‼ CVE-2020-7788 ‼
📖 Read
via "National Vulnerability Database".
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7790 ‼
📖 Read
via "National Vulnerability Database".
This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF.📖 Read
via "National Vulnerability Database".
🔏 Friday Five 12/11 🔏
📖 Read
via "Digital Guardian".
New federal cyber initiatives, phishing campaigns, and anti-trust lawsuits - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 12/11
New federal cyber initiatives, phishing campaigns, and anti-trust lawsuits - catch up on all of the week's infosec news with the Friday Five!
🕴 Penetration Testing: A Road Map for Improving Outcomes 🕴
📖 Read
via "Dark Reading".
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.📖 Read
via "Dark Reading".
Dark Reading
Penetration Testing: A Road Map for Improving Outcomes
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
‼ CVE-2020-17515 ‼
📖 Read
via "National Vulnerability Database".
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7793 ‼
📖 Read
via "National Vulnerability Database".
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).📖 Read
via "National Vulnerability Database".
🦿 IoT standards: The US government must create them, and businesses will follow 🦿
📖 Read
via "Tech Republic".
The Internet of Things is still in its Wild West phase of development. Standardization is necessary to ensure safety and easier integration.📖 Read
via "Tech Republic".
TechRepublic
IoT standards: The US government must create them, and businesses will follow
The Internet of Things is still in its Wild West phase of development. Standardization is necessary to ensure safety and easier integration.
🦿 How cybercriminals are now exploiting COVID-19 vaccines 🦿
📖 Read
via "Tech Republic".
Vaccine-related phishing emails and domains are popping up, while criminals are selling phony vaccines via the Dark Web, says Check Point.📖 Read
via "Tech Republic".
TechRepublic
How cybercriminals are now exploiting COVID-19 vaccines
Vaccine-related phishing emails and domains are popping up, while criminals are selling phony vaccines via the Dark Web, says Check Point.
🕴 7 Security Tips For Gamers 🕴
📖 Read
via "Dark Reading".
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.📖 Read
via "Dark Reading".
Dark Reading
7 Security Tips for Gamers
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
🕴 'Tis the Season to Confront Third-Party Risk 🕴
📖 Read
via "Dark Reading".
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.📖 Read
via "Dark Reading".
Dark Reading
'Tis the Season to Confront Third-Party Risk
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
❌ Facebook Shutters Accounts Used in APT32 Cyberattacks ❌
📖 Read
via "Threat Post".
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.📖 Read
via "Threat Post".
Threat Post
Facebook Shutters Accounts Used in APT32 Cyberattacks
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
🕴 Penetration Testing: A Road Map for Improving Outcomes 🕴
📖 Read
via "Dark Reading".
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.📖 Read
via "Dark Reading".
Dark Reading
Penetration Testing: A Road Map for Improving Outcomes
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.
‼ CVE-2020-17515 ‼
📖 Read
via "National Vulnerability Database".
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7793 ‼
📖 Read
via "National Vulnerability Database".
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).📖 Read
via "National Vulnerability Database".
🦿 IoT standards: The US government must create them, and businesses will follow 🦿
📖 Read
via "Tech Republic".
The Internet of Things is still in its Wild West phase of development. Standardization is necessary to ensure safety and easier integration.📖 Read
via "Tech Republic".
TechRepublic
IoT standards: The US government must create them, and businesses will follow
The Internet of Things is still in its Wild West phase of development. Standardization is necessary to ensure safety and easier integration.
🦿 How cybercriminals are now exploiting COVID-19 vaccines 🦿
📖 Read
via "Tech Republic".
Vaccine-related phishing emails and domains are popping up, while criminals are selling phony vaccines via the Dark Web, says Check Point.📖 Read
via "Tech Republic".
TechRepublic
How cybercriminals are now exploiting COVID-19 vaccines
Vaccine-related phishing emails and domains are popping up, while criminals are selling phony vaccines via the Dark Web, says Check Point.
🕴 7 Security Tips For Gamers 🕴
📖 Read
via "Dark Reading".
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.📖 Read
via "Dark Reading".
Dark Reading
7 Security Tips for Gamers
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
🕴 'Tis the Season to Confront Third-Party Risk 🕴
📖 Read
via "Dark Reading".
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.📖 Read
via "Dark Reading".
Dark Reading
'Tis the Season to Confront Third-Party Risk
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
❌ Facebook Shutters Accounts Used in APT32 Cyberattacks ❌
📖 Read
via "Threat Post".
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.📖 Read
via "Threat Post".
Threat Post
Facebook Shutters Accounts Used in APT32 Cyberattacks
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
‼ CVE-2020-12148 ‼
📖 Read
via "National Vulnerability Database".
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28838 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.📖 Read
via "National Vulnerability Database".