π΄ Getting Up to Speed on Magecart π΄
π Read
via "Dark Reading: ".
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.π Read
via "Dark Reading: ".
Darkreading
Getting Up to Speed on Magecart
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.
β Troy Hunt Looks to Sell Have I Been Pwned β
π Read
via "Threatpost".
"Project Svalbard" has commenced, as Hunt looks for the right company to take over the password-focused service.π Read
via "Threatpost".
Threat Post
Troy Hunt Looks to Sell Have I Been Pwned
"Project Svalbard" has commenced, as Hunt looks for the right company to take over the password-focused service.
β Critical Adobe Flash, ColdFusion Vulnerabilities Patched β
π Read
via "Threatpost".
Adobe issued patches for 11 vulnerabilities overall across its Flash, ColdFusion and Campaign products.π Read
via "Threatpost".
Threat Post
Critical Adobe Flash, ColdFusion Vulnerabilities Patched
Adobe issued patches for 11 vulnerabilities overall across its Flash, ColdFusion and Campaign products.
β Linux Command-Line Editors Vulnerable to High-Severity Bug β
π Read
via "Threatpost".
A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations.π Read
via "Threatpost".
Threat Post
Linux Command-Line Editors Vulnerable to High-Severity Bug
A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations.
β Near-Ubiquitous Critical Microsoft RCE Bugs Affect All Versions of Windows β
π Read
via "Threatpost".
The two CVEs allow bypasses to get around NTLM relay attack mitigations.π Read
via "Threatpost".
Threat Post
Near-Ubiquitous Microsoft RCE Bugs Affect All Versions of Windows
The two CVEs allow bypasses to get around NTLM relay attack mitigations.
π΄ FBI Warns of Dangers in 'Safe' Websites π΄
π Read
via "Dark Reading: ".
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.π Read
via "Dark Reading: ".
Darkreading
FBI Warns of Dangers in 'Safe' Websites
Criminals are using TLS certificates to convince users that fraudulent sites are worthy of their trust.
π How to protect your network against security flaws in Microsoft's NTLM protocol π
π Read
via "Security on TechRepublic".
Vulnerabilities in NTLM recently discovered by security provider Preempt could allow attackers to remotely execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication.π Read
via "Security on TechRepublic".
π΄ What 3 Powerful GoT Women Teach Us about Cybersecurity π΄
π Read
via "Dark Reading: ".
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
β Google Calendar Attacks Target Unwitting Mobile Users β
π Read
via "Threatpost".
Automatic invite notifications are spreading malicious links.π Read
via "Threatpost".
Threat Post
Google Calendar Attacks Target Unwitting Mobile Users
Automatic invite notifications are spreading malicious links.
ATENTIONβΌ New - CVE-2018-11801
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a m_center data related table.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11800
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.π Read
via "National Vulnerability Database".
π Adobe Updates Fix Critical Vulnerabilities in ColdFusion, Campaign, and Flash Player π
π Read
via "Subscriber Blog RSS Feed ".
Adobe is urging users to patch 10 vulnerabilities, five of them critical, in three different products this week.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Adobe Updates Fix Critical Vulnerabilities in ColdFusion, Campaign, and Flash Player
Adobe is urging users to patch 10 vulnerabilities, five of them critical, in three different products this week.
π΄ 'Have I Been Pwned' Is Up for Sale π΄
π Read
via "Dark Reading: ".
Troy Hunt, who has been running HIBP solo for six years, launched "Project Svalbard" so the site can evolve with more resources, funding, and support.π Read
via "Dark Reading: ".
Dark Reading
'Have I Been Pwned' Is Up for Sale
Troy Hunt, who has been running HIBP solo for six years, launched Project Svalbard so the site can evolve with more resources, funding, and support.
β Microsoft Patches Four Publicly-Known Vulnerabilities β
π Read
via "Threatpost".
In total, 88 unique vulnerabilities were patched as part of Microsoftβs June Patch Tuesday security bulletin.π Read
via "Threatpost".
Threat Post
Microsoft Patches Four Publicly-Known Vulnerabilities
In total, 88 unique vulnerabilities were patched as part of Microsoftβs June Patch Tuesday security bulletin.
π΄ Microsoft Issues Fixes for 88 Vulnerabilities π΄
π Read
via "Dark Reading: ".
Four of the flaws are publicly known but none have been listed as under active attack.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2017-18378
π Read
via "National Vulnerability Database".
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18377
π Read
via "National Vulnerability Database".
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10760
π Read
via "National Vulnerability Database".
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7471
π Read
via "National Vulnerability Database".
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5330
π Read
via "National Vulnerability Database".
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5157
π Read
via "National Vulnerability Database".
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.π Read
via "National Vulnerability Database".