‼ CVE-2020-26029 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29242 ‼
📖 Read
via "National Vulnerability Database".
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29243 ‼
📖 Read
via "National Vulnerability Database".
dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29244 ‼
📖 Read
via "National Vulnerability Database".
dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28094 ‼
📖 Read
via "National Vulnerability Database".
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29193 ‼
📖 Read
via "National Vulnerability Database".
Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29245 ‼
📖 Read
via "National Vulnerability Database".
dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26031 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-29160 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26035 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.📖 Read
via "National Vulnerability Database".
🕴 Homomorphic Encryption: The 'Golden Age' of Cryptography 🕴
📖 Read
via "Dark Reading".
The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. So when can they get started?📖 Read
via "Dark Reading".
Dark Reading
Homomorphic Encryption: The 'Golden Age' of Cryptography
The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. So when can they get started?
🕴 Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year 🕴
📖 Read
via "Dark Reading".
Remote Desktop flaws were a patching priority this year as Microsoft distributed fixes and businesses scrambled to protect remote employees.📖 Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
❌ Ransomware in 2020: A Banner Year for Extortion ❌
📖 Read
via "Threat Post".
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.📖 Read
via "Threat Post".
Threat Post
Ransomware in 2020: A Banner Year for Extortion
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.
🕴 10 Benefits of Running Cybersecurity Exercises 🕴
📖 Read
via "Dark Reading".
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.📖 Read
via "Dark Reading".
Dark Reading
10 Benefits of Running Cybersecurity Exercises
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
🦿 Top 5 ways to protect MFA codes 🦿
📖 Read
via "Tech Republic".
Using SMS for multi-factor authentication is helpful, but not always secure or reliable. What if you lose your phone? Tom Merrittlists five additional ways to receive MFA codes, without SMS.📖 Read
via "Tech Republic".
TechRepublic
Top 5 ways to protect MFA codes
Using SMS for multi-factor authentication is helpful, but not always secure or reliable. What if you lose your phone? Tom Merritt lists five additional ways to receive MFA codes, without SMS.
‼ CVE-2020-35627 ‼
📖 Read
via "National Vulnerability Database".
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26569 ‼
📖 Read
via "National Vulnerability Database".
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train.📖 Read
via "National Vulnerability Database".
❌ Hackers Amp Up COVID-19 IP Theft Attacks ❌
📖 Read
via "Threat Post".
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.📖 Read
via "Threat Post".
Threat Post
Hackers Amp Up COVID-19 IP Theft Attacks
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.
🕴 Defending the COVID-19 Vaccine Supply Chain 🕴
📖 Read
via "Dark Reading".
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.📖 Read
via "Dark Reading".
Dark Reading
Defending the COVID-19 Vaccine Supply Chain
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
‼ CVE-2020-35766 ‼
📖 Read
via "National Vulnerability Database".
The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14273 ‼
📖 Read
via "National Vulnerability Database".
HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.📖 Read
via "National Vulnerability Database".