🕴 US Needs Comprehensive Policy to Combat China on IP Theft 🕴
📖 Read
via "Dark Reading".
The United States cannot lose sight of Chinese cyber operations that target intellectual property, a panel of experts says.📖 Read
via "Dark Reading".
Dark Reading
US Needs Comprehensive Policy to Combat China on IP Theft
The United States cannot lose sight of Chinese cyber operations that target intellectual property, a panel of experts says.
🕴 Name That Edge Toon: Be Careful Who You Trust 🕴
📖 Read
via "Dark Reading".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.📖 Read
via "Dark Reading".
Dark Reading
The Edge
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
🕴 Edge Poll: Hook, Line, and Sinker 🕴
📖 Read
via "Dark Reading".
How confident are you in your security team's ability to protect your organization from phishing?📖 Read
via "Dark Reading".
Dark Reading
The Edge
How confident are you in your security team's ability to protect your organization from phishing?
‼ CVE-2020-20296 ‼
📖 Read
via "National Vulnerability Database".
An issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20289 ‼
📖 Read
via "National Vulnerability Database".
Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21179 ‼
📖 Read
via "National Vulnerability Database".
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20290 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20287 ‼
📖 Read
via "National Vulnerability Database".
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21180 ‼
📖 Read
via "National Vulnerability Database".
Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20295 ‼
📖 Read
via "National Vulnerability Database".
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-21287 ‼
📖 Read
via "National Vulnerability Database".
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with "MINIO_BROWSER=off" environment variable.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21176 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20294 ‼
📖 Read
via "National Vulnerability Database".
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.📖 Read
via "National Vulnerability Database".
🔏 New York Could Be the Next State to Adopt a Strict Data Privacy Law 🔏
📖 Read
via "Digital Guardian".
Like California before it, New York could serve as the testing grounds for the next statewide consumer data privacy law.📖 Read
via "Digital Guardian".
Digital Guardian
New York Could Be the Next State to Adopt a Strict Data Privacy Law
Like California before it, New York could serve as the testing grounds for the next statewide consumer data privacy law.
🕴 Increase in Physical Security Incidents Adds to IT Security Pressures 🕴
📖 Read
via "Dark Reading".
A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.📖 Read
via "Dark Reading".
Dark Reading
Increase in Physical Security Incidents Adds to IT Security Pressures
A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.
🦿 How an automated pentesting stick can address multiple security needs 🦿
📖 Read
via "Tech Republic".
Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.📖 Read
via "Tech Republic".
TechRepublic
How an automated pentesting stick can address multiple security needs
Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.
❌ SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat ❌
📖 Read
via "Threat Post".
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks.📖 Read
via "Threat Post".
Threat Post
SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks.
❌ Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers ❌
📖 Read
via "Threat Post".
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.📖 Read
via "Threat Post".
Threat Post
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.
❌ Wind River Security Incident Affects SSNs, Passport Numbers ❌
📖 Read
via "Threat Post".
Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network.📖 Read
via "Threat Post".
Threat Post
Wind River Security Incident Affects SSNs, Passport Numbers
Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network.
‼ CVE-2020-28493 ‼
📖 Read
via "National Vulnerability Database".
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.📖 Read
via "National Vulnerability Database".
🕴 Data on 1.4 Million Washington State Residents Breached 🕴
📖 Read
via "Dark Reading".
Unemployment data exposed via third-party software attack.📖 Read
via "Dark Reading".
Dark Reading
Data on 1.4 Million Washington State Residents Breached
Unemployment data exposed via third-party software attack.