βΌ CVE-2020-25507 βΌ
π Read
via "National Vulnerability Database".
An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15898 βΌ
π Read
via "National Vulnerability Database".
In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35769 βΌ
π Read
via "National Vulnerability Database".
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25847 βΌ
π Read
via "National Vulnerability Database".
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.π Read
via "National Vulnerability Database".
π΄ Security Pros Reflect on 2020 π΄
π Read
via "Dark Reading".
Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known.π Read
via "Dark Reading".
Dark Reading
Security Pros Reflect on 2020
Eight cybersecurity leaders go deep on their most valuable (and very human) takeaways from a year like no other we've known.
π΄ Mac Attackers Remain Focused Mainly on Adware, Fooling Users π΄
π Read
via "Dark Reading".
Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware - including ransomware.π Read
via "Dark Reading".
Dark Reading
Mac Attackers Remain Focused Mainly on Adware, Fooling Users
Despite reports that Macs have encountered more threats than Windows systems, the platform still sees far fewer exploits and malware - including ransomware.
β 2020 Work-for-Home Shift: What We Learned β
π Read
via "Threat Post".
Threatpost explores 5 big takeaways from 2020 -- and what they mean for 2021.π Read
via "Threat Post".
Threat Post
2020 Work-for-Home Shift: What We Learned
Threatpost explores 5 big takeaways from 2020 β and what they mean for 2021.
π¦Ώ How companies can use automation to secure cloud data π¦Ώ
π Read
via "Tech Republic".
Data automation allows companies to conduct operations more consistently, securely, and reliably. Learn how one company tackled the challenges.π Read
via "Tech Republic".
TechRepublic
How companies can use automation to secure cloud data
Data automation allows companies to conduct operations more consistently, securely, and reliably. Learn how one company tackled the challenges.
π΄ India: A Growing Cybersecurity Threat π΄
π Read
via "Dark Reading".
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.π Read
via "Dark Reading".
Dark Reading
India: A Growing Cybersecurity Threat
Geopolitical tensions and a dramatic rise in offensive and defensive cyber capabilities lead India to join Iran, Russia, China, and North Korea as a top nation-state adversary.
β Japanese Aerospace Firm Kawasaki Warns of Data Breach β
π Read
via "Threat Post".
The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.π Read
via "Threat Post".
Threat Post
Japanese Aerospace Firm Kawasaki Warns of Data Breach
The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.
β 6 Questions Attackers Ask Before Choosing an Asset to Exploit β
π Read
via "Threat Post".
David βmooseβ Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.π Read
via "Threat Post".
Threat Post
6 Questions Attackers Ask Before Choosing an Asset to Exploit
David βmooseβ Wolpoff at Randori explains how hackers pick their targets, and how understanding "hacker logic" can help prioritize defenses.
βΌ CVE-2020-5801 βΌ
π Read
via "National Vulnerability Database".
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5802 βΌ
π Read
via "National Vulnerability Database".
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5806 βΌ
π Read
via "National Vulnerability Database".
An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5807 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29475 βΌ
π Read
via "National Vulnerability Database".
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.π Read
via "National Vulnerability Database".
π΄ Reducing the Risk of Third-Party SaaS Apps to Your Organization π΄
π Read
via "Dark Reading".
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.π Read
via "Dark Reading".
Dark Reading
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
π OATH Toolkit 2.6.5 π
π Read
via "Packet Storm Security".
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.π Read
via "Packet Storm Security".
βΌ CVE-2020-35735 βΌ
π Read
via "National Vulnerability Database".
Vidyo 02-09-/D allows clickjacking via the portal/ URI.π Read
via "National Vulnerability Database".
β Lawsuit Claims Flawed Facial Recognition Led to Manβs Wrongful Arrest β
π Read
via "Threat Post".
Black man sues police, saying he was falsely IDβd by facial recognition, joining other Black Americans falling victim to the technologyβs racial bias.π Read
via "Threat Post".
Threat Post
Lawsuit Claims Flawed Facial Recognition Led to Manβs Wrongful Arrest
Black man sues police after being falsely IDβd by facial recognition, joining other Black Americans falling victim to the technologyβs racial bias.
βΌ CVE-2020-35787 βΌ
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.π Read
via "National Vulnerability Database".