βΌ CVE-2020-29279 βΌ
π Read
via "National Vulnerability Database".
PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26246 βΌ
π Read
via "National Vulnerability Database".
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.π Read
via "National Vulnerability Database".
β Google Play Apps Remain Vulnerable to High-Severity Flaw β
π Read
via "Threat Post".
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge.π Read
via "Threat Post".
Threat Post
Google Play Apps Remain Vulnerable to High-Severity Flaw
Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Edge.
π΄ Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw π΄
π Read
via "Dark Reading".
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.π Read
via "Dark Reading".
Dark Reading
Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
βΌ CVE-2020-5676 βΌ
π Read
via "National Vulnerability Database".
GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5677 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5638 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5678 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5680 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5679 βΌ
π Read
via "National Vulnerability Database".
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.π Read
via "National Vulnerability Database".
β Code42 Incydr Series: Honing in on High-Risk Users with Code42 Incydr β
π Read
via "Threat Post".
Incydr lets you monitor your high-risk users without impeding their ongoing work.π Read
via "Threat Post".
Threat Post
Code42 Incydr Series: Honing in on High-Risk Users with Code42 Incydr
Incydr lets you monitor your high-risk users without impeding their ongoing work.
β Clop Gang Makes Off with 2M Credit Cards from E-Land β
π Read
via "Threat Post".
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailerβs stores.π Read
via "Threat Post".
Threat Post
Clop Gang Gallops Off with 2M Credit Cards from E-Land
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailerβs stores.
π΄ From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now π΄
π Read
via "Dark Reading".
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.π Read
via "Dark Reading".
Dark Reading
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
β As Modern Mobile Enables Remote Work, It Also Demands Security β
π Read
via "Threat Post".
Smartphones, tablets, collaboration apps and other modern framework tools are critical to maintaining productivity remotely, but they also demand an integrated security strategy purpose-built for mobile devices. The coronavirus pandemic has completely upended the way we work, educate and socialize. Soon after the rapid onset of the virus, organizations were forced to fully adopt work-from-home [β¦]π Read
via "Threat Post".
Threat Post
As Modern Mobile Enables Remote Work, It Also Demands Security
Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.
β S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast]
Latest episode β listen now!
βΌ CVE-2020-6017 βΌ
π Read
via "National Vulnerability Database".
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6021 βΌ
π Read
via "National Vulnerability Database".
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint clientΓ’β¬β’s privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6111 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs β
π Read
via "Threat Post".
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.π Read
via "Threat Post".
Threat Post
Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.
π¦Ώ Popular Android apps still vulnerable to patched security flaw π¦Ώ
π Read
via "Tech Republic".
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.π Read
via "Tech Republic".
TechRepublic
Popular Android apps still vulnerable to patched security flaw
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.
βΌ CVE-2020-2320 βΌ
π Read
via "National Vulnerability Database".
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.π Read
via "National Vulnerability Database".