βΌ CVE-2020-29016 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26732 βΌ
π Read
via "National Vulnerability Database".
Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.π Read
via "National Vulnerability Database".
π¦Ώ US government warns of cyberattacks targeting cloud services π¦Ώ
π Read
via "Tech Republic".
Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services.π Read
via "Tech Republic".
TechRepublic
US government warns of cyberattacks targeting cloud services
Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
π Hackers Leak Stolen COVID-19 Vaccine Data Online π
π Read
via "Digital Guardian".
The breach has not affected the efficacy or approval of the vaccine in Europe.π Read
via "Digital Guardian".
Digital Guardian
Hackers Leak Stolen COVID-19 Vaccine Data Online
The breach has not affected the efficacy or approval of the vaccine in Europe.
β Florida Ethics Officer Charged with Cyberstalking β
π Read
via "Threat Post".
Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.π Read
via "Threat Post".
Threat Post
Florida Ethics Officer Charged with Cyberstalking
Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.
π΄ NSA Recommends Using Only 'Designated' DNS Resolvers π΄
π Read
via "Dark Reading".
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.π Read
via "Dark Reading".
Dark Reading
NSA Recommends Using Only 'Designated' DNS Resolvers
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
βΌ CVE-2021-22132 βΌ
π Read
via "National Vulnerability Database".
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2π Read
via "National Vulnerability Database".
βΌ CVE-2021-21261 βΌ
π Read
via "National Vulnerability Database".
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.9.4. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.9.4.π Read
via "National Vulnerability Database".
β Facebook: Malicious Chrome Extension Developers Scraped Profile Data β
π Read
via "Threat Post".
Facebook has sued two Chrome devs for scraping user profile data - including names, user IDs and more.π Read
via "Threat Post".
Threat Post
Facebook: Malicious Chrome Extension Developers Scraped Profile Data
Facebook has sued two Chrome devs for scraping user profile data - including names, user IDs and more.
π΄ Businesses Struggle with Cloud Availability as Attackers Take Aim π΄
π Read
via "Dark Reading".
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.π Read
via "Dark Reading".
Dark Reading
Businesses Struggle with Cloud Availability as Attackers Take Aim
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
β Europol announces bust of βworldβs biggestβ dark web marketplace β
π Read
via "Naked Security".
Dark web servers are hard to find - but not impossible.π Read
via "Naked Security".
Naked Security
Europol announces bust of βworldβs biggestβ dark web marketplace
Dark web servers are hard to find β but not impossible.
π΄ 'Chimera' Threat Group Abuses Microsoft & Google Cloud Services π΄
π Read
via "Dark Reading".
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.π Read
via "Dark Reading".
Darkreading
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
π¦Ώ How to install Eternal Terminal for persistent SSH connections π¦Ώ
π Read
via "Tech Republic".
If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.π Read
via "Tech Republic".
TechRepublic
How to install Eternal Terminal for persistent SSH connections
If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.
βΌ CVE-2020-29494 βΌ
π Read
via "National Vulnerability Database".
Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29493 βΌ
π Read
via "National Vulnerability Database".
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database, causing unauthorized read and write access to application data. Exploitation may lead to leakage or deletion of sensitive backup data; hence the severity is Critical. Dell EMC recommends customers to upgrade at the earliest opportunity.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6572 βΌ
π Read
via "National Vulnerability Database".
Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16046 βΌ
π Read
via "National Vulnerability Database".
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29495 βΌ
π Read
via "National Vulnerability Database".
DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16045 βΌ
π Read
via "National Vulnerability Database".
Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.π Read
via "National Vulnerability Database".