โผ CVE-2020-16849 โผ
๐ Read
via "National Vulnerability Database".
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-4129 โผ
๐ Read
via "National Vulnerability Database".
HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-9115 โผ
๐ Read
via "National Vulnerability Database".
ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-4126 โผ
๐ Read
via "National Vulnerability Database".
HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-14193 โผ
๐ Read
via "National Vulnerability Database".
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-9116 โผ
๐ Read
via "National Vulnerability Database".
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-9114 โผ
๐ Read
via "National Vulnerability Database".
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-9117 โผ
๐ Read
via "National Vulnerability Database".
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-15257 โผ
๐ Read
via "National Vulnerability Database".
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shimรขโฌโขs API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.๐ Read
via "National Vulnerability Database".
๐ด 2020 Cybersecurity Holiday Gift Guide for Kids ๐ด
๐ Read
via "Dark Reading".
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.๐ Read
via "Dark Reading".
Dark Reading
2020 Cybersecurity Holiday Gift Guide for Kids
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.
โ Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout โ
๐ Read
via "Threat Post".
New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.๐ Read
via "Threat Post".
Threat Post
Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout
New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.
๐ด Former NSS Labs CEO Launches New Security Testing Organization ๐ด
๐ Read
via "Dark Reading".
Member-based CyberRatings.org to offer free to tiered paid access to tested security product and services ratings.๐ Read
via "Dark Reading".
Dark Reading
Former NSS Labs CEO Launches New Security Testing Organization
Member-based CyberRatings.org to offer free to tiered paid access to tested security product and services ratings.
๐ด Can't Afford a Full-time CISO? Try the Virtual Version ๐ด
๐ Read
via "Dark Reading".
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.๐ Read
via "Dark Reading".
Dark Reading
Can't Afford a Full-time CISO? Try the Virtual Version
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
๐ฆฟ Delivery scams surge to ring in the holiday season ๐ฆฟ
๐ Read
via "Tech Republic".
November saw a spike in phishing emails spoofing shipping companies such as DHL, Amazon, and FedEx, says Check Point Research.๐ Read
via "Tech Republic".
TechRepublic
Delivery scams surge to ring in the holiday season
November saw a spike in phishing emails spoofing shipping companies such as DHL, Amazon, and FedEx, says Check Point Research.
โผ CVE-2020-4128 โผ
๐ Read
via "National Vulnerability Database".
HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.๐ Read
via "National Vulnerability Database".
๐ด Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World ๐ด
๐ Read
via "Dark Reading".
SPONSORED: As most of the world shifted to remote work in 2020, cybercriminals upped their game, devising ways to use the fears and anxieties of organizations and end users against them. Sophos Principal Research Scientist Chester Wisniewski discusses the fast-changing attacker behaviors outlined in the Sophos 2021 Threat Report, and how IT professionals need to update their approach to protect against more sophisticated threats.๐ Read
via "Dark Reading".
Dark Reading
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
๐ THC-IPv6 Attack Tool 3.8 ๐
๐ Read
via "Packet Storm Security".
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.๐ Read
via "Packet Storm Security".
Packetstormsecurity
THC-IPv6 Attack Tool 3.8 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐ SQLMAP - Automatic SQL Injection Tool 1.4.12 ๐
๐ Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.๐ Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.12 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐ Mandos Encrypted File System Unattended Reboot Utility 1.8.13 ๐
๐ Read
via "Packet Storm Security".
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.๐ Read
via "Packet Storm Security".
Packetstormsecurity
Mandos Encrypted File System Unattended Reboot Utility 1.8.13 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
๐ด Ivanti Acquires MobileIron & Pulse Secure ๐ด
๐ Read
via "Dark Reading".
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.๐ Read
via "Dark Reading".
Dark Reading
Ivanti Acquires MobileIron & Pulse Secure
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
โ Zoom Impersonation Attacks Aim to Steal Credentials โ
๐ Read
via "Threat Post".
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.๐ Read
via "Threat Post".
Threat Post
Zoom Impersonation Attacks Aim to Steal Credentials
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.