‼ CVE-2020-7793 ‼
📖 Read
via "National Vulnerability Database".
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).📖 Read
via "National Vulnerability Database".
🦿 IoT standards: The US government must create them, and businesses will follow 🦿
📖 Read
via "Tech Republic".
The Internet of Things is still in its Wild West phase of development. Standardization is necessary to ensure safety and easier integration.📖 Read
via "Tech Republic".
TechRepublic
IoT standards: The US government must create them, and businesses will follow
The Internet of Things is still in its Wild West phase of development. Standardization is necessary to ensure safety and easier integration.
🦿 How cybercriminals are now exploiting COVID-19 vaccines 🦿
📖 Read
via "Tech Republic".
Vaccine-related phishing emails and domains are popping up, while criminals are selling phony vaccines via the Dark Web, says Check Point.📖 Read
via "Tech Republic".
TechRepublic
How cybercriminals are now exploiting COVID-19 vaccines
Vaccine-related phishing emails and domains are popping up, while criminals are selling phony vaccines via the Dark Web, says Check Point.
🕴 7 Security Tips For Gamers 🕴
📖 Read
via "Dark Reading".
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.📖 Read
via "Dark Reading".
Dark Reading
7 Security Tips for Gamers
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
🕴 'Tis the Season to Confront Third-Party Risk 🕴
📖 Read
via "Dark Reading".
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.📖 Read
via "Dark Reading".
Dark Reading
'Tis the Season to Confront Third-Party Risk
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
❌ Facebook Shutters Accounts Used in APT32 Cyberattacks ❌
📖 Read
via "Threat Post".
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.📖 Read
via "Threat Post".
Threat Post
Facebook Shutters Accounts Used in APT32 Cyberattacks
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
‼ CVE-2020-12148 ‼
📖 Read
via "National Vulnerability Database".
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM (ECOS) appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish an interactive channel, effectively taking control of the target system. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects all current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28838 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15357 ‼
📖 Read
via "National Vulnerability Database".
Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35144 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29590 ‼
📖 Read
via "National Vulnerability Database".
Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the root user. Systems deployed using affected versions of the teamspeak container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29254 ‼
📖 Read
via "National Vulnerability Database".
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15023 ‼
📖 Read
via "National Vulnerability Database".
Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-12149 ‼
📖 Read
via "National Vulnerability Database".
The configuration backup/restore function in Silver Peak Unity ECOSTM (ECOS) appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This vulnerability can be exploited by an attacker with authenticated access to the Orchestrator UI or EdgeConnect UI. This affects ll current ECOS versions: 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29591 ‼
📖 Read
via "National Vulnerability Database".
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29589 ‼
📖 Read
via "National Vulnerability Database".
Versions of the Official kapacitor Docker images through 1.5.0-alpine contain a blank password for the root user. Systems deployed using affected versions of the kapacitor container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4633 ‼
📖 Read
via "National Vulnerability Database".
IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27508 ‼
📖 Read
via "National Vulnerability Database".
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.📖 Read
via "National Vulnerability Database".
❌ Feds: K-12 Cyberattacks Dramatically on the Rise ❌
📖 Read
via "Threat Post".
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.📖 Read
via "Threat Post".
Threat Post
Feds: K-12 Cyberattacks Dramatically on the Rise
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.
🕴 Microsoft Warns of Powerful New Adware 🕴
📖 Read
via "Dark Reading".
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.📖 Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
‼ CVE-2020-29590 ‼
📖 Read
via "National Vulnerability Database".
Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the root user. Systems deployed using affected versions of the teamspeak container may allow a remote attacker to achieve root access with a blank password.📖 Read
via "National Vulnerability Database".