π OpenStego Free Steganography Solution 0.8.0 π
π Read
via "Packet Storm Security".
OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).π Read
via "Packet Storm Security".
Packetstormsecurity
OpenStego Free Steganography Solution 0.8.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-29450 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20619 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28478 βΌ
π Read
via "National Vulnerability Database".
This affects the package gsap before 3.6.0.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28477 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package immer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28472 βΌ
π Read
via "National Vulnerability Database".
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.π Read
via "National Vulnerability Database".
β Attackers Steal E-Mails, Info from OpenWrt Forum β
π Read
via "Threat Post".
Users of the Linux-based open-source firmwareβwhich include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.π Read
via "Threat Post".
Threat Post
Attackers Steal E-Mails, Info from OpenWrt Forum
Users of the Linux-based open-source firmwareβwhich include developers from commercial router companiesβmay be targeted by phishing campaigns, administrators warn.
π Falco 0.27.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.27.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ A Security Practitioner's Guide to Encrypted DNS π΄
π Read
via "Dark Reading".
Best practices for a shifting visibility landscape.π Read
via "Dark Reading".
Dark Reading
A Security Practitioner's Guide to Encrypted DNS
Best practices for a shifting visibility landscape.
βΌ CVE-2020-23522 βΌ
π Read
via "National Vulnerability Database".
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23342 βΌ
π Read
via "National Vulnerability Database".
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20950 βΌ
π Read
via "National Vulnerability Database".
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35128 βΌ
π Read
via "National Vulnerability Database".
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35129 βΌ
π Read
via "National Vulnerability Database".
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target userΓ’β¬β’s behalf, including changing the userΓ’β¬β’s password or email address or changing the attackerΓ’β¬β’s user role from a low-privileged user to an administrator account.π Read
via "National Vulnerability Database".
β Linux Devices Under Attack by New FreakOut Malware β
π Read
via "Threat Post".
The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.π Read
via "Threat Post".
Threat Post
Linux Devices Under Attack by New FreakOut Malware
The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.
π¦Ώ New AI software can turn regular security cameras into COVID-19 policy enforcement points π¦Ώ
π Read
via "Tech Republic".
Now being trialed in Georgia smart city Peachtree Corners, the new tech can pick up on people standing too close together and detect whether someone is wearing a mask.π Read
via "Tech Republic".
TechRepublic
New AI software can turn regular security cameras into COVID-19 policy enforcement points
Now being trialed in Georgia smart city Peachtree Corners, the new tech can pick up on people standing too close together and detect whether someone is wearing a mask.
β SolarWinds Malware Arsenal Widens with Raindrop β
π Read
via "Threat Post".
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.π Read
via "Threat Post".
Threat Post
SolarWinds Malware Arsenal Widens with Raindrop
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.
βΌ CVE-2020-28481 βΌ
π Read
via "National Vulnerability Database".
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28482 βΌ
π Read
via "National Vulnerability Database".
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameterπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3182 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27733 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request.π Read
via "National Vulnerability Database".