βΌ CVE-2020-5638 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5678 βΌ
π Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5680 βΌ
π Read
via "National Vulnerability Database".
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5679 βΌ
π Read
via "National Vulnerability Database".
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.π Read
via "National Vulnerability Database".
β Code42 Incydr Series: Honing in on High-Risk Users with Code42 Incydr β
π Read
via "Threat Post".
Incydr lets you monitor your high-risk users without impeding their ongoing work.π Read
via "Threat Post".
Threat Post
Code42 Incydr Series: Honing in on High-Risk Users with Code42 Incydr
Incydr lets you monitor your high-risk users without impeding their ongoing work.
β Clop Gang Makes Off with 2M Credit Cards from E-Land β
π Read
via "Threat Post".
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailerβs stores.π Read
via "Threat Post".
Threat Post
Clop Gang Gallops Off with 2M Credit Cards from E-Land
The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailerβs stores.
π΄ From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now π΄
π Read
via "Dark Reading".
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.π Read
via "Dark Reading".
Dark Reading
From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
β As Modern Mobile Enables Remote Work, It Also Demands Security β
π Read
via "Threat Post".
Smartphones, tablets, collaboration apps and other modern framework tools are critical to maintaining productivity remotely, but they also demand an integrated security strategy purpose-built for mobile devices. The coronavirus pandemic has completely upended the way we work, educate and socialize. Soon after the rapid onset of the virus, organizations were forced to fully adopt work-from-home [β¦]π Read
via "Threat Post".
Threat Post
As Modern Mobile Enables Remote Work, It Also Demands Security
Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.
β S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast]
Latest episode β listen now!
βΌ CVE-2020-6017 βΌ
π Read
via "National Vulnerability Database".
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6021 βΌ
π Read
via "National Vulnerability Database".
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint clientΓ’β¬β’s privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6111 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs β
π Read
via "Threat Post".
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.π Read
via "Threat Post".
Threat Post
Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.
π¦Ώ Popular Android apps still vulnerable to patched security flaw π¦Ώ
π Read
via "Tech Republic".
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.π Read
via "Tech Republic".
TechRepublic
Popular Android apps still vulnerable to patched security flaw
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.
βΌ CVE-2020-2320 βΌ
π Read
via "National Vulnerability Database".
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28937 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2324 βΌ
π Read
via "National Vulnerability Database".
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2322 βΌ
π Read
via "National Vulnerability Database".
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28939 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14318 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2321 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.π Read
via "National Vulnerability Database".