threat Post".
Threat Post
How to Update Your Remote Access Policy β And Why You Should Now
Amit Bareket of Perimeter 81 believes that reducing the risks of remote work starts with updating the access policies of yesterday.
π¦Ώ Banks looking to confidential computing for solutions to money laundering, theft, and fraud π¦Ώ
π Read
via "Tech Republic".
Tech companies are offering this emerging technology to help financial institutions secure data while it is being processed.π Read
via "Tech Republic".
TechRepublic
Banks looking to confidential computing for solutions to money laundering, theft, and fraud
Tech companies are offering this emerging technology to help financial institutions secure data while it is being processed.
π What is a Security Operations Center (SOC)? π
π Read
via "Digital Guardian".
Learn about how security operations centers work and why many organizations rely on SOCs as a valuable resource for security incident detection.π Read
via "Digital Guardian".
Digitalguardian
What is a Security Operations Center (SOC)?
Learn about how security operations centers work and why many organizations rely on SOCs as a valuable resource for security incident detection.
β Major BEC Phishing Ring Cracked Open with 3 Arrests β
π Read
via "Threat Post".
Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.π Read
via "Threat Post".
Threat Post
Major BEC Phishing Ring Cracked Open with 3 Arrests
Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.
β Critical MobileIron RCE Flaw Under Active Attack β
π Read
via "Threat Post".
Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others.π Read
via "Threat Post".
Threat Post
Critical MobileIron RCE Flaw Under Active Attack
Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others.
π¦Ώ Top 5 business sectors targeted by ransomware π¦Ώ
π Read
via "Tech Republic".
Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.π Read
via "Tech Republic".
TechRepublic
Top 5 business sectors targeted by ransomware
Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.
π¦Ώ 5 business sectors ransomware targets π¦Ώ
π Read
via "Tech Republic".
Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.π Read
via "Tech Republic".
TechRepublic
Top 5 business sectors targeted by ransomware
Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.
βΌ CVE-2020-25650 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.π Read
via "National Vulnerability Database".
π΄ Look Beyond the 'Big 5' in Cyberattacks π΄
π Read
via "Dark Reading".
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.π Read
via "Dark Reading".
Dark Reading
Look Beyond the 'Big 5' in Cyberattacks
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
π΄ Do You Know Who's Lurking in Your Cloud Environment? π΄
π Read
via "Dark Reading".
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.π Read
via "Dark Reading".
Dark Reading
Do You Know Who's Lurking in Your Cloud Environment?
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.