β SMS company exposes millions of text messages, credentials online β
π Read
via "Naked Security".
Researchers at VpnMentor claim that the TrueDialog data leak exposure could have compromised tens of millions of people.π Read
via "Naked Security".
Naked Security
SMS company exposes millions of text messages, credentials online
Researchers at VpnMentor claim that the TrueDialog data leak exposure could have compromised tens of millions of people.
β βStrandHoggβ Vulnerability Allows Malware to Pose as Legitimate Android Apps β
π Read
via "Threatpost".
The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.π Read
via "Threatpost".
Threat Post
βStrandHoggβ Vulnerability Allows Malware to Pose as Legitimate Android Apps
The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.
β Supply Chain Account Takeover: How Criminals Exploit Third-Party Access β
π Read
via "Threatpost".
Itβs important for businesses of all sizes to not only view their suppliersβ attack surface as their own but also extend some of their security protections.π Read
via "Threatpost".
Threat Post
Supply Chain Account Takeover: How Criminals Exploit Third-Party Access
Itβs important for businesses of all sizes to not only view their suppliersβ attack surface as their own but also extend some of their security protections.
π New Android bug targets banking apps on Google Play store π
π Read
via "Security on TechRepublic".
Labeled "StrandHogg," the vulnerability discovered by the mobile security vendor Promon could give hackers access to users' photos, contacts, phone logs, and more.π Read
via "Security on TechRepublic".
TechRepublic
New Android bug targets banking apps on Google Play store
Labeled "StrandHogg," the vulnerability discovered by the mobile security vendor Promon could give hackers access to users' photos, contacts, phone logs, and more.
ATENTIONβΌ New - CVE-2019-12503
π Read
via "National Vulnerability Database".
Due to unencrypted and unauthenticated data communication, the wireless barcode scanner Inateck BCST-60 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12394
π Read
via "National Vulnerability Database".
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12393
π Read
via "National Vulnerability Database".
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12392
π Read
via "National Vulnerability Database".
Anviz access control devices allow remote attackers to issue commands without a password.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12391
π Read
via "National Vulnerability Database".
The Anviz Management System for access control has insufficient logging for device events such as door open requests.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12390
π Read
via "National Vulnerability Database".
Anviz access control devices expose private Information (pin code and name) by allowing remote attackers to query this information without credentials via port tcp/5010.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12389
π Read
via "National Vulnerability Database".
Anviz access control devices expose credentials (names and passwords) by allowing remote attackers to query this information without credentials via port tcp/5010.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12388
π Read
via "National Vulnerability Database".
Anviz access control devices perform cleartext transmission of sensitive information (passwords/pins and names) when replying to query on port tcp/5010.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-4457 (cloudera_manager)
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-3406
π Read
via "National Vulnerability Database".
The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-2060
π Read
via "National Vulnerability Database".
cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1855
π Read
via "National Vulnerability Database".
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-0837
π Read
via "National Vulnerability Database".
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-9356
π Read
via "National Vulnerability Database".
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2014-3591
π Read
via "National Vulnerability Database".
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7484
π Read
via "National Vulnerability Database".
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-4410
π Read
via "National Vulnerability Database".
ReviewBoard: has an access-control problem in REST APIπ Read
via "National Vulnerability Database".