π΄ DHS to Require Federal Agencies Set Vulnerability Disclosure Policies π΄
π Read
via "Dark Reading: ".
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.π Read
via "Dark Reading: ".
Dark Reading
DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
π΄ Kali Linux Gets New Desktop Environment & Undercover Theme π΄
π Read
via "Dark Reading: ".
Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.π Read
via "Dark Reading: ".
Dark Reading
Kali Linux Gets New Desktop Environment & Undercover Theme
Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.
β Ad fraud: Fake local news sites are rolling in the dough β
π Read
via "Naked Security".
"forbesbusinessinsider.com?" Names like that sound close enough to real news domains to pass, but bots are the only ones visiting.π Read
via "Naked Security".
Naked Security
Ad fraud: Fake local news sites are rolling in the dough
βforbesbusinessinsider.com?β Names like that sound close enough to real news domains to pass, but bots are the only ones visiting.
β IM RAT spy tool seller raided, busted, kicked offline β
π Read
via "Naked Security".
The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.π Read
via "Naked Security".
Naked Security
IM RAT spy tool seller raided, busted, kicked offline
The spyware gave complete control of victimized computers, sold for as little as$25, and was bought by 14,500 hackers worldwide.
β Mixcloud user accounts up for sale on dark web β
π Read
via "Naked Security".
A hacker is ransoming account data stolen from music streaming service Mixcloud, according to reports.π Read
via "Naked Security".
Naked Security
Mixcloud user accounts up for sale on dark web
A hacker is ransoming account data stolen from music streaming service Mixcloud, according to reports.
β SMS company exposes millions of text messages, credentials online β
π Read
via "Naked Security".
Researchers at VpnMentor claim that the TrueDialog data leak exposure could have compromised tens of millions of people.π Read
via "Naked Security".
Naked Security
SMS company exposes millions of text messages, credentials online
Researchers at VpnMentor claim that the TrueDialog data leak exposure could have compromised tens of millions of people.
β βStrandHoggβ Vulnerability Allows Malware to Pose as Legitimate Android Apps β
π Read
via "Threatpost".
The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.π Read
via "Threatpost".
Threat Post
βStrandHoggβ Vulnerability Allows Malware to Pose as Legitimate Android Apps
The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.
β Supply Chain Account Takeover: How Criminals Exploit Third-Party Access β
π Read
via "Threatpost".
Itβs important for businesses of all sizes to not only view their suppliersβ attack surface as their own but also extend some of their security protections.π Read
via "Threatpost".
Threat Post
Supply Chain Account Takeover: How Criminals Exploit Third-Party Access
Itβs important for businesses of all sizes to not only view their suppliersβ attack surface as their own but also extend some of their security protections.
π New Android bug targets banking apps on Google Play store π
π Read
via "Security on TechRepublic".
Labeled "StrandHogg," the vulnerability discovered by the mobile security vendor Promon could give hackers access to users' photos, contacts, phone logs, and more.π Read
via "Security on TechRepublic".
TechRepublic
New Android bug targets banking apps on Google Play store
Labeled "StrandHogg," the vulnerability discovered by the mobile security vendor Promon could give hackers access to users' photos, contacts, phone logs, and more.
ATENTIONβΌ New - CVE-2019-12503
π Read
via "National Vulnerability Database".
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12394
π Read
via "National Vulnerability Database".
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12393
π Read
via "National Vulnerability Database".
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12392
π Read
via "National Vulnerability Database".
Anviz access control devices allow remote attackers to issue commands without a password.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12391
π Read
via "National Vulnerability Database".
The Anviz Management System for access control has insufficient logging for device events such as door open requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12390
π Read
via "National Vulnerability Database".
Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12389
π Read
via "National Vulnerability Database".
Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12388
π Read
via "National Vulnerability Database".
Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-4457 (cloudera_manager)
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-3406
π Read
via "National Vulnerability Database".
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-2060
π Read
via "National Vulnerability Database".
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1855
π Read
via "National Vulnerability Database".
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.π Read
via "National Vulnerability Database".