βΌ CVE-2020-26171 βΌ
π Read
via "National Vulnerability Database".
In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27639 βΌ
π Read
via "National Vulnerability Database".
The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations.π Read
via "National Vulnerability Database".
βΌ CVE-2019-16955 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25612 βΌ
π Read
via "National Vulnerability Database".
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26172 βΌ
π Read
via "National Vulnerability Database".
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35475 βΌ
π Read
via "National Vulnerability Database".
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)π Read
via "National Vulnerability Database".
βΌ CVE-2020-35479 βΌ
π Read
via "National Vulnerability Database".
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.π Read
via "National Vulnerability Database".
π΄ 2021 Cybersecurity Predictions: The Intergalactic Battle Begins π΄
π Read
via "Dark Reading".
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.π Read
via "Dark Reading".
Dark Reading
2021 Cybersecurity Predictions: The Intergalactic Battle Begins
There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
π΄ 5 Key Takeaways from the SolarWinds Breach π΄
π Read
via "Dark Reading".
New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever.π Read
via "Dark Reading".
Dark Reading
Slideshows - Dark Reading
Dark Reading: Connecting The Information Security Community. Explore our slideshows.
β Insider Threats: What Are They, Really? β
π Read
via "Threat Post".
"Insider threat" or "human error" shows up a lot as the major cause of data breaches across all types of reports out there. But often it's not defined, or it's not clearly defined, so people conjure up their own definition.π Read
via "Threat Post".
Threat Post
Insider Threats: What Are They, Really?
An insider threat is not necessarily a malicious actor. Often, companies define an insider threat as someone who inadvertently creates a security problem for a business. Learn more.
β Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download β
π Read
via "Threat Post".
Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.π Read
via "Threat Post".
Threat Post
Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download
Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.
π¦Ώ Cybersecurity can use some help from AI and ML π¦Ώ
π Read
via "Tech Republic".
Howard professor says security must reach all types of networks, including IoT and ad hoc networks.π Read
via "Tech Republic".
TechRepublic
Cybersecurity can use some help from AI and ML
Howard professor says security must reach all types of networks, including IoT and ad hoc networks.
π¦Ώ AI, ML can bolster cybersecurity, and vice versa, professor says π¦Ώ
π Read
via "Tech Republic".
Howard University professor talks about his research in emerging technologies.π Read
via "Tech Republic".
TechRepublic
AI, ML can bolster cybersecurity, and vice versa, professor says
Howard University professor talks about his research in emerging technologies.
β Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies β
π Read
via "Threat Post".
The ongoing, growing campaign is βeffectively an attack on the United States and its government and other critical institutions,β Microsoft warned.π Read
via "Threat Post".
Threat Post
Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies
The ongoing, growing campaign is βeffectively an attack on the United States and its government and other critical institutions,β Microsoft warned.
βΌ CVE-2020-4764 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25494 βΌ
π Read
via "National Vulnerability Database".
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25901 βΌ
π Read
via "National Vulnerability Database".
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25495 βΌ
π Read
via "National Vulnerability Database".
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.π Read
via "National Vulnerability Database".
π¦Ώ SolarWinds-related cyberattacks pose grave risk to government and private sector, says CISA π¦Ώ
π Read
via "Tech Republic".
The attacks have reportedly hit the US Energy Department and the Federal Energy Regulatory Commission as well as other vital agencies and companies around the world.π Read
via "Tech Republic".
TechRepublic
SolarWinds-related cyberattacks pose grave risk to government and private sector, says CISA
The attacks have reportedly hit the US Energy Department and the Federal Energy Regulatory Commission as well as other vital agencies and companies around the world.
π¦Ώ Beware of cybercriminals: Keep your guard up during the last-minute shopping frenzy π¦Ώ
π Read
via "Tech Republic".
TechRepublic spoke with email security firm Tessian's CEO Tim Sadler, who tells us how to avoid being phished or scammed during the search for perfect presents.π Read
via "Tech Republic".
TechRepublic
Beware of cybercriminals: Keep your guard up during the last-minute shopping frenzy
TechRepublic spoke with email security firm Tessian's CEO Tim Sadler, who tells us how to avoid being phished or scammed during the search for perfect presents.
π¦Ώ Predicting 2021 in cybersecurity: DDoS attacks, 5G speed, AI security, and more π¦Ώ
π Read
via "Tech Republic".
Expert pleads with companies to realize they are potential attack victims, no matter their size.π Read
via "Tech Republic".
TechRepublic
Predicting 2021 in cybersecurity: DDoS attacks, 5G speed, AI security, and more
Expert pleads with companies to realize they are potential attack victims, no matter their size.