βΌ CVE-2020-7533 βΌ
π Read
via "National Vulnerability Database".
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7547 βΌ
π Read
via "National Vulnerability Database".
A CWE-284: Improper Access Control vulnerability exists in EcoStruxureΓΒͺ and SmartStruxureΓΒͺ Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6880 βΌ
π Read
via "National Vulnerability Database".
A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.π Read
via "National Vulnerability Database".
π΄ Call Fraud Operator Ordered to Pay $9M to Victims π΄
π Read
via "Dark Reading".
Indian national will serve 20 years in prison for running a large call center fraud operation.π Read
via "Dark Reading".
Dark Reading
Call Fraud Operator Ordered to Pay $9M to Victims
Indian national will serve 20 years in prison for running a large call center fraud operation.
π΄ The Cybersecurity Skills Gap: It Doesn't Have to Be This Way π΄
π Read
via "Dark Reading".
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.π Read
via "Dark Reading".
Dark Reading
The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
π FBI Warns of BEC Scammers Using Email Forwarding π
π Read
via "Digital Guardian".
The FBI says scammers are increasingly abusing forwarding rules on web-based email clients to hide their activity, opening the door for a Business Email Compromise (BEC) attack.π Read
via "Digital Guardian".
Digital Guardian
FBI Warns of BEC Scammers Using Email Forwarding
The FBI says scammers are increasingly abusing forwarding rules on web-based email clients to hide their activity, opening the door for a Business Email Compromise (BEC) attack.
βΌ CVE-2020-29315 βΌ
π Read
via "National Vulnerability Database".
ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8539 βΌ
π Read
via "National Vulnerability Database".
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11990 βΌ
π Read
via "National Vulnerability Database".
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.π Read
via "National Vulnerability Database".
βΌ CVE-2019-16958 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.π Read
via "National Vulnerability Database".
β Cayman Islands Bank Records Exposed in Open Azure Blob β
π Read
via "Threat Post".
An offshore Cayman Islands bankβs backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.π Read
via "Threat Post".
Threat Post
Cayman Islands Bank Records Exposed in Open Azure Blob
An offshore Cayman Islands bankβs backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.
βΌ CVE-2020-28583 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28582 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28575 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28573 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28576 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28577 βΌ
π Read
via "National Vulnerability Database".
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.π Read
via "National Vulnerability Database".
β Android Messenger App Still Leaking Photos, Videos β
π Read
via "Threat Post".
The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.π Read
via "Threat Post".
Threat Post
Android Messenger App Still Leaking Photos, Videos
The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.
β Misconfigured Docker Servers Under Attack by Xanthe Malware β
π Read
via "Threat Post".
The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.π Read
via "Threat Post".
Threat Post
Misconfigured Docker Servers Under Attack by Xanthe Malware
The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.
π΄ SASE 101: Why All the Buzz? π΄
π Read
via "Dark Reading".
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.π Read
via "Dark Reading".
Dark Reading
SASE 101: Why All the Buzz?
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
π¦Ώ How to protect your personal data from being sold on the Dark Web π¦Ώ
π Read
via "Tech Republic".
Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.π Read
via "Tech Republic".
TechRepublic
How to protect your personal data from being sold on the Dark Web
Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.