β Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers β
π Read
via "Threat Post".
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation.π Read
via "Threat Post".
Threat Post
Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation.
β Simplifying Proactive Defense With Threat Playbooks β
π Read
via "Threat Post".
Fortinet's Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.π Read
via "Threat Post".
Threat Post
Simplifying Proactive Defense With Threat Playbooks
FortiGuard Labsβ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.
β Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data β
π Read
via "Threat Post".
Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.π Read
via "Threat Post".
Threat Post
Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data
Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.
π Erlang Bytecode String Converter π
π Read
via "Packet Storm Security".
estr2bc is a python script to convert arbitrary string input to Erlang bytecode.π Read
via "Packet Storm Security".
Packetstormsecurity
Erlang Bytecode String Converter β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-3999 βΌ
π Read
via "National Vulnerability Database".
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27846 βΌ
π Read
via "National Vulnerability Database".
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2019-16959 βΌ
π Read
via "National Vulnerability Database".
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26049 βΌ
π Read
via "National Vulnerability Database".
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35274 βΌ
π Read
via "National Vulnerability Database".
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35276 βΌ
π Read
via "National Vulnerability Database".
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35275 βΌ
π Read
via "National Vulnerability Database".
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35273 βΌ
π Read
via "National Vulnerability Database".
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.π Read
via "National Vulnerability Database".
π΄ 7 Infamous Moments in Adobe Flash's Security History π΄
π Read
via "Dark Reading".
End-of-life is here: Adobe's support for Flash is gone as of Jan. 1. Here's what we won't miss about the multimedia software platform.π Read
via "Dark Reading".
Dark Reading
7 Infamous Moments in Adobe Flash's Security History
End-of-life is here: Adobe's support for Flash is gone as of Jan. 1. Here's what we won't miss about the multimedia software platform.
π¦Ώ The 5 tech skills should you master in 2021 π¦Ώ
π Read
via "Tech Republic".
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.π Read
via "Tech Republic".
TechRepublic
Top 5 tech skills to master in 2021
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
π¦Ώ Top 5 tech skills to master in 2021 π¦Ώ
π Read
via "Tech Republic".
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.π Read
via "Tech Republic".
TechRepublic
Top 5 tech skills to master in 2021
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
β Defending Against State and State-Sponsored Threat Actors β
π Read
via "Threat Post".
State and state-sponsored threat actors are the apex predators of the cybersecurity world. π Read
via "Threat Post".
Threat Post
Defending Against State and State-Sponsored Threat Actors
Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world.
π GNU Privacy Guard 2.2.26 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.26 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π jSQL Injection 0.82 π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the pre-built jar release.π Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.82 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π jSQL Injection 0.82 Source Code Release π
π Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.82 Source Code Release β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wireshark Analyzer 3.4.2 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ NSA, CISA Warn of Attacks on Federated Authentication π΄
π Read
via "Dark Reading".
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.π Read
via "Dark Reading".
Dark Reading
NSA, CISA Warn of Attacks on Federated Authentication
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.