βΌ CVE-2020-16587 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16600 βΌ
π Read
via "National Vulnerability Database".
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16591 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.34 due to an invalid read in process_symbol_table, as demonstrated in readeif.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16588 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Deference issue exists in Academy Software Foundation OpenEXR 2.3.0 in generatePreview in makePreview.cpp that can cause a denial of service via a crafted EXR file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25499 βΌ
π Read
via "National Vulnerability Database".
TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16598 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in debug_get_real_type, as demonstrated in objdump, that can cause a denial of service via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16599 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.π Read
via "National Vulnerability Database".
π΄ Former Microsoft Cloud Security Leads Unveil New Startup π΄
π Read
via "Dark Reading".
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.π Read
via "Dark Reading".
Darkreading
Former Microsoft Cloud Security Leads Unveil New Startup
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
π΄ Vulnerabilities Continue Around 2019 Pace π΄
π Read
via "Dark Reading".
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities Continue Around 2019 Pace
After lagging 2019 numbers in the first quarter, vulnerabilities have surged in the rest of 2020, leading researchers to predict that final numbers for this year will meet or exceed those of last year, report says.
β Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020 β
π Read
via "Threat Post".
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an βimminentβ cyber-threat, including Amazon, Costco, Kroger and Walmart.π Read
via "Threat Post".
Threat Post
Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an βimminentβ cyber-threat, including Amazon, Costco, Kroger and Walmart.
βΌ CVE-2020-28086 βΌ
π Read
via "National Vulnerability Database".
pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26257 βΌ
π Read
via "National Vulnerability Database".
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`).π Read
via "National Vulnerability Database".
π΄ 10 Ways Device Identifiers Can Spot a Cybercriminal π΄
π Read
via "Dark Reading".
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.π Read
via "Dark Reading".
Dark Reading
10 Ways Device Identifiers Can Spot a Cybercriminal
Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.
π΄ Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official π΄
π Read
via "Dark Reading".
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.π Read
via "Dark Reading".
Dark Reading
Security Incidents Are 'Tip of the Iceberg,' Says UK Security Official
Pete Cooper, deputy director of cyber defense for the UK Cabinet Office, emphasized the importance of security fundamentals, collaboration, and diversity in his Black Hat Europe keynote talk.
π΄ Ransomware Makes Up Half of All Major Incidents π΄
π Read
via "Dark Reading".
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.π Read
via "Dark Reading".
Dark Reading
Ransomware Makes Up Half of All Major Incidents
Misconfigurations and lack of visibility allow attackers to compromise networks and monetize their intrusions, according to CrowdStrike's analysis of about 200 incidents.
βΌ CVE-2020-16590 βΌ
π Read
via "National Vulnerability Database".
A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.34 in the process_symbol_table, as demonstrated in readelf, via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16592 βΌ
π Read
via "National Vulnerability Database".
A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16593 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.34, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16589 βΌ
π Read
via "National Vulnerability Database".
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16587 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16600 βΌ
π Read
via "National Vulnerability Database".
A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.π Read
via "National Vulnerability Database".