βΌ CVE-2020-26260 βΌ
π Read
via "National Vulnerability Database".
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26828 βΌ
π Read
via "National Vulnerability Database".
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheetπ Read
via "National Vulnerability Database".
π 50 Cloud-Based Security Selection Tips π
π Read
via "Digital Guardian".
With more and more companies making the move to the cloud, security remains an utmost concern. Reviewing a cloud security solution? Ask yourself these 50 questions.π Read
via "Digital Guardian".
Digital Guardian
50 Cloud-Based Security Selection Tips
With more and more companies making the move to the cloud, security remains an utmost concern. Reviewing a cloud security solution? Ask yourself these 50 questions.
β SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign β
π Read
via "Threat Post".
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets.π Read
via "Threat Post".
Threat Post
SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets.
π΄ Former Microsoft Cloud Security Leads Unveil New Startup π΄
π Read
via "Dark Reading".
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.π Read
via "Dark Reading".
Darkreading
Former Microsoft Cloud Security Leads Unveil New Startup
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
π΄ Vulnerabilities Continue Around 2019 Pace π΄
π Read
via "Dark Reading".
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities Continue Around 2019 Pace
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.
β Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020 β
π Read
via "Threat Post".
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an βimminentβ cyber-threat, including Amazon, Costco, Kroger and Walmart.π Read
via "Threat Post".
Threat Post
Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an βimminentβ cyber-threat, including Amazon, Costco, Kroger and Walmart.
βΌ CVE-2020-28086 βΌ
π Read
via "National Vulnerability Database".
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26257 βΌ
π Read
via "National Vulnerability Database".
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`).π Read
via "National Vulnerability Database".
π΄ 10 Ways Device Identifiers Can Spot a Cybercriminal π΄
π Read
via "Dark Reading".
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.π Read
via "Dark Reading".
Dark Reading
10 Ways Device Identifiers Can Spot a Cybercriminal
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
π΄ Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official π΄
π Read
via "Dark Reading".
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.π Read
via "Dark Reading".
Dark Reading
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
π΄ Ransomware Makes Up Half of All Major Incidents π΄
π Read
via "Dark Reading".
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.π Read
via "Dark Reading".
Dark Reading
Ransomware Makes Up Half of All Major Incidents
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.
β SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign β
π Read
via "Threat Post".
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets.π Read
via "Threat Post".
Threat Post
SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign
Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets.
π΄ Former Microsoft Cloud Security Leads Unveil New Startup π΄
π Read
via "Dark Reading".
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.π Read
via "Dark Reading".
Darkreading
Former Microsoft Cloud Security Leads Unveil New Startup
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
π΄ Vulnerabilities Continue Around 2019 Pace π΄
π Read
via "Dark Reading".
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities Continue Around 2019 Pace
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.
β Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020 β
π Read
via "Threat Post".
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an βimminentβ cyber-threat, including Amazon, Costco, Kroger and Walmart.π Read
via "Threat Post".
Threat Post
Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an βimminentβ cyber-threat, including Amazon, Costco, Kroger and Walmart.
βΌ CVE-2020-28086 βΌ
π Read
via "National Vulnerability Database".
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26257 βΌ
π Read
via "National Vulnerability Database".
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`).π Read
via "National Vulnerability Database".
π΄ 10 Ways Device Identifiers Can Spot a Cybercriminal π΄
π Read
via "Dark Reading".
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.π Read
via "Dark Reading".
Dark Reading
10 Ways Device Identifiers Can Spot a Cybercriminal
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
π΄ Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official π΄
π Read
via "Dark Reading".
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.π Read
via "Dark Reading".
Dark Reading
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
π΄ Ransomware Makes Up Half of All Major Incidents π΄
π Read
via "Dark Reading".
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.π Read
via "Dark Reading".
Dark Reading
Ransomware Makes Up Half of All Major Incidents
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.