β As Modern Mobile Enables Remote Work, It Also Demands Security β
π Read
via "Threat Post".
Smartphones, tablets, collaboration apps and other modern framework tools are critical to maintaining productivity remotely, but they also demand an integrated security strategy purpose-built for mobile devices. The coronavirus pandemic has completely upended the way we work, educate and socialize. Soon after the rapid onset of the virus, organizations were forced to fully adopt work-from-home [β¦]π Read
via "Threat Post".
Threat Post
As Modern Mobile Enables Remote Work, It Also Demands Security
Lookout's Hank Schless discusses accelerated threats to mobile endpoints in the age of COVID-19-sparked remote working.
β S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast]
Latest episode β listen now!
βΌ CVE-2020-6017 βΌ
π Read
via "National Vulnerability Database".
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6021 βΌ
π Read
via "National Vulnerability Database".
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint clientΓ’β¬β’s privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6111 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs β
π Read
via "Threat Post".
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.π Read
via "Threat Post".
Threat Post
Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.
π¦Ώ Popular Android apps still vulnerable to patched security flaw π¦Ώ
π Read
via "Tech Republic".
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.π Read
via "Tech Republic".
TechRepublic
Popular Android apps still vulnerable to patched security flaw
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.
βΌ CVE-2020-2320 βΌ
π Read
via "National Vulnerability Database".
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28937 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2324 βΌ
π Read
via "National Vulnerability Database".
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2322 βΌ
π Read
via "National Vulnerability Database".
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28939 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14318 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2321 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2323 βΌ
π Read
via "National Vulnerability Database".
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28938 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.π Read
via "National Vulnerability Database".
β Reverse Engineering Tools: Evaluating the True Cost β
π Read
via "Threat Post".
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.π Read
via "Threat Post".
Threat Post
Reverse Engineering Tools: Evaluating the True Cost
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
β DeathStalker APT Spices Things Up with PowerPepper Malware β
π Read
via "Threat Post".
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.π Read
via "Threat Post".
Threat Post
DeathStalker APT Spices Things Up with PowerPepper Malware
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.
π΄ Researchers Bypass Next-Generation Endpoint Protection π΄
π Read
via "Dark Reading".
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.π Read
via "Dark Reading".
Dark Reading
Researchers Bypass Next-Generation Endpoint Protection
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
π΄ US Officials Take Action Against 2,300 Money Mules π΄
π Read
via "Dark Reading".
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.π Read
via "Dark Reading".
Dark Reading
US Officials Take Action Against 2,300 Money Mules - Dark Reading
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.
π΄ Cloud Security Threats for 2021 π΄
π Read
via "Dark Reading".
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.π Read
via "Dark Reading".
Dark Reading
Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.