βΌ CVE-2021-27236 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated Local File Inclusion, which can be leveraged to achieve Remote Code Execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27231 βΌ
π Read
via "National Vulnerability Database".
Hestia Control Panel through 1.3.3, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.π Read
via "National Vulnerability Database".
π¦Ώ Top 5 security risks to connected cars, according to Trend Micro π¦Ώ
π Read
via "Tech Republic".
Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.π Read
via "Tech Republic".
TechRepublic
Top 5 security risks to connected cars, according to Trend Micro
Analysts from Trend Micro rate DDoS attacks and electronic jamming as some of the highest cybersecurity risks for connected cars.
π¦Ώ State of malware: 3 key findings in the latest Malwarebytes report π¦Ώ
π Read
via "Tech Republic".
Spyware activity spiked in 2020, and the malware-as-a-service business model got more sophisticated.π Read
via "Tech Republic".
TechRepublic
State of malware: 3 key findings in the latest Malwarebytes report
Spyware activity spiked in 2020, and the malware-as-a-service business model got more sophisticated.
β Romance scams at all-time high: hereβs what you need to know β
π Read
via "Naked Security".
It's heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Here's what to do...π Read
via "Naked Security".
Naked Security
Romance scams at all-time high: hereβs what you need to know
Itβs heartbreaking to get sucked into a romance scam, or to watch a friend or family member getting sucked in. Hereβs what to doβ¦
π΄ Black History Month 2021: Time to Talk Diversity and Cybersecurity π΄
π Read
via "Dark Reading".
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.π Read
via "Dark Reading".
Dark Reading
Black History Month 2021: Time to Talk Diversity and Cybersecurity
In an industry that consistently needs new ideas, it's essential to have individuals who think, speak, and act in diverse ways.
βΌ CVE-2020-24841 βΌ
π Read
via "National Vulnerability Database".
PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.π Read
via "National Vulnerability Database".
π΄ Fighting Fileless Malware, Part 3: Mitigations π΄
π Read
via "Dark Reading".
Attackers can dodge the countermeasures you employ against fileless malware. So how do you mitigate the damage?π Read
via "Dark Reading".
π TOR Virtual Network Tunneling Tool 0.4.5.6 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.5.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Recon Informer 1.3 π
π Read
via "Packet Storm Security".
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.π Read
via "Packet Storm Security".
Packetstormsecurity
Recon Informer 1.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Palo Alto Networks Plans to Acquire Cloud Security Firm π΄
π Read
via "Dark Reading".
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Plans to Acquire Cloud Security Firm
Most of Fortune 100 firms have used Bridgecrew's service in their application development processes.
β Misconfigured Baby Monitors Allow Unauthorized Viewing β
π Read
via "Threat Post".
Hundreds of thousands of individuals are potentially affected by this vulnerability.π Read
via "Threat Post".
Threat Post
Misconfigured Baby Monitors Allow Unauthorized Viewing
Hundreds of thousands of individuals are potentially affected by this vulnerability.
β Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches β
π Read
via "Threat Post".
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.π Read
via "Threat Post".
Threat Post
Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.
βΌ CVE-2020-25340 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-35566 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An attacker can read arbitrary JSON files via Local File Inclusion.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35564 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35567 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35565 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29023 βΌ
π Read
via "National Vulnerability Database".
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35563 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29027 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3.π Read
via "National Vulnerability Database".