π¦Ώ Account takeover attacks spiked in 2020, Kaspersky says π¦Ώ
π Read
via "Tech Republic".
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.π Read
via "Tech Republic".
TechRepublic
Account takeover attacks spiked in 2020, Kaspersky says
The surge gives further credence to the idea that cybercrime is less about tech know-how and more about social engineering, according to its fraud report.
π¦Ώ How a global law enforcement effort took down the Emotet botnet π¦Ώ
π Read
via "Tech Republic".
A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.π Read
via "Tech Republic".
TechRepublic
How a global law enforcement effort took down the Emotet botnet
A joint effort across the US and Europe led to the disruption of Emotet and the arrest of two gang members, says Digital Shadows.
π How to Protect Data and Defend Against State-Sponsored Hackers π
π Read
via "Digital Guardian".
NIST has released new tools for defenders to protect sensitive information and mitigate state-sponsored hackers.π Read
via "Digital Guardian".
Digital Guardian
How to Protect Data and Defend Against State-Sponsored Hackers
NIST has released new tools for defenders to protect sensitive information and mitigate state-sponsored hackers.
β New Malware Hijacks Kubernetes Clusters to Mine Monero β
π Read
via "Threat Post".
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.'π Read
via "Threat Post".
Threat Post
New Malware Hijacks Kubernetes Clusters to Mine Monero
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks targeting Kubernetes.'
βΌ CVE-2020-9388 βΌ
π Read
via "National Vulnerability Database".
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9390 βΌ
π Read
via "National Vulnerability Database".
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9389 βΌ
π Read
via "National Vulnerability Database".
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames.π Read
via "National Vulnerability Database".
π΄ Patch Imperfect: Software Fixes Failing to Shut Out Attackers π΄
π Read
via "Dark Reading".
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.π Read
via "Dark Reading".
Dark Reading
Patch Imperfect: Software Fixes Failing to Shut Out Attackers
Incomplete patches are allowing attackers to continue exploiting the same vulnerabilities, reducing the cost to compromise.
β Emotetβs Takedown: Have We Seen the Last of the Malware? β
π Read
via "Threat Post".
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.π Read
via "Threat Post".
Threat Post
Emotetβs Takedown: Have We Seen the Last of the Malware?
A week after law enforcement agencies said they took down Emotet, there has been no sign of the prolific malware.
β Second SolarWinds Attack Group Breaks into USDA Payroll β Report β
π Read
via "Threat Post".
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.π Read
via "Threat Post".
Threat Post
Second SolarWinds Attack Group Breaks into USDA Payroll β Report
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware.
βΌ CVE-2021-26023 βΌ
π Read
via "National Vulnerability Database".
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26024 βΌ
π Read
via "National Vulnerability Database".
The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to Insecure Direct Object Reference: it is possible to create favorites for any other user account.π Read
via "National Vulnerability Database".
π΄ Concerns Over API Security Grow as Attacks Increase π΄
π Read
via "Dark Reading".
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.π Read
via "Dark Reading".
Dark Reading
Concerns Over API Security Grow as Attacks Increase
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
βΌ CVE-2021-26689 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2021-20016 βΌ
π Read
via "National Vulnerability Database".
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27247 βΌ
π Read
via "National Vulnerability Database".
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).π Read
via "National Vulnerability Database".
βΌ CVE-2020-13579 βΌ
π Read
via "National Vulnerability Database".
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021Γ’β¬β’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27248 βΌ
π Read
via "National Vulnerability Database".
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14245 βΌ
π Read
via "National Vulnerability Database".
HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication for functionality that either requires a provable user identity or consumes a significant amount of resources.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14246 βΌ
π Read
via "National Vulnerability Database".
HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26687 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February 2021).π Read
via "National Vulnerability Database".