βΌ CVE-2020-10252 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.π Read
via "National Vulnerability Database".
π Faraday 3.14.1 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 3.14.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code β
π Read
via "Threat Post".
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.π Read
via "Threat Post".
Threat Post
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.
π΄ How to Fine-Tune Vendor Risk Management in a Virtual World π΄
π Read
via "Dark Reading".
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.π Read
via "Dark Reading".
Dark Reading
How to Fine-Tune Vendor Risk Management in a Virtual World
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.
π Friday Five 2-19 π
π Read
via "Digital Guardian".
Indictments of North Korean hackers, cybersecurity in the stimulus bill, and the growing popularity of Python - catch up on all of the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
βΌ CVE-2021-3210 βΌ
π Read
via "National Vulnerability Database".
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3204 βΌ
π Read
via "National Vulnerability Database".
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.π Read
via "National Vulnerability Database".
π¦Ώ Linux 101: How to block users from setting up their own cron jobs π¦Ώ
π Read
via "Tech Republic".
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.π Read
via "Tech Republic".
TechRepublic
Linux 101: How to block users from setting up their own cron jobs
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.
π¦Ώ Forrester report highlights Zero Trust Edge model for networking and security infrastructure π¦Ώ
π Read
via "Tech Republic".
According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.π Read
via "Tech Republic".
TechRepublic
Forrester report highlights Zero Trust Edge model for networking and security infrastructure
According to Forrester, ZTE will be most helpful with securing and enabling remote workers while removing the difficult user VPNs.
β The massive coronavirus pandemic IT blunder with a funny side β
π Read
via "Naked Security".
He was either the smallest person who has ever lived, by an order of magnitude, or the heaviest person ever known, by two of them.π Read
via "Naked Security".
Naked Security
The massive coronavirus IT blunder with a funny side
He was either the smallest person who has ever lived, by an order of magnitude, or the heaviest person ever known, by two of them.
π¦Ώ IRS issues urgent notice on scams aimed at tax professionals π¦Ώ
π Read
via "Tech Republic".
Scammers are impersonating the IRS with emails carrying the subject line "Verifying your EFIN before e-filing."π Read
via "Tech Republic".
TechRepublic
IRS issues urgent notice on scams aimed at tax professionals
Scammers are impersonating the IRS with emails carrying the subject line "Verifying your EFIN before e-filing."
π¦Ώ Linux 101: How to block users from setting up their own cron jobs π¦Ώ
π Read
via "Tech Republic".
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.π Read
via "Tech Republic".
TechRepublic
Linux 101: How to block users from setting up their own cron jobs
Jack Wallen shows you how to gain a bit more security on your Linux servers by blocking users from adding cron jobs.
βΌ CVE-2021-22701 βΌ
π Read
via "National Vulnerability Database".
A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause a user to perform an unintended action on the target device when using the HTTP web interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22702 βΌ
π Read
via "National Vulnerability Database".
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION7700/73xx, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts Telnet network traffic between a user and the device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-12374 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22703 βΌ
π Read
via "National Vulnerability Database".
A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/84xx/85xx/8600, ION8650, ION8800, ION9000 and PM800 (see notification for affected versions), that could cause disclosure of user credentials when a malicious actor intercepts HTTP network traffic between a user and the device.π Read
via "National Vulnerability Database".
π΄ Attackers Already Targeting Apple's M1 Chip with Custom Malware π΄
π Read
via "Dark Reading".
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.π Read
via "Dark Reading".
Dark Reading
Attackers Already Targeting Apple's M1 Chip with Custom Malware
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
π¦Ώ How to find details about user logins on Linux π¦Ώ
π Read
via "Tech Republic".
If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.π Read
via "Tech Republic".
TechRepublic
How to find details about user logins on Linux
If you need to gather information on user logins for your Linux servers, Jack Wallen has just the tool for you.
π¦Ώ New malformed URL phishing technique can make attacks harder to spot π¦Ώ
π Read
via "Tech Republic".
Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.π Read
via "Tech Republic".
TechRepublic
New malformed URL phishing technique can make attacks harder to spot
Hackers are now sending messages that hide fake links in the HTTP prefix, bypassing email filters, says security firm GreatHorn.
β Mysterious Silver Sparrow Malware Found Nesting on 30K Macs β
π Read
via "Threat Post".
A second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide -- but it's unclear why.π Read
via "Threat Post".
Threat Post
Mysterious Silver Sparrow Malware Found Nesting on 30K Macs
A second malware that targets Macs with Apple's in-house M1 chip is infecting machines worldwide β but it's unclear why.