βΌ CVE-2020-17470 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.π Read
via "National Vulnerability Database".
β Subway sandwich scam mystifies loyalty card users β
π Read
via "Naked Security".
Subway customers have been on the receiving end of a curiously complex phishing scam.π Read
via "Naked Security".
Naked Security
Subway sandwich scam mystifies loyalty card users
Subway customers have been on the receiving end of a curiously complex phishing scam. We investigate.
βΌ CVE-2020-35199 βΌ
π Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35200 βΌ
π Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35202 βΌ
π Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35201 βΌ
π Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17511 βΌ
π Read
via "National Vulnerability Database".
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.π Read
via "National Vulnerability Database".
βΌ CVE-2020-17513 βΌ
π Read
via "National Vulnerability Database".
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.π Read
via "National Vulnerability Database".
π¦Ώ Cybersecurity experts hail new IoT law π¦Ώ
π Read
via "Tech Republic".
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.π Read
via "Tech Republic".
TechRepublic
Cybersecurity experts hail new IoT law
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.
π΄ Startups Should Do Things That Don't Scale, but Security Isn't One of Them π΄
π Read
via "Dark Reading".
Emerging businesses that don't embrace scalable security do so at their own peril.π Read
via "Dark Reading".
Dark Reading
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Emerging businesses that don't embrace scalable security do so at their own peril.
βΌ CVE-2020-29227 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.π Read
via "National Vulnerability Database".
π Sifter 11-R3 π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 11-R3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π WhatWeb Scanner 0.5.4 π
π Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.π Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β New Windows Trojan Steals Browser Credentials, Outlook Files β
π Read
via "Threat Post".
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.π Read
via "Threat Post".
Threat Post
New Windows Trojan Steals Browser Credentials, Outlook Files
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.
π¦Ώ US government agencies compromised by foreign nation-state π¦Ώ
π Read
via "Tech Republic".
Stretching back for months, the breaches were pulled off by exploiting a vulnerability in network monitoring software from SolarWinds, according to security firm FireEye.π Read
via "Tech Republic".
TechRepublic
US government agencies compromised by foreign nation-state
Stretching back for months, the breaches were pulled off by exploiting a vulnerability in network monitoring software from SolarWinds, according to security firm FireEye.
βΌ CVE-2020-35382 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14244 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35378 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14268 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.π Read
via "National Vulnerability Database".
π SolarWinds Hacked, Used in Potentially Massive Supply Chain Attack π
π Read
via "Digital Guardian".
A global intrusion campaign involving the companyβs IT monitoring and management software could date back to March.π Read
via "Digital Guardian".
Digital Guardian
SolarWinds Hacked, Used in Potentially Massive Supply Chain Attack
A global intrusion campaign involving the companyβs IT monitoring and management software could date back to March.
π΄ 2021 Security Budgets: Top Priorities, New Realities π΄
π Read
via "Dark Reading".
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.π Read
via "Dark Reading".
Dark Reading
2021 Security Budgets: 6 Top Priorities, New Realities
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.