βΌ CVE-2019-19284 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-0469 βΌ
π Read
via "National Vulnerability Database".
In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734π Read
via "National Vulnerability Database".
βΌ CVE-2020-25231 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The encryption of program data for the affected devices uses a static key. An attacker could use this key to extract confidential information from protected program files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25230 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-0465 βΌ
π Read
via "National Vulnerability Database".
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernelπ Read
via "National Vulnerability Database".
βΌ CVE-2020-25707 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020-28916π Read
via "National Vulnerability Database".
βΌ CVE-2020-35470 βΌ
π Read
via "National Vulnerability Database".
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).π Read
via "National Vulnerability Database".
βΌ CVE-2020-35471 βΌ
π Read
via "National Vulnerability Database".
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.π Read
via "National Vulnerability Database".
β Phishing tricks that really work β and how to avoid them β
π Read
via "Naked Security".
Get inside the mindset of your adversaries to increase your chances of spotting a phish.π Read
via "Naked Security".
Naked Security
Phishing tricks that really work β and how to avoid them
Get inside the mindset of your adversaries to increase your chances of spotting a phish.
π΄ The Private Sector Needs a Cybersecurity Transformation π΄
π Read
via "Dark Reading".
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.π Read
via "Dark Reading".
Dark Reading
The Private Sector Needs a Cybersecurity Transformation - Dark Reading
Cybersecurity must get to the point where it's equated with actually stopping an attack by identifying the methods the bad guys use and taking those methods away.
π¦Ώ How understanding cognitive science can strengthen cybersecurity's weak links π¦Ώ
π Read
via "Tech Republic".
Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding.π Read
via "Tech Republic".
TechRepublic
How understanding cognitive science can strengthen cybersecurity's weak links
Learn how applying cognitive science is one way to thwart cybercriminals' abilities to get unsuspecting users to do their bidding.
π1
β Naked Security Live β How to avoid βbig brandβ email scams β
π Read
via "Naked Security".
Here's the latest Naked Security video - watch now (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β How to avoid βbig brandβ email scams
Hereβs the latest Naked Security video β watch now (and please share with your friends)!
βΌ CVE-2020-28203 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null pointer access/dereference while opening a crafted PDF file, leading the application to crash (denial of service).π Read
via "National Vulnerability Database".
π American Fuzzy Lop plus plus 3.0c π
π Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.π Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 3.0c β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ The lines between corporate and tech strategy continue to blur π¦Ώ
π Read
via "Tech Republic".
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.π Read
via "Tech Republic".
TechRepublic
The lines between corporate and tech strategy continue to blur
Strategic platforms with advanced analytics, automation, and AI are on tap for 2021, according to Deloitte.
β Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure β
π Read
via "Threat Post".
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.π Read
via "Threat Post".
Threat Post
Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities.
β Agent Tesla Keylogger Gets Data Theft and Targeting Update β
π Read
via "Threat Post".
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.π Read
via "Threat Post".
Threat Post
Agent Tesla Keylogger Gets Data Theft and Targeting Update
The infamous keylogger has shifted its targeting tactics and now collects stored credentials for less-popular web browsers and email clients.
β 45 Million Medical Images Left Exposed Online β
π Read
via "Threat Post".
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.π Read
via "Threat Post".
Threat Post
45 Million Medical Images Left Exposed Online
A six-month investigation by CybelAngel discovered unsecured sensitive patient data available for third parties to access for blackmail, fraud or other nefarious purposes.
βΌ CVE-2020-0280 βΌ
π Read
via "National Vulnerability Database".
In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424π Read
via "National Vulnerability Database".
βΌ CVE-2020-8936 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8944 βΌ
π Read
via "National Vulnerability Database".
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8aπ Read
via "National Vulnerability Database".