βΌ CVE-2020-6111 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs β
π Read
via "Threat Post".
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.π Read
via "Threat Post".
Threat Post
Cyberattacks Target COVID-19 Vaccine βCold-Chainβ Orgs
Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.
π¦Ώ Popular Android apps still vulnerable to patched security flaw π¦Ώ
π Read
via "Tech Republic".
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.π Read
via "Tech Republic".
TechRepublic
Popular Android apps still vulnerable to patched security flaw
Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.
βΌ CVE-2020-2320 βΌ
π Read
via "National Vulnerability Database".
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28937 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2324 βΌ
π Read
via "National Vulnerability Database".
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2322 βΌ
π Read
via "National Vulnerability Database".
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28939 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14318 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2321 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2323 βΌ
π Read
via "National Vulnerability Database".
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28938 βΌ
π Read
via "National Vulnerability Database".
OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.π Read
via "National Vulnerability Database".
β Reverse Engineering Tools: Evaluating the True Cost β
π Read
via "Threat Post".
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.π Read
via "Threat Post".
Threat Post
Reverse Engineering Tools: Evaluating the True Cost
Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
β DeathStalker APT Spices Things Up with PowerPepper Malware β
π Read
via "Threat Post".
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.π Read
via "Threat Post".
Threat Post
DeathStalker APT Spices Things Up with PowerPepper Malware
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation.
π΄ Researchers Bypass Next-Generation Endpoint Protection π΄
π Read
via "Dark Reading".
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.π Read
via "Dark Reading".
Dark Reading
Researchers Bypass Next-Generation Endpoint Protection
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
π΄ US Officials Take Action Against 2,300 Money Mules π΄
π Read
via "Dark Reading".
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.π Read
via "Dark Reading".
Dark Reading
US Officials Take Action Against 2,300 Money Mules - Dark Reading
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.
π΄ Cloud Security Threats for 2021 π΄
π Read
via "Dark Reading".
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.π Read
via "Dark Reading".
Dark Reading
Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
βΌ CVE-2020-13524 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27760 βΌ
π Read
via "National Vulnerability Database".
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it's possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13542 βΌ
π Read
via "National Vulnerability Database".
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27763 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.π Read
via "National Vulnerability Database".