ATENTIONβΌ New - CVE-2016-10937
π Read
via "National Vulnerability Database".
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.π Read
via "National Vulnerability Database".
β Patch early, patch often β and patch everything! β
π Read
via "Naked Security".
Here's our latest Naked Security Live video - all about WordPress, plugins and patching.π Read
via "Naked Security".
Naked Security
Patch early, patch often β and patch everything!
Hereβs our latest Naked Security Live video β all about WordPress, plugins and patching.
β Monday review β the hot 21 stories of the week β
π Read
via "Naked Security".
From backdooring WordPress sites to Raspberry Pi in space, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 21 stories of the week
From backdooring WordPress sites to Raspberry Pi in space, and everything in between. Itβs weekly roundup time.
β US city balks at paying $5.3 million ransomware demand β
π Read
via "Naked Security".
The attack quickly encrypted 158 workstations - and would have been worse had it struck later in the working day.π Read
via "Naked Security".
Naked Security
US city balks at paying $5.3 million ransomware demand
The attack quickly encrypted 158 workstations β and would have been worse had it struck later in the working day.
β Facebook launches $10m deepfake detection project β
π Read
via "Naked Security".
If you're worried about the evil potential of deepfake video, you're not alone; so is Facebook.π Read
via "Naked Security".
Naked Security
Facebook launches $10m deepfake detection project
If youβre worried about the evil potential of deepfake video, youβre not alone; so is Facebook.
β Brave accuses Google of sidestepping GDPR β
π Read
via "Naked Security".
A senior executive at private browser company Brave has accused Google of using a workaround that lets it identify users to ad networks.π Read
via "Naked Security".
Naked Security
Brave accuses Google of sidestepping GDPR
A senior executive at private browser company Brave has accused Google of using a workaround that lets it identify users to ad networks.
β WordPress 5.2.3 fixes new clutch of security vulnerabilities β
π Read
via "Naked Security".
WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.π Read
via "Naked Security".
Naked Security
WordPress 5.2.3 fixes new clutch of security vulnerabilities
WordPress version 5.2.3 has just appeared on the download pipe featuring half a dozen security fixes and software enhancements.
β Apple Claims Google is Spreading FUD Over Patched iPhone Bugs β
π Read
via "Threatpost".
Apple said Googleβs recent analysis of vulnerabilities found January in iOS painted a misleading picture of the scope of the attacks and the risk involvedπ Read
via "Threatpost".
Threat Post
Apple Claims Google is Spreading FUD Over Patched iPhone Bugs
Apple said Googleβs recent analysis of vulnerabilities found January in iOS painted a misleading picture of the scope of the attacks and the risk involved
π΄ Phishers' Latest Tricks for Reeling in New Victims π΄
π Read
via "Dark Reading: ".
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.π Read
via "Dark Reading: ".
Dark Reading
Phishers' Latest Tricks for Reeling in New Victims
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.
π Google hopes to protect users with open source differential privacy library π
π Read
via "Security on TechRepublic".
Google's differential privacy library will give organizations a way to study their data while protecting people's information.π Read
via "Security on TechRepublic".
TechRepublic
Google hopes to protect users with open source differential privacy library
Google's differential privacy library will give organizations a way to study their data while protecting people's information.
β Critical Exim Flaw Opens Millions of Servers to Takeover β
π Read
via "Threatpost".
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.π Read
via "Threatpost".
Threat Post
Critical Exim Flaw Opens Millions of Servers to Takeover
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.
π΄ From Spyware to Ninja Cable π΄
π Read
via "Dark Reading: ".
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.π Read
via "Dark Reading: ".
Darkreading
From Spyware to Ninja Cable
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
ATENTIONβΌ New - CVE-2019-10666
π Read
via "National Vulnerability Database".
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10665
π Read
via "National Vulnerability Database".
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21014
π Read
via "National Vulnerability Database".
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21013
π Read
via "National Vulnerability Database".
The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21012
π Read
via "National Vulnerability Database".
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21011
π Read
via "National Vulnerability Database".
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.π Read
via "National Vulnerability Database".
π΄ Just A Few Questions Before That Bank Withdrawal ... π΄
π Read
via "Dark Reading: ".
And be ready to turn over your first born.π Read
via "Dark Reading: ".
Dark Reading
Just A Few Questions Before That Bank Withdrawal ...
And be ready to turn over your first born.
π Millions of Exim Servers Vulnerable to Remote Code Execution Vulnerability π
π Read
via "Subscriber Blog RSS Feed ".
A critical vulnerability in Exim, by far the world's most popular email server, was disclosed on Friday.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Millions of Exim Servers Vulnerable to Remote Code Execution Vulnerability
A critical vulnerability in Exim, by far the world's most popular email server, was disclosed on Friday.