ATENTIONβΌ New - CVE-2018-12300
π Read
via "National Vulnerability Database".
Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12299
π Read
via "National Vulnerability Database".
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12298
π Read
via "National Vulnerability Database".
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12297
π Read
via "National Vulnerability Database".
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12296
π Read
via "National Vulnerability Database".
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12295
π Read
via "National Vulnerability Database".
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.π Read
via "National Vulnerability Database".
π΄ How Open Testing Standards Can Improve Security π΄
π Read
via "Dark Reading: ".
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.π Read
via "Dark Reading: ".
Dark Reading
How Open Testing Standards Can Improve Security
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
π How to use SFTP with a chroot jail π
π Read
via "Security on TechRepublic".
Lock down all SFTP users on your data center Linux servers with a chroot jail.π Read
via "Security on TechRepublic".
TechRepublic
How to use SFTP with a chroot jail
Lock down all SFTP users on your data center Linux servers with a chroot jail.
ATENTIONβΌ New - CVE-2012-6652
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.π Read
via "National Vulnerability Database".
β ThreatList: Top 5 Most Dangerous Attachment Types β
π Read
via "Threatpost".
From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.π Read
via "Threatpost".
Threat Post
ThreatList: Top 5 Most Dangerous Attachment Types
From ZIP attachments spreading Gandcrab, to DOC files distributing Trickbot, researchers tracked five widescale spam campaigns in 2019 that have made use of malicious attachments.
β ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks β
π Read
via "Threatpost".
In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT.π Read
via "Threatpost".
Threat Post
ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks
In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT.
π΄ 78% of Consumers Say Online Companies Must Protect Their Info π΄
π Read
via "Dark Reading: ".
Yet 68% of US consumers agree they also must do more to protect their own information.π Read
via "Dark Reading: ".
Dark Reading
78% of Consumers Say Online Companies Must Protect Their Info
Yet 68% of US consumers agree they also must do more to protect their own information.
π΄ Poorly Configured Server Exposes Most Panama Citizens' Data π΄
π Read
via "Dark Reading: ".
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.π Read
via "Dark Reading: ".
Dark Reading
Poorly Configured Server Exposes Most Panama Citizens' Data
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
ATENTIONβΌ New - CVE-2015-9287
π Read
via "National Vulnerability Database".
Directory Traversal was discovered in University of Cambridge mod_ucam_webauth before 2.0.2. The key identification field ("kid") of the IdP's HTTP response message ("WLS-Response") can be manipulated by an attacker. The "kid" field is not signed like the rest of the message, and manipulation is therefore trivial. The "kid" field should only ever represent an integer. However, it is possible to provide any string value. An attacker could use this to their advantage to force the application agent to load the RSA public key required for message integrity checking from an unintended location.π Read
via "National Vulnerability Database".
π FTC Backs Federal Privacy Law As Long As It Can Enforce It π
π Read
via "Subscriber Blog RSS Feed ".
The FTC told Congress last week that if a national privacy law gets passed, it wants more resources and greater authority to impose penalties under it.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FTC Backs Federal Privacy Law As Long As It Can Enforce It
The FTC told Congress last week that if a national privacy law gets passed, it wants more resources and greater authority to impose penalties under it.
π΄ Attacks on JavaScript Services Leak Info From Websites π΄
π Read
via "Dark Reading: ".
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.π Read
via "Dark Reading: ".
Darkreading
Attacks on JavaScript Services Leak Info From Websites
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.
β Twitter Leaks Apple iOS Usersβ Location Data to Ad Partner β
π Read
via "Threatpost".
A Twitter glitch "inadvertently" leaked iOS users' location data to an unnamed partner.π Read
via "Threatpost".
Threat Post
Twitter Leaks Apple iOS Usersβ Location Data to Ad Partner
A Twitter glitch "inadvertently" leaked iOS users' location data to an unnamed partner.
π΄ LockerGoga, MegaCortex Ransomware Share Unlikely Traits π΄
π Read
via "Dark Reading: ".
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.π Read
via "Dark Reading: ".
Darkreading
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.
β Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices β
π Read
via "Threatpost".
The two high-severity bugs impact a wide array of enterprise, military and government networks.π Read
via "Threatpost".
Threat Post
Pair of Cisco Bugs, One Unpatched, Affect Millions of Devices
The two high-severity bugs impact a wide array of enterprise, military and government networks.
π΄ Thrangrycat Claws Cisco Customer Security π΄
π Read
via "Dark Reading: ".
A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.π Read
via "Dark Reading: ".
Darkreading
Thrangrycat Claws Cisco Customer Security
A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.
π΄ Korean APT Adds Rare Bluetooth Device-Harvester Tool π΄
π Read
via "Dark Reading: ".
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.π Read
via "Dark Reading: ".
Darkreading
Korean APT Adds Rare Bluetooth Device-Harvester Tool
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.