‼ CVE-2020-20294 ‼
📖 Read
via "National Vulnerability Database".
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.📖 Read
via "National Vulnerability Database".
🔏 New York Could Be the Next State to Adopt a Strict Data Privacy Law 🔏
📖 Read
via "Digital Guardian".
Like California before it, New York could serve as the testing grounds for the next statewide consumer data privacy law.📖 Read
via "Digital Guardian".
Digital Guardian
New York Could Be the Next State to Adopt a Strict Data Privacy Law
Like California before it, New York could serve as the testing grounds for the next statewide consumer data privacy law.
🕴 Increase in Physical Security Incidents Adds to IT Security Pressures 🕴
📖 Read
via "Dark Reading".
A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.📖 Read
via "Dark Reading".
Dark Reading
Increase in Physical Security Incidents Adds to IT Security Pressures
A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.
🦿 How an automated pentesting stick can address multiple security needs 🦿
📖 Read
via "Tech Republic".
Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.📖 Read
via "Tech Republic".
TechRepublic
How an automated pentesting stick can address multiple security needs
Used for offensive and defensive purposes, a penetration testing device can be configured to perform automated checks on network security and more.
❌ SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat ❌
📖 Read
via "Threat Post".
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks.📖 Read
via "Threat Post".
Threat Post
SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat
Congress is demanding the National Security Agency come clean on what it knows about the 2015 supply-chain attack against Juniper Networks.
❌ Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers ❌
📖 Read
via "Threat Post".
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.📖 Read
via "Threat Post".
Threat Post
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign.
❌ Wind River Security Incident Affects SSNs, Passport Numbers ❌
📖 Read
via "Threat Post".
Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network.📖 Read
via "Threat Post".
Threat Post
Wind River Security Incident Affects SSNs, Passport Numbers
Wind River Systems is warning of a 'security incident' after one or more files was downloaded from its network.
‼ CVE-2020-28493 ‼
📖 Read
via "National Vulnerability Database".
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDOS vulnerability of the regex is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.📖 Read
via "National Vulnerability Database".
🕴 Data on 1.4 Million Washington State Residents Breached 🕴
📖 Read
via "Dark Reading".
Unemployment data exposed via third-party software attack.📖 Read
via "Dark Reading".
Dark Reading
Data on 1.4 Million Washington State Residents Breached
Unemployment data exposed via third-party software attack.
🦿 5G adds more concerns: CISOs should build cybersecurity from the ground up 🦿
📖 Read
via "Tech Republic".
Public 5G networks, private 5G networks, broader attack surfaces, and more complex environments add extra layers of vulnerability, expert says.📖 Read
via "Tech Republic".
TechRepublic
5G adds more concerns: CISOs should build cybersecurity from the ground up
Public 5G networks, private 5G networks, broader attack surfaces, and more complex environments add extra layers of vulnerability, expert says.
🦿 5G: More speed adds more vulnerabilities, IoT security expert says 🦿
📖 Read
via "Tech Republic".
CISOs need to be more vigilant about building cybersecurity into projects from the beginning, one CISO says.📖 Read
via "Tech Republic".
TechRepublic
5G: More speed adds more vulnerabilities, IoT security expert says
CISOs need to be more vigilant about building cybersecurity into projects from the beginning, one CISO says.
‼ CVE-2019-20468 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20470 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20473 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-20471 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3340 ‼
📖 Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3378 ‼
📖 Read
via "National Vulnerability Database".
FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36231 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the metadata of boards they should not have access to via an Insecure Direct Object References (IDOR) vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14192 ‼
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.📖 Read
via "National Vulnerability Database".
🕴 Interview With a Russian Cybercriminal 🕴
📖 Read
via "Dark Reading".
A LockBit ransomware operator shares why he became involved in cybercrime, how he chooses victims, and what's in his toolbox.📖 Read
via "Dark Reading".
Dark Reading
Interview With a Russian Cybercriminal
A LockBit ransomware operator shared with researchers why he became involved in cybercrime, how he chooses victims, and what's in his toolbox.
‼ CVE-2020-28494 ‼
📖 Read
via "National Vulnerability Database".
This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized.📖 Read
via "National Vulnerability Database".