π΄ Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World π΄
π Read
via "Dark Reading".
SPONSORED: As most of the world shifted to remote work in 2020, cybercriminals upped their game, devising ways to use the fears and anxieties of organizations and end users against them. Sophos Principal Research Scientist Chester Wisniewski discusses the fast-changing attacker behaviors outlined in the Sophos 2021 Threat Report, and how IT professionals need to update their approach to protect against more sophisticated threats.π Read
via "Dark Reading".
Dark Reading
Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
π THC-IPv6 Attack Tool 3.8 π
π Read
via "Packet Storm Security".
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.π Read
via "Packet Storm Security".
Packetstormsecurity
THC-IPv6 Attack Tool 3.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π SQLMAP - Automatic SQL Injection Tool 1.4.12 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.12 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Mandos Encrypted File System Unattended Reboot Utility 1.8.13 π
π Read
via "Packet Storm Security".
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.π Read
via "Packet Storm Security".
Packetstormsecurity
Mandos Encrypted File System Unattended Reboot Utility 1.8.13 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Ivanti Acquires MobileIron & Pulse Secure π΄
π Read
via "Dark Reading".
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.π Read
via "Dark Reading".
Dark Reading
Ivanti Acquires MobileIron & Pulse Secure
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
β Zoom Impersonation Attacks Aim to Steal Credentials β
π Read
via "Threat Post".
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.π Read
via "Threat Post".
Threat Post
Zoom Impersonation Attacks Aim to Steal Credentials
The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.
β Electronic Medical Records Cracked Open by OpenClinic Bugs β
π Read
via "Threat Post".
Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.π Read
via "Threat Post".
Threat Post
Electronic Medical Records Cracked Open by OpenClinic Bugs
Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.
βΌ CVE-2020-7548 βΌ
π Read
via "National Vulnerability Database".
A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28971 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28970 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)π Read
via "National Vulnerability Database".
βΌ CVE-2020-28993 βΌ
π Read
via "National Vulnerability Database".
A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28940 βΌ
π Read
via "National Vulnerability Database".
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26762 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25181 βΌ
π Read
via "National Vulnerability Database".
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7545 βΌ
π Read
via "National Vulnerability Database".
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureΓΒͺ and SmartStruxureΓΒͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7546 βΌ
π Read
via "National Vulnerability Database".
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureΓΒͺ and SmartStruxureΓΒͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25177 βΌ
π Read
via "National Vulnerability Database".
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7533 βΌ
π Read
via "National Vulnerability Database".
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7547 βΌ
π Read
via "National Vulnerability Database".
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureΓΒͺ and SmartStruxureΓΒͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6880 βΌ
π Read
via "National Vulnerability Database".
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.π Read
via "National Vulnerability Database".
π΄ Call Fraud Operator Ordered to Pay $9M to Victims π΄
π Read
via "Dark Reading".
Indian national will serve 20 years in prison for running a large call center fraud operation.π Read
via "Dark Reading".
Dark Reading
Call Fraud Operator Ordered to Pay $9M to Victims
Indian national will serve 20 years in prison for running a large call center fraud operation.