βΌ CVE-2020-26407 βΌ
π Read
via "National Vulnerability Database".
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious projectπ Read
via "National Vulnerability Database".
βΌ CVE-2020-12594 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24445 βΌ
π Read
via "National Vulnerability Database".
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimΓ’β¬β’s browser when they browse to the page containing the vulnerable field.π Read
via "National Vulnerability Database".
β Misery of Ransomware Hits Hospitals the Hardest β
π Read
via "Threat Post".
Ransomware attacks targeting hospitals have exacted a human cost as well as financial.π Read
via "Threat Post".
Threat Post
Misery of Ransomware Hits Hospitals the Hardest
Ransomware attacks targeting hospitals have exacted a human cost as well as financial.
βΌ CVE-2020-8920 βΌ
π Read
via "National Vulnerability Database".
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8919 βΌ
π Read
via "National Vulnerability Database".
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.π Read
via "National Vulnerability Database".
π΄ Black Hat Europe: Dark Reading Video News Desk Coverage π΄
π Read
via "Dark Reading".
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.π Read
via "Dark Reading".
Dark Reading
Black Hat Europe: Dark Reading Video News Desk Coverage
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
π΄ Google Shares Cloud Security Tips π΄
π Read
via "Dark Reading".
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.π Read
via "Dark Reading".
Dark Reading
Google Shares Cloud Security Tips
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
β Cyber Monday is Every Monday: Securing the βNew Normalβ β
π Read
via "Threat Post".
From eCommerce threats, to security concerns in connected speakers, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.π Read
via "Threat Post".
Threat Post
Cyber Monday is Every Monday: Securing the βNew Normalβ
From eCommerce threats, to attacks at the smart edge, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.
β S3 Ep10: Hacking iPhones, sunken Enigmas and double scams [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now, and please tell your friends about our podcast.π Read
via "Naked Security".
Naked Security
S3 Ep10: Hacking iPhones, sunken Enigmas and double scams [Podcast]
Latest episode β listen now, and please tell your friends about our podcast.
π΄ The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital π΄
π Read
via "Dark Reading".
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.π Read
via "Dark Reading".
Dark Reading
The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital
Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.
βΌ CVE-2020-2498 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and laterπ Read
via "National Vulnerability Database".
βΌ CVE-2020-2495 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and laterπ Read
via "National Vulnerability Database".
β Critical Steam Flaws Could Let Gamers to Crash Opponentsβ Computers β
π Read
via "Threat Post".
Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life.π Read
via "Threat Post".
Threat Post
Critical Steam Flaws Could Let Gamers Crash Opponentsβ Computers
Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life.
βΌ CVE-2020-29666 βΌ
π Read
via "National Vulnerability Database".
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24444 βΌ
π Read
via "National Vulnerability Database".
AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to gather information about internal systems that reside on the same network.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29667 βΌ
π Read
via "National Vulnerability Database".
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12595 βΌ
π Read
via "National Vulnerability Database".
An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29668 βΌ
π Read
via "National Vulnerability Database".
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26407 βΌ
π Read
via "National Vulnerability Database".
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious projectπ Read
via "National Vulnerability Database".
βΌ CVE-2020-12594 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.π Read
via "National Vulnerability Database".