🕴 Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses 🕴
📖 Read
via "Dark Reading".
A new machine learning tool aims to mine privacy policies on behalf of users.📖 Read
via "Dark Reading".
Dark Reading
Shifting Privacy Landscape, Disruptive Technologies Will Test Businesses
A new machine learning tool aims to mine privacy policies on behalf of users.
‼ CVE-2020-27219 ‼
📖 Read
via "National Vulnerability Database".
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27220 ‼
📖 Read
via "National Vulnerability Database".
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35581 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/admin-ajax.php request with the meta[title] parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23836 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23835 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23838 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious user can leverage this vulnerability to steal cookies from a victim user and perform a session-hijacking attack, which may then lead to unauthorized access to the site.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35582 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) issue in Envira Gallery Lite before 1.8.3.3 allows remote attackers to inject arbitrary JavaScript/HTML code via a POST /wp-admin/post.php request with the post_title parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23837 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was identified in the selected_folder HTTP request body parameter for the acp interface. The affected parameter (which retrieves the file contents of the specified folder) was found to be accepting malicious user input without proper sanitization, thus leading to SQL injection. Database related information can be successfully retrieved.📖 Read
via "National Vulnerability Database".
🕴 Name That Toon: Before I Go ... 🕴
📖 Read
via "Dark Reading".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
Name That Toon: Before I Go ...
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 How to Achieve Collaboration Tool Compliance 🕴
📖 Read
via "Dark Reading".
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.📖 Read
via "Dark Reading".
Dark Reading
How to Achieve Collaboration Tool Compliance - Dark Reading
Organizations must fully understand the regulatory guidance on collaboration security and privacy so they can continue to implement and expand their use of tools such as Zoom and Teams.
🔏 Friday Five 1/15 🔏
📖 Read
via "Digital Guardian".
Deepfakes, ransomware tactics, and Signal clones - catch up on all of the week's infosec news with the Friday Five!📖 Read
via "Digital Guardian".
Digital Guardian
Friday Five 1/15
Deepfakes, ransomware tactics, and Signal clones - catch up on all of the week's infosec news with the Friday Five!
🛠 WhatWeb Scanner 0.5.5 🛠
📖 Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.📖 Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.5 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2019-16961 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35733 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.📖 Read
via "National Vulnerability Database".
🦿 CES 2021: All of the business tech news you need to know 🦿
📖 Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.📖 Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
❌ Google Boots 164 Apps from Play Marketplace for Shady Ad Practices ❌
📖 Read
via "Threat Post".
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.📖 Read
via "Threat Post".
Threat Post
Google Boots 164 Apps from Play Marketplace for Shady Ad Practices
The tech giant removes 164 more offending Android apps after banning software showing this type of behavior from the store last year.
🦿 How next-gen cloud SIEM tools can offer critical visibility companies for effective threat hunting 🦿
📖 Read
via "Tech Republic".
Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.📖 Read
via "Tech Republic".
TechRepublic
How next-gen cloud SIEM tools can offer critical visibility companies for effective threat hunting
Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.
❌ Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls ❌
📖 Read
via "Threat Post".
Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data.📖 Read
via "Threat Post".
Threat Post
Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls
Security researchers lambasted the controversial macOS Big Sur feature for exposing users' sensitive data.
🕴 Successful Malware Incidents Rise as Attackers Shift Tactics 🕴
📖 Read
via "Dark Reading".
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.📖 Read
via "Dark Reading".
Dark Reading
Successful Malware Incidents Rise as Attackers Shift Tactics
As employees moved to working from home and on mobile devices, attackers followed them and focused on weekend attacks, a security firm says.