βΌ CVE-2020-13580 βΌ
π Read
via "National Vulnerability Database".
An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021Γ’β¬β’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26688 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February 2021).π Read
via "National Vulnerability Database".
βΌ CVE-2020-6088 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27249 βΌ
π Read
via "National Vulnerability Database".
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14247 βΌ
π Read
via "National Vulnerability Database".
HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.π Read
via "National Vulnerability Database".
β Clearview Facial-Recognition Technology Ruled Illegal in Canada β
π Read
via "Threat Post".
The companyβs controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.π Read
via "Threat Post".
Threat Post
Clearview Facial-Recognition Technology Ruled Illegal in Canada
The companyβs controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.
π¦Ώ Industrial control systems vulnerabilities rise as operational tech increasingly goes online π¦Ώ
π Read
via "Tech Republic".
Claroty said 25% more vulnerabilities were reported in 2020 than in 2019, 70% of which had high or critical CVSS scores.π Read
via "Tech Republic".
TechRepublic
Industrial control systems vulnerabilities rise as operational tech increasingly goes online
Claroty said 25% more vulnerabilities were reported in 2020 than in 2019, 70% of which had high or critical CVSS scores.
π Clam AntiVirus Toolkit 0.103.1 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 0.103.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TOR Virtual Network Tunneling Tool 0.4.4.7 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.4.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ Why schools are vulnerable to ransomware attacks π¦Ώ
π Read
via "Tech Republic".
A lack of security training for educators and budget limitations are two reasons schools are susceptible to cyberattack, says IBM Security.π Read
via "Tech Republic".
TechRepublic
Why schools are vulnerable to ransomware attacks
A lack of security training for educators and budget limitations are two reasons schools are susceptible to cyberattack, says IBM Security.
β Free coffee! Dutch researcher hacks prepaid vending machines β
π Read
via "Naked Security".
Only try this at home, folks! As easy as it might look, it's illegal in the wild, with good reason.π Read
via "Naked Security".
Naked Security
Free coffee! Belgian researcher hacks prepaid vending machines
Only try this at home, folks! As easy as it might look, itβs illegal in the wild, with good reason.
π΄ Is $50,000 for a Vulnerability Too Much? π΄
π Read
via "Dark Reading".
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.π Read
via "Dark Reading".
Dark Reading
Is $50,000 for a Vulnerability Too Much?
Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.
β Critical Cisco Flaws Open VPN Routers Up to RCE Attacks β
π Read
via "Threat Post".
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.π Read
via "Threat Post".
Threat Post
Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
β Microsoft Office 365 Attacks Sparked from Google Firebase β
π Read
via "Threat Post".
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.π Read
via "Threat Post".
Threat Post
Microsoft Office 365 Attacks Sparked from Google Firebase
A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
βΌ CVE-2020-28449 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package decal. The vulnerability is in the set function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28450 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package decal. The vulnerability is in the extend function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-16194 βΌ
π Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.π Read
via "National Vulnerability Database".
π¦Ώ 91% of enterprise pros experienced an API security incident in 2020 π¦Ώ
π Read
via "Tech Republic".
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.π Read
via "Tech Republic".
TechRepublic
91% of enterprise pros experienced an API security incident in 2020
"The direct gateway to organizations' most critical data and assets" is an attractive target for hackers, Salt Security found in a new report.
βΌ CVE-2021-1293 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1329 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1325 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.π Read
via "National Vulnerability Database".