βΌ CVE-2020-17513 βΌ
π Read
via "National Vulnerability Database".
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.π Read
via "National Vulnerability Database".
π¦Ώ Cybersecurity experts hail new IoT law π¦Ώ
π Read
via "Tech Republic".
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.π Read
via "Tech Republic".
TechRepublic
Cybersecurity experts hail new IoT law
The bill would increase protection for the billions of connected devices "owned or controlled by the government" in homes and businesses.
π΄ Startups Should Do Things That Don't Scale, but Security Isn't One of Them π΄
π Read
via "Dark Reading".
Emerging businesses that don't embrace scalable security do so at their own peril.π Read
via "Dark Reading".
Dark Reading
Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Emerging businesses that don't embrace scalable security do so at their own peril.
βΌ CVE-2020-29227 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.π Read
via "National Vulnerability Database".
π Sifter 11-R3 π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 11-R3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π WhatWeb Scanner 0.5.4 π
π Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.π Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β New Windows Trojan Steals Browser Credentials, Outlook Files β
π Read
via "Threat Post".
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.π Read
via "Threat Post".
Threat Post
New Windows Trojan Steals Browser Credentials, Outlook Files
The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.
π¦Ώ US government agencies compromised by foreign nation-state π¦Ώ
π Read
via "Tech Republic".
Stretching back for months, the breaches were pulled off by exploiting a vulnerability in network monitoring software from SolarWinds, according to security firm FireEye.π Read
via "Tech Republic".
TechRepublic
US government agencies compromised by foreign nation-state
Stretching back for months, the breaches were pulled off by exploiting a vulnerability in network monitoring software from SolarWinds, according to security firm FireEye.
βΌ CVE-2020-35382 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14244 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35378 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14268 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.π Read
via "National Vulnerability Database".
π SolarWinds Hacked, Used in Potentially Massive Supply Chain Attack π
π Read
via "Digital Guardian".
A global intrusion campaign involving the companyβs IT monitoring and management software could date back to March.π Read
via "Digital Guardian".
Digital Guardian
SolarWinds Hacked, Used in Potentially Massive Supply Chain Attack
A global intrusion campaign involving the companyβs IT monitoring and management software could date back to March.
π΄ 2021 Security Budgets: Top Priorities, New Realities π΄
π Read
via "Dark Reading".
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.π Read
via "Dark Reading".
Dark Reading
2021 Security Budgets: 6 Top Priorities, New Realities
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
β Microsoft Office 365 Credentials Under Attack By Fax βAlertβ Emails β
π Read
via "Threat Post".
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.π Read
via "Threat Post".
Threat Post
Microsoft Office 365 Credentials Under Attack By Fax βAlertβ Emails
Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials.
β DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries β Report β
π Read
via "Threat Post".
The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort.π Read
via "Threat Post".
Threat Post
DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries β Report
The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort.
βΌ CVE-2020-25179 βΌ
π Read
via "National Vulnerability Database".
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35338 βΌ
π Read
via "National Vulnerability Database".
The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."π Read
via "National Vulnerability Database".
βΌ CVE-2020-25175 βΌ
π Read
via "National Vulnerability Database".
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15733 βΌ
π Read
via "National Vulnerability Database".
An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28856 βΌ
π Read
via "National Vulnerability Database".
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.π Read
via "National Vulnerability Database".