ATENTIONβΌ New - CVE-2018-11800
π Read
via "National Vulnerability Database".
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.π Read
via "National Vulnerability Database".
π Adobe Updates Fix Critical Vulnerabilities in ColdFusion, Campaign, and Flash Player π
π Read
via "Subscriber Blog RSS Feed ".
Adobe is urging users to patch 10 vulnerabilities, five of them critical, in three different products this week.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Adobe Updates Fix Critical Vulnerabilities in ColdFusion, Campaign, and Flash Player
Adobe is urging users to patch 10 vulnerabilities, five of them critical, in three different products this week.
π΄ 'Have I Been Pwned' Is Up for Sale π΄
π Read
via "Dark Reading: ".
Troy Hunt, who has been running HIBP solo for six years, launched "Project Svalbard" so the site can evolve with more resources, funding, and support.π Read
via "Dark Reading: ".
Dark Reading
'Have I Been Pwned' Is Up for Sale
Troy Hunt, who has been running HIBP solo for six years, launched Project Svalbard so the site can evolve with more resources, funding, and support.
β Microsoft Patches Four Publicly-Known Vulnerabilities β
π Read
via "Threatpost".
In total, 88 unique vulnerabilities were patched as part of Microsoftβs June Patch Tuesday security bulletin.π Read
via "Threatpost".
Threat Post
Microsoft Patches Four Publicly-Known Vulnerabilities
In total, 88 unique vulnerabilities were patched as part of Microsoftβs June Patch Tuesday security bulletin.
π΄ Microsoft Issues Fixes for 88 Vulnerabilities π΄
π Read
via "Dark Reading: ".
Four of the flaws are publicly known but none have been listed as under active attack.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2017-18378
π Read
via "National Vulnerability Database".
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18377
π Read
via "National Vulnerability Database".
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-10760
π Read
via "National Vulnerability Database".
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7471
π Read
via "National Vulnerability Database".
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5330
π Read
via "National Vulnerability Database".
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5157
π Read
via "National Vulnerability Database".
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5156
π Read
via "National Vulnerability Database".
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.π Read
via "National Vulnerability Database".
π΄ Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw π΄
π Read
via "Dark Reading: ".
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.π Read
via "Dark Reading: ".
Dark Reading
Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.
π΄ Suppliers Spotlighted After Breach of Border Agency Subcontractor π΄
π Read
via "Dark Reading: ".
Attackers increasingly use third-party service providers to bypass organizations' security. The theft of images from US Customs and Border Protection underscores the weakness suppliers can create.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β Hackers stole photos of travelers and license plates from subcontractor β
π Read
via "Naked Security".
Critics say if the US can't protect such data - which was improperly stored by a subcontractor - it shouldn't collect it.π Read
via "Naked Security".
Naked Security
Hackers stole photos of travelers and license plates from subcontractor
Critics say if the US canβt protect such data β which was improperly stored by a subcontractor β it shouldnβt collect it.
β Radiohead releases βOK Computerβ sessions that hacker tried to ransom β
π Read
via "Naked Security".
The band shrugged off the threat and released the files on Bandcamp. They're long and not very interesting, they said.π Read
via "Naked Security".
Naked Security
Radiohead releases βOK Computerβ sessions that hacker tried to ransom
The band shrugged off the threat and released the files on Bandcamp. Theyβre long and not very interesting, they said.
β FBI warns users to be wary of phishing sites abusing HTTPS β
π Read
via "Naked Security".
Why you shouldn't trust a website simply because it's secured using HTTPS and backed by the green padlock symbol.π Read
via "Naked Security".
Naked Security
FBI warns users to be wary of phishing sites abusing HTTPS
Why you shouldnβt trust a website simply because itβs secured using HTTPS and backed by the green padlock symbol.
β Full Insight into the Internal Environment with Cynet Free Visibility β
π Read
via "Threatpost".
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers. π Read
via "Threatpost".
Threat Post
Full Insight into the Internal Environment with Cynet Free Visibility
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers.
β Full Insight into the Internal Environment with Cynet Free Visibility β
π Read
via "Threatpost".
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers. π Read
via "Threatpost".
Threat Post
Full Insight into the Internal Environment with Cynet Free Visibility
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers.
β New FormBook Dropper Harbors Obfuscation, Persistence β
π Read
via "Threatpost".
Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities.π Read
via "Threatpost".
Threat Post
New FormBook Dropper Harbors Obfuscation, Persistence
Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities.
π 84% of US employees have never heard of GDPR π
π Read
via "Security on TechRepublic".
A survey of corporate employees by insider threat management company ObserveIT reveals a greater understanding of privacy laws in the UK than in the US.π Read
via "Security on TechRepublic".
TechRepublic
84% of US employees have never heard of GDPR
A survey of corporate employees by insider threat management company ObserveIT reveals a greater understanding of privacy laws in the UK than in the US.