‼ CVE-2019-14476 ‼
📖 Read
via "National Vulnerability Database".
AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-14478 ‼
📖 Read
via "National Vulnerability Database".
AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript code in the context of the user's browser if the victim opens or searches for a node whose "Display Name" contains an XSS payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35133 ‼
📖 Read
via "National Vulnerability Database".
irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60.📖 Read
via "National Vulnerability Database".
🔏 EDR vs. EPP vs. MDR 🔏
📖 Read
via "Digital Guardian".
In this blog we break down the differences between three different types of endpoint protection systems: EDR, EPP, and MDR.📖 Read
via "Digital Guardian".
Digital Guardian
EDR vs. EPP vs. MDR
In this blog we break down the differences between three different types of endpoint protection systems: EDR, EPP, and MDR.
🕴 Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data 🕴
📖 Read
via "Dark Reading".
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.📖 Read
via "Dark Reading".
Dark Reading
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
‼ CVE-2020-26274 ‼
📖 Read
via "National Vulnerability Database".
In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.📖 Read
via "National Vulnerability Database".
🕴 US-CERT Reports 17,447 Vulnerabilities Recorded in 2020 🕴
📖 Read
via "Dark Reading".
This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.📖 Read
via "Dark Reading".
Dark Reading
US-CERT Reports 17,447 Vulnerabilities Recorded in 2020
This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.
🕴 New IRS Form Fraud Campaign Targets G Suite Users 🕴
📖 Read
via "Dark Reading".
At least 50,000 executives have been affected so far.📖 Read
via "Dark Reading".
Dark Reading
New IRS Form Fraud Campaign Targets G Suite Users
At least 50,000 executives have been affected so far.
🦿 How Apple's new App Store privacy requirements may affect users and app developers 🦿
📖 Read
via "Tech Republic".
Apple now requires apps to reveal how user data may be collected, but some companies aren't happy about the policy.📖 Read
via "Tech Republic".
TechRepublic
How Apple's new App Store privacy requirements may affect users and app developers
Apple now requires apps to reveal how user data may be collected, but some companies aren't happy about the policy.
🕴 Attackers Leverage IMAP to Infiltrate Email Accounts 🕴
📖 Read
via "Dark Reading".
Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.📖 Read
via "Dark Reading".
Dark Reading
Attackers Leverage IMAP to Infiltrate Email Accounts
Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.
🕴 FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond 🕴
📖 Read
via "Dark Reading".
White House National Security Council establishes unified group to coordinate response across federal agencies to the threat.📖 Read
via "Dark Reading".
Dark Reading
FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond
White House National Security Council establishes unified group to coordinate response across federal agencies to the threat.
‼ CVE-2020-28930 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28931 ‼
📖 Read
via "National Vulnerability Database".
Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4904 ‼
📖 Read
via "National Vulnerability Database".
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4907 ‼
📖 Read
via "National Vulnerability Database".
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4905 ‼
📖 Read
via "National Vulnerability Database".
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4657 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186094.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4906 ‼
📖 Read
via "National Vulnerability Database".
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4908 ‼
📖 Read
via "National Vulnerability Database".
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28929 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-4658 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186095.📖 Read
via "National Vulnerability Database".