ATENTIONβΌ New - CVE-2012-3490
π Read
via "National Vulnerability Database".
The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2950
π Read
via "National Vulnerability Database".
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2931
π Read
via "National Vulnerability Database".
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2226
π Read
via "National Vulnerability Database".
Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2142
π Read
via "National Vulnerability Database".
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1915
π Read
via "National Vulnerability Database".
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-3282
π Read
via "National Vulnerability Database".
389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, which might allow local users to obtain sensitive information by reading the log.π Read
via "National Vulnerability Database".
π΄ Attackers Increase Focus on North American Electric Utilities: Report π΄
π Read
via "Dark Reading: ".
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.π Read
via "Dark Reading: ".
Darkreading
Attackers Increase Focus on North American Electric Utilities: Report
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
β Fake-review purge: Facebook boots 188 groups, eBay bans 140 shills β
π Read
via "Naked Security".
After a poke from the UK's watchdog, the companies promised to beef up filters to strain out those who write, buy and sell fluffy nonsense.π Read
via "Naked Security".
Naked Security
Fake-review purge: Facebook boots 188 groups, eBay bans 140 shills
After a poke from the UKβs watchdog, the companies promised to beef up filters to strain out those who write, buy and sell fluffy nonsense.
β Ransomware pounces on California schools, Las Vegas trounces attack β
π Read
via "Naked Security".
We'll have one serving of whatever Las Vegas is eating and wish Pittsburg Unified School District good luck with getting unstuck.π Read
via "Naked Security".
Naked Security
Ransomware pounces on California schools, Las Vegas trounces attack
Weβll have one serving of whatever Las Vegas is eating and wish Pittsburg Unified School District good luck with getting unstuck.
β Hackers use system weakness to rattle doors on Citrix systems β
π Read
via "Naked Security".
Attackers are using a serious bug in Citrix products to scan the internet for weaknesses, according to experts.π Read
via "Naked Security".
Naked Security
Hackers use system weakness to rattle doors on Citrix systems
Attackers are using a serious bug in Citrix products to scan the internet for weaknesses, according to experts.
β Oil-and-Gas Specialist APT Pivots to U.S. Power Plants β
π Read
via "Threatpost".
Researchers say that physically disruptive attacks aren't imminent, but an increased focus on U.S. electrical-grid operators doesn't bode well.π Read
via "Threatpost".
Threat Post
Oil-and-Gas APT Pivots to U.S. Power Plants
Researchers say that physically disruptive attacks aren't imminent, but an increased focus on U.S. electrical-grid operators doesn't bode well.
π΄ Study Points to Lax Focus on Cybersecurity π΄
π Read
via "Dark Reading: ".
Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.π Read
via "Dark Reading: ".
Dark Reading
Study Points to Lax Focus on Cybersecurity
Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.
π How cybercriminals are using Microsoft Sway to launch phishing attacks π
π Read
via "Security on TechRepublic".
Attackers are creating phishing sites from Sway, an effective approach as links for the domain are typically trusted, says security firm Avanan.π Read
via "Security on TechRepublic".
π΄ 5 Tips on How to Build a Strong Security Metrics Framework π΄
π Read
via "Dark Reading: ".
The carpentry maxim 'measure twice, cut once' underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.π Read
via "Dark Reading: ".
Darkreading
5 Tips on How to Build a Strong Security Metrics Framework
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
π Friday Five: 1/10 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Possible Iranian retaliation may include cyberattacks, laboratory testing company recieves lawsuit after data breach, and another school district hit with ransomware - catch up on the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 1/10 Edition
Possible Iranian retaliation may include cyberattacks, laboratory testing company receives lawsuit after data breach, and another school district hit with ransomware - catch up on the week's news with the Friday Five.
ATENTIONβΌ New - CVE-2011-4595
π Read
via "National Vulnerability Database".
Pretty-Link WordPress plugin 1.5.2 has XSSπ Read
via "National Vulnerability Database".
π PATSCAN platform detects hidden weapons, chemicals, and bombs π
π Read
via "Security on TechRepublic".
At CES 2020, Patriot One Technologies explained its PATSCAN platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.π Read
via "Security on TechRepublic".
TechRepublic
PATSCAN platform detects hidden weapons, chemicals, and bombs
At CES 2020, Patriot One Technologies explained its PATSCAN platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.
π΄ Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam π΄
π Read
via "Dark Reading: ".
The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016.π Read
via "Dark Reading: ".
Darkreading
Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam
The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016.
β Is the Y2K bug alive after all? β
π Read
via "Naked Security".
One way to patch the millennium bug was to move it, rather than actually to fix it... are we looking at Y2.02K?π Read
via "Naked Security".
Naked Security
Is the Y2K bug alive after all?
One way to patch the millennium bug was to move it, rather than actually to fix it⦠are we looking at Y2.02K?
β Lifeline Assistance Phone Users Targeted with βUninstallableβ Adware β
π Read
via "Threatpost".
A Virgin Mobile-branded phone distributed by Assurance Wireless to low-income U.S. citizens has a trojan pre-installed that can download additional malware.π Read
via "Threatpost".
Threat Post
Lifeline Assistance Phone Users Targeted with βUninstallableβ Adware
A Virgin Mobile-branded phone distributed by Assurance Wireless to low-income U.S. citizens has a trojan pre-installed that can download additional malware.