βΌ CVE-2020-26035 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Zammad before 3.4.1. There is Stored XSS via a Tags element in a TIcket.π Read
via "National Vulnerability Database".
π΄ Homomorphic Encryption: The 'Golden Age' of Cryptography π΄
π Read
via "Dark Reading".
The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. So when can they get started?π Read
via "Dark Reading".
Dark Reading
Homomorphic Encryption: The 'Golden Age' of Cryptography
The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors. So when can they get started?
π΄ Remote Desktop Bugs: Patches That Took Priority in a Pandemic Year π΄
π Read
via "Dark Reading".
Remote Desktop flaws were a patching priority this year as Microsoft distributed fixes and businesses scrambled to protect remote employees.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Ransomware in 2020: A Banner Year for Extortion β
π Read
via "Threat Post".
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.π Read
via "Threat Post".
Threat Post
Ransomware in 2020: A Banner Year for Extortion
From attacks on the UVM Health Network that delayed chemotherapy appointments, to ones on public schools that delayed students going back to the classroom, ransomware gangs disrupted organizations to inordinate levels in 2020.
π΄ 10 Benefits of Running Cybersecurity Exercises π΄
π Read
via "Dark Reading".
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.π Read
via "Dark Reading".
Dark Reading
10 Benefits of Running Cybersecurity Exercises
There may be no better way to ascertain your organization's strengths and weaknesses than by running regular security drills.
π¦Ώ Top 5 ways to protect MFA codes π¦Ώ
π Read
via "Tech Republic".
Using SMS for multi-factor authentication is helpful, but not always secure or reliable. What if you lose your phone? Tom Merrittlists five additional ways to receive MFA codes, without SMS.π Read
via "Tech Republic".
TechRepublic
Top 5 ways to protect MFA codes
Using SMS for multi-factor authentication is helpful, but not always secure or reliable. What if you lose your phone? Tom Merritt lists five additional ways to receive MFA codes, without SMS.
βΌ CVE-2020-35627 βΌ
π Read
via "National Vulnerability Database".
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26569 βΌ
π Read
via "National Vulnerability Database".
In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train.π Read
via "National Vulnerability Database".
β Hackers Amp Up COVID-19 IP Theft Attacks β
π Read
via "Threat Post".
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.π Read
via "Threat Post".
Threat Post
Hackers Amp Up COVID-19 IP Theft Attacks
In-depth report looks at how COVID-19 research has become as a juicy new target for organized cybercrime.
π΄ Defending the COVID-19 Vaccine Supply Chain π΄
π Read
via "Dark Reading".
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.π Read
via "Dark Reading".
Dark Reading
Defending the COVID-19 Vaccine Supply Chain
We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system.
βΌ CVE-2020-35766 βΌ
π Read
via "National Vulnerability Database".
The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14273 βΌ
π Read
via "National Vulnerability Database".
HCL Domino v10 and v11 is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35616 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35614 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26290 βΌ
π Read
via "National Vulnerability Database".
Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library. The vulnerabilities have been addressed in version 2.27.0 by using the xml-roundtrip-validator from Mattermost (see related references).π Read
via "National Vulnerability Database".
βΌ CVE-2020-35613 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35611 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26289 βΌ
π Read
via "National Vulnerability Database".
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35610 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24360 βΌ
π Read
via "National Vulnerability Database".
An issue with ARP packets in AristaΓ’β¬β’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27837 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.π Read
via "National Vulnerability Database".