βΌ CVE-2020-28940 βΌ
π Read
via "National Vulnerability Database".
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26762 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25181 βΌ
π Read
via "National Vulnerability Database".
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7545 βΌ
π Read
via "National Vulnerability Database".
A CWE-284:Improper Access Control vulnerability exists in EcoStruxureΓΒͺ and SmartStruxureΓΒͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7546 βΌ
π Read
via "National Vulnerability Database".
A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureΓΒͺ and SmartStruxureΓΒͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25177 βΌ
π Read
via "National Vulnerability Database".
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7533 βΌ
π Read
via "National Vulnerability Database".
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7547 βΌ
π Read
via "National Vulnerability Database".
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureΓΒͺ and SmartStruxureΓΒͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6880 βΌ
π Read
via "National Vulnerability Database".
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.π Read
via "National Vulnerability Database".
π΄ Call Fraud Operator Ordered to Pay $9M to Victims π΄
π Read
via "Dark Reading".
Indian national will serve 20 years in prison for running a large call center fraud operation.π Read
via "Dark Reading".
Dark Reading
Call Fraud Operator Ordered to Pay $9M to Victims
Indian national will serve 20 years in prison for running a large call center fraud operation.
π΄ The Cybersecurity Skills Gap: It Doesn't Have to Be This Way π΄
π Read
via "Dark Reading".
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.π Read
via "Dark Reading".
Dark Reading
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
π FBI Warns of BEC Scammers Using Email Forwarding π
π Read
via "Digital Guardian".
The FBI says scammers are increasingly abusing forwarding rules on web-based email clients to hide their activity, opening the door for a Business Email Compromise (BEC) attack.π Read
via "Digital Guardian".
Digital Guardian
FBI Warns of BEC Scammers Using Email Forwarding
The FBI says scammers are increasingly abusing forwarding rules on web-based email clients to hide their activity, opening the door for a Business Email Compromise (BEC) attack.
βΌ CVE-2020-29315 βΌ
π Read
via "National Vulnerability Database".
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8539 βΌ
π Read
via "National Vulnerability Database".
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11990 βΌ
π Read
via "National Vulnerability Database".
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.π Read
via "National Vulnerability Database".
βΌ CVE-2019-16958 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.π Read
via "National Vulnerability Database".
β Cayman Islands Bank Records Exposed in Open Azure Blob β
π Read
via "Threat Post".
An offshore Cayman Islands bankβs backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.π Read
via "Threat Post".
Threat Post
Cayman Islands Bank Records Exposed in Open Azure Blob
An offshore Cayman Islands bankβs backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.
βΌ CVE-2020-28583 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28582 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28575 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28573 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.π Read
via "National Vulnerability Database".