ATENTIONβΌ New - CVE-2013-7471
π Read
via "National Vulnerability Database".
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort element of a SOAP POST request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-5330
π Read
via "National Vulnerability Database".
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products, v5.3.5 for AirMax ISP products, and v5.4.5 for AirSync firmware. For example, Nanostation5 (Air OS) is affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5157
π Read
via "National Vulnerability Database".
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-5156
π Read
via "National Vulnerability Database".
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.π Read
via "National Vulnerability Database".
π΄ Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw π΄
π Read
via "Dark Reading: ".
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.π Read
via "Dark Reading: ".
Dark Reading
Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.
π΄ Suppliers Spotlighted After Breach of Border Agency Subcontractor π΄
π Read
via "Dark Reading: ".
Attackers increasingly use third-party service providers to bypass organizations' security. The theft of images from US Customs and Border Protection underscores the weakness suppliers can create.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β Hackers stole photos of travelers and license plates from subcontractor β
π Read
via "Naked Security".
Critics say if the US can't protect such data - which was improperly stored by a subcontractor - it shouldn't collect it.π Read
via "Naked Security".
Naked Security
Hackers stole photos of travelers and license plates from subcontractor
Critics say if the US canβt protect such data β which was improperly stored by a subcontractor β it shouldnβt collect it.
β Radiohead releases βOK Computerβ sessions that hacker tried to ransom β
π Read
via "Naked Security".
The band shrugged off the threat and released the files on Bandcamp. They're long and not very interesting, they said.π Read
via "Naked Security".
Naked Security
Radiohead releases βOK Computerβ sessions that hacker tried to ransom
The band shrugged off the threat and released the files on Bandcamp. Theyβre long and not very interesting, they said.
β FBI warns users to be wary of phishing sites abusing HTTPS β
π Read
via "Naked Security".
Why you shouldn't trust a website simply because it's secured using HTTPS and backed by the green padlock symbol.π Read
via "Naked Security".
Naked Security
FBI warns users to be wary of phishing sites abusing HTTPS
Why you shouldnβt trust a website simply because itβs secured using HTTPS and backed by the green padlock symbol.
β Full Insight into the Internal Environment with Cynet Free Visibility β
π Read
via "Threatpost".
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers. π Read
via "Threatpost".
Threat Post
Full Insight into the Internal Environment with Cynet Free Visibility
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers.
β Full Insight into the Internal Environment with Cynet Free Visibility β
π Read
via "Threatpost".
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers. π Read
via "Threatpost".
Threat Post
Full Insight into the Internal Environment with Cynet Free Visibility
The Cynet 360 platform Free Visibility Offering is focused on IT and security professionals who know a lack of visibility is a main challenge in their daily responsibilities as end-users and service providers.
β New FormBook Dropper Harbors Obfuscation, Persistence β
π Read
via "Threatpost".
Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities.π Read
via "Threatpost".
Threat Post
New FormBook Dropper Harbors Obfuscation, Persistence
Never-before-seen dropper found in FormBook samples that has increased persistence and obfuscation capabilities.
π 84% of US employees have never heard of GDPR π
π Read
via "Security on TechRepublic".
A survey of corporate employees by insider threat management company ObserveIT reveals a greater understanding of privacy laws in the UK than in the US.π Read
via "Security on TechRepublic".
TechRepublic
84% of US employees have never heard of GDPR
A survey of corporate employees by insider threat management company ObserveIT reveals a greater understanding of privacy laws in the UK than in the US.
π Evernote Chrome extension vulnerability allowed attackers to steal 4.7M users' data π
π Read
via "Security on TechRepublic".
A cross-site scripting vulnerability was discovered popular note-taking application Evernote, though the company patched it in under a week.π Read
via "Security on TechRepublic".
TechRepublic
Evernote Chrome extension vulnerability allowed attackers to steal 4.6M users' data
A cross-site scripting vulnerability was discovered popular note-taking application Evernote, though the company patched it in under a week.
β Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure β
π Read
via "Threatpost".
Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware.π Read
via "Threatpost".
Threat Post
Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure
Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware.
π΄ Predicting Vulnerability Weaponization π΄
π Read
via "Dark Reading: ".
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.π Read
via "Dark Reading: ".
Darkreading
Predicting Vulnerability Weaponization
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
β Critical Adobe Flash player bug and more in Juneβs Patch Tuesday β
π Read
via "Naked Security".
June patch Tuesday features fixes from Adobe and Microsoft for critical flaws including a remote code vulnerability in Adobe Flash Player.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π How to secure your LinkedIn profile π
π Read
via "Security on TechRepublic".
LinkedIn offers many privacy and security options that professionals may not be aware of. Here's what you need to know to stay safe on the networking platform.π Read
via "Security on TechRepublic".
TechRepublic
How to secure your LinkedIn profile
LinkedIn offers many privacy and security options that professionals may not be aware of. Here's what you need to know to stay safe on the networking platform.
π LaLiga facing β¬250k fine for GDPR violations in app used to spy on users π
π Read
via "Security on TechRepublic".
The official app of the Spanish soccer league used the microphone and GPS in an attempt to curb restaurants from broadcasting the game.π Read
via "Security on TechRepublic".
TechRepublic
LaLiga facing β¬250k fine for GDPR violations in app used to spy on users
The official app of the Spanish soccer league used the microphone and GPS in an attempt to curb restaurants from broadcasting the game.
β RAMBleed Side-Channel Attack Exposes Privileged Memory β
π Read
via "Threatpost".
An attacker can use Rowhammer attacker to induce bit flips, thereby leaking the victim's secret data via a side channel.π Read
via "Threatpost".
Threat Post
RAMBleed Side-Channel Attack Exposes Privileged Memory
An attacker can use Rowhammer attacker to induce bit flips, thereby leaking the victim's secret data via a side channel.
ATENTIONβΌ New - CVE-2017-15123
π Read
via "National Vulnerability Database".
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.π Read
via "National Vulnerability Database".