An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.What can cows possibly have to do with cybersecurity?More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.It's what the researchers call "A mountable toilet system for personalized health monitoring via the analysis of excreta."Imagine a computer user from 2010 dreaming of a world in which Microsoft is not only an enthusiastic proponent of open source software but actively contributes to it with its own ideas. The time is now.Hot on the heels of Firefox's emergency update over the weekend are the four-weekly fixes that Mozilla had in train already. Get 'em now!The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.New research used 3D printing technology to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products.The 3D printed duplicates worked on phone and a MacBook Pro laptop but not on Windows machines or two USB jump drives.Amid rampant misinformation, users of the Facebook-owned messaging platform can no longer send coronavirus messages to more than one user at a time.Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.What is seL4, and what does it mean for the future of connected devices?The deal is intended to strengthen Accenture's critical infrastructure protection capabilities and address more complex IT and OT challenges.IntSights researchers surveyed the cyberthreat landscape, finding a wide variety of coronavirus-themed phishing lures, malware infections, network intrusions, scams, and disinformation campaigns.The preview technology and controls will make it easier for IT teams to detect and contain threats before they infect systems, the company says.Ponemon study shows that 82% of attack costs go toward detection, containment, recovery, and remediation.Interested in WFH collaration tools right now? Lots of people are - so here's a history lesson to learn from...Bitdefender warns against this dangerous new IoT "dark_nexus" attack that is innovative and cheap for attackers to acquire.Hundreds of thousands of malware files are disguised as well-known social conferencing and collaboration apps.Skype is the most targeted app with 120,000 suspicious files exploiting its name, according to security provider Kaspersky.The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.Google has finally added the Eyes Open requirement for Google Pixel 4 Face Unlock. Learn how to enable it.Researchers say the botnet has emerged over the past three months and shares aspects with Mirai and Qbot.Brazil's Senate has voted to push back the go-live date and enforcement date of its new data protection law in light of the COVID-19 pandemic.Cybercriminals are already looking for ways to steal government assistance designed to help those struggling because of the COVID-19 pandemic.The xHelper Trojan has compromised over 55,000 devices so far, Kaspersky says.Information includes tips on how to keep IT systems infection-free.Novel hack allows an attacker to create a mouse-over in a PowerPoint file that triggers the installation of malware.Tests on the fingerprint scanners of Apple, Microsoft, and Samsung devices reveal it's possible to bypass authentication with a cheap 3D printer.While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.FBI and security experts warn that attackers are particularly targeting cloud-based email systems at the moment.Google has removed the SuperVPN program from the Google Play store after researchers notified it of a critical vulnerability.If you're OK with Facebook getting your phone number and storing your love notes, photos, shared daily diary and more, then Tune away, baes.Sophos experts discuss the biggest cybersecurity stories of the last week.The phishing emails led to malicious websites that used the same HTML and CSS found in actual White House sites, says email security provider INKY.Operational technology and industrial systems are increasingly connected to the IT network, and organizations don't have the right tools to secure them, according to a security official.Emails purporting to be a Cisco "critical security advisory" are actually part of a phishing campaign trying to steal victims' Webex credentials.The online videoconferencing service added Alex Stamos to the team and has also formed an expert advisory board to grapple with the pains of its COVID-19 growth spurt.netABuse is a scanner that identifies systems susceptible to a Microsoft Windows insufficient authentication logic flaw.The app's free. But the subscription most certainly isn't!Zoom's security woes have led to a number of organizations, companies, and schools banning or restricting its use, with some recommending alternatives such as Microsoft Teams.Purporting to offer help and info on COVID-19, the apps can let hackers take control of devices to access files, contacts, the calendar, and more, according to Check Point Research.The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.Zero Trust can seem scary to those accustomed to traditional security approaches. Here is how to get started with Zero Trust.With more people working from home and e-commerce experiencing a boom-time, fraudsters have taken notice.How the hacker mindset and skill set could play a role in improving and securing societal systems, according to renowned security technologist Bruce Schneier.Those who work well with others, learn quickly, and possess a proactive mindset toward the work can make great employees, even if their backgrounds aren't rooted in cybersecurity.Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.Visitors to the fake site expecting antivirus offerings will instead encounter the Fallout exploit kit and a possible malware infection.Tech leaders encourage organizations to maintain security awareness training and offer advice on how to protect their information.The phishing campaign is only the latest among many related to COVID-19, INKY says.Now's the time for organizations large and small to return to the basics with cyber hygiene protocols, the firm's cyber risk services leader says.The federal government on Wednesday released guidance designed to inform agencies how to best support secure teleworking.The road to secure containers is long and winding. One stop you should take on that journey is unloading unnecessary kernel modules in your Linux containers.Cloudflare's CEO said it is replacing Google's reCAPTCHA tool with hCaptcha due to pricing, privacy and availability concerns.The security service provider adds cloud security "posture" management with the deal.Thousands of compromised Zoom credentials were discovered in underground forums as cybercriminals look to tap into the burgeoning remote workforce.Phishing campaigns and scams are skyrocketing to take advantage of people concerned about COVID-19 impacts. Here are some key examples in action.The payout stems from a system-wide attack that knocked global networks offline on New Yearβs Eve and reflects a shift in thinking about ransom payoutsThere is no shortage of people presenting themselves as security experts. Some of them truly are. The others...Financial companies leave database exposed, Maze Ransomware targets Oil Giant, and Facebook releases location data to help the fight against Covid-19 - catch up on all the week's news with the Friday Five.Two security firms find thousands of usernames and passwords for Zoom accounts for sale and warn that the shift to remote work is changing attackers' targets.12% of users have reportedly stopped using Zoom altogether, the social platform Blind found.Researchers warn that apps that market themselves as "free" are tricking users to subscribe to services that rack up as much as $500 in charges yearly.Identifying normal behavior baselines is essential to behavior-based authentication. However, with COVID-19 upending all aspects of life, is it possible to build baselines and measure normal patterns when nothing at all seems normal?Policies make it easy to set a training plan for end users and improve risk management strategies.The bug -- rated 10 in severity -- potentially affects large numbers of corporate VMs and hosts.Small business owners are concerned about cyberattacks targeting remote workers but lack the resources to invest in security.An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015).An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015).An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not validated. The Samsung ID is SVE-2015-4018 (December 2015).Starting with Android 9, you can make two-factor authentication even easier.Starting with Android 9, you can make two-factor authentication even easier.Web app credentials were stolen in attacks on two airport websites.The payment-card stealer differs from typical malware targeting WordPress-based e-commerce environments.Apple and Google announced that decentralized Bluetooth technology will soon be rolled out for coronavirus contact tracing. The privacy implications are worrisome for some.There is no video and the whole thing is a scam to prey on your fears.San Francisco International Airport notified users of two low-traffic websites of a data breach that occurred in March.An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018).An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018).An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018).An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018).An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018).An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018).An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018).An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018).The Internet Security Forum predicts the coming threats with a very good track record so far. Get your company ready for these threats.The underground economy is undergoing an industrialization wave and booming like never before.Most have had to implement distance learning, making them much more vulnerable, Armor says.The Grandoreiro banking malware uses remote overlay and a fake Chrome browser plugin to steal from banking customers.Two of the illicit traders indicted in a 2016 hack of the SEC have agreed to settle and in turn, give back six figure sums of money they made with information stolen from a SEC system.Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication.An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions.It doesn't have regulatory authority, so it can't do much, but the hundreds of registrars it authorizes can and should.TikTok doesn't use HTTPS for its images and videos - so crooks could swap out the videos you see and you would never know.The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.The pandemic has driven more of our personal and work lives online - and for the bad guys, business is booming. Here's how you can protect yourself.The popular video-sharing appsβs use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.As operators struggle to balance the recommendations of social distancing with the need to keep vital services functioning, there is no getting around the fact that conventional remote connections into industrial control networks are a very bad idea.Legendary founders of Netscape and @Home Network roll out a new cloud-based identity management firm that makes the user his or her own certificate authority.Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.Criminals are using familiar company names to steal user information and payment credentials, Check Point found.Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.Ten percent of all brand phishing attempts in the first quarter of 2020 tried to deceive victims by imitating the Apple brand.The custom RAT offers persistent access, data exfiltration and lateral network movement.One tech company is harnessing artificial intelligence, thermal imaging, and real-time surveillance data to mitigate the spread of the coronavirus. However, serious privacy questions remain.Companies large and small are discovering just how prepared they were for all employees to work remotelyAn issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities.The data security requirements of New York's Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, went into effect last month.While Adobe's regularly scheduled security updates were light this month, they fixed "important" severity vulnerabilities.A vulnerability in the way TikTok requests and receives video content could leave users streaming video from bogus servers.Since Zoom became one of the primary ways people communicate, hackers have started sharing and selling stolen account credentials.Microsoft issued 113 patches in a big update, unfortunately for IT staff already straining under WFH security concerns.An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is a local privilege escalation from the www-data account to the root account.A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse.An issue was discovered in AndyOS Andy versions up to 46.11.113. By default, it starts telnet and ssh (ports 22 and 23) with root privileges in the emulated Android system. This can be exploited by remote attackers to gain full access to the device, or by malicious apps installed inside the emulator to perform privilege escalation from a normal user to root (unlike with standard methods of getting root privileges on Android - e.g., the SuperSu program - the user is not asked for consent). There is no authentication performed - access to a root shell is given upon a successful connection. NOTE: although this was originally published with a slightly different CVE ID number, the correct ID for this Andy vulnerability has always been CVE-2019-14326.Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack.Nearly one in two organizations has one or more devices accessing its corporate network from a home network with at least one malware infection, BitSight says.Microsoft has seen a 44% jump in the number of CVEs fixed between January and April 2020 compared with the same period in 2019.To enable medical care while encouraging social distancing during the COVID-19 pandemic, the Department of Health and Human Services temporarily loosened up on some of its HIPAA noncompliance enforcement on telehealth. But what happens if there's a PHI slip-up?A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions). The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service.A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3), TIM 4R-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 4R-IE DNP3 (incl. SIPLUS NET variants) (All versions < V3.3). The affected versions contain an open debug port that is available under certain specific conditions. The vulnerability is only available if the IP address is configured to 192.168.1.2. If available, the debug port could be exploited by an attacker with network access to the device. No user interaction is required to exploit this vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the affected device. At the stage of publishing this security advisory no public exploitation is known.Software vendors keep pushing patches to the same Tuesday once a month, or once a quarter, and the result can be overwhelming. Six enterprise software makers issued patches for 567 issues in April.Credit card swipers have found a hard-to-detect way to target WordPress websites using the WooCommerce plugin by secretly modifying legitimate JavaScript files.The Big Bad Wolves haven't blown the house down but did come up with a way to "hold the three little pigs responsible for being delicious," Signal said.iCatch DVR do not validate function parameter properly, resulting attackers executing arbitrary command.The file management interface of iCatch DVR contains broken access control which allows the attacker to remotely manipulate arbitrary file.HGiga C&Cmail contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.HGiga C&Cmail contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of misconfigured file upload filter. Attackers can upload any format of file to the system.The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.The School Manage System, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, allowing attackers to inject SQL commands into the URL.Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave.The more things change, the more they stay the same. Much of the world is still behind on the basics.FBI said that government agencies aiming to buy critical items like ventilators have unknowingly transferred funds to threat actors.Intel fixed nine high- and medium-severity flaws in its April security update, which could enable privilege escalation and denial of service attacks.If you reuse an old password when you're rushing to create a new account for the lockdown era, you're as good as "pre-hacking" yourself.The Chinese ISP has expanded its program via HackerOne.A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0979.An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008.An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0784.An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1007.A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0888.A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0962.The companies are touting a built-in technology to identify people potentially exposed to the virus, but there are challenges over effectiveness and privacy.Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Store Inventory Management. Successful attacks of this vulnerability can result in takeover of Oracle Retail Store Inventory Management. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?Hackers are upping their game, especially as they target mobile devices.Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access.Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.SkyWrapper is a tool from CyberArk that helps to discover suspicious creation forms and uses of temporary tokens in AWS.nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID: 167810.IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software.The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.Can the gap between socially responsible collective action and privacy be bridged? A new report outlines a series of measures for the public and private sector to take in order to demonstrate accountability while delivering privacy protection in a pandemic.NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.Taxpayers are being targeted by a new NetWire RAT variant in a recent malspam campaign that makes use of an improved keylogger and an Excel 4.0 Macro.NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.Several fake browser extensions masqueraded as legitimate cryptocurrency utilities in a snowballing campaign.Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information.NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30.NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.'Mozi' combines code from three previously known IoT malware.An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow....and there are fixes for Adobe, Oracle and Intel products too. Go get your updates!More ransomware operators are setting up pages where they threaten to publish compromised data from victims - an added pressure for victims to pay the ransom.They were posing as crypto wallets in order to rip off users' private keys and mnemonic phrases and drain real wallets. Google's yanked them.With COVID-19 making a mess of the global economy, companies are seeking to cut corners - and some boardrooms still see security as a "cost center." Are infosec careers vulnerable now?Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150Alleged Windows flaw allows for remote code execution and is being flogged for $500,000.What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCN7605, QCS605, Rennell, SC8180X, SDA845, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130Kernel memory error in debug module due to improper check of user data length before copying into memory in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, MSM8996AU, QCN7605, SDM439, SDX24, SM8150Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Out of bound write can happen due to lack of check of array index value while calculating it. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, MSM8905, MSM8909Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Crooks manipulated connected TV supply-side ad platforms to create millions of fictional eyeballs.Cybercriminals are threatening not only to hold sensitive data hostage but also to release it publicly unless the ransom is paid, says cyber threat intelligence provider Check Point Research.Why cell phones can hold the key to tracking future cases of COVID-19 with artificial intelligence.String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130Why cell phones can hold the key to tracking future cases of COVID-19 with artificial intelligence.Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6574AU, QCS605, Rennell, SDA660, SDM429W, SDM439, SDM450, SDM710, SDM845, SM7150, SM8150, SM8250, SXR2130Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.Such guides provide instructions so that even novices can learn how to become cybercriminals, says web intelligence company Terbium Labs.Having someone older to watch out for you while you're online can be reassuring. That seems to be the idea behind TikTok's Family Pairing.The application security provider teams up with CollabNet VersionOne and XebiaLabs to create Digital.ai, a new enterprise DevOps platform.Going digital with immunity passports could speed rollout and allow for better warnings of potential hot spots. But security and privacy issues remain.Atlas VPN found the United States was targeted more than any other country partially because of its size and the openness of the internet.With people spending more time on Facebook and Twitter, it's important to know what to watch out for. Jack Wallen addresses the social networking behaviors you should avoid at all costs.An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code execution by an unauthenticated attacker.The startup acknowledged that former Tesla employees had possession of Tesla documents relating to shipping, receiving, and warehouse procedures despite leaving the company.Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.The global ID verification and authentication company's latest fundraiser will further assist worldwide secure access to digital services.Small businesses are being hit by ransomware, and a majority are paying up to get their data back.The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.ICEBUCKET operation is the largest ever to attempt to steal from advertisers by using bots to impersonate human smart-TV viewers, White Ops says.A never-before-seen RAT is targeting Azerbaijan energy companies with various tools aimed at stealing credentials and exfiltrating valuable data.Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable cloud infrastructure.New research suggests GSH is active in Southeast Asia following a couple of quiet years.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.GitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts.Know anything about North Korean hackers and their activities in cyberspace, past or ongoing? The US on Wednesday said that itβs got up to $5 million in Rewards for Justice money if you cough up useful details, which you can do here. The FBI and the Departments of State, Treasury, and Homeland Security (DHS) put [β¦]The first quarter of 2020 brought investments in enterprise IoT and endpoint security, as well as billion-dollar investments from private equity firms.Google is striving to block Gmail messages and other content that exploit COVID-19, but there are steps users can take to fight such malware.CISOs and CIOs, you are our helpers. As you take action to reassure your company, your confidence is our confidence.More people working from home has led to an increase in remote desktop access, putting corporate systems at risk.XLS files sent via emails appear password protected but arenβt, opening automatically to install malware from compromised macros, according to researchers.A recent U.S. House Oversight Committee meeting was the latest victim of Zoom bombing, according to an internal letter.This fun project can teach your home-bound children and teens about cybersecurity (and keep them occupied for at least a little while).Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.Microsoft claims a machine learning models its built for software developers can distinguish between security and non-security bugs 99% of the time.San Francisco International Airport was hacked, Pentagon networks are at risk, and a TikTok hack circulates Coronavirus consipiracy theories. Catch up on the news of the week with the Friday Five!Here's the short version: Google just issued a Chrome update with a note that says, "This update includes 1 critical security fix."Linksys Smart Wi-Fi users were forced to reset their passwords after researchers discovered a router hack.The vCenter vulnerability, patched on April 9, could give an intruder access to administrative credentials in three steps.In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.The DHS urged organizations to update their passwords and make sure that a critical Pulse Secure VPN flaw has been patched, as attackers continue to exploit the flaw.Zoom has become a household name because lots of people are working from home and using the video conferencing software. Here is your guide to Zoom basics, including its security vulnerabilities.Though many problems remain, organizations are making attackers work harder.From the critical bug in Google Chrome to Signal's fears over the EARN Act, get yourself up to date with everything we've written in the last week.The massive ICEBUCKET scheme has, so far, impersonated more than 2m people in 30+ countries, defrauding more than 300 brands of ad dollars.Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.The latest sextortion emails try to fool you with technical terms they hope you won't understand.Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12.The scientists known for finding ways to transmit software from non-networked computers, have figured out a way to do it using computer fan vibrations.As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze.Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.It was a tough choice! And the winner is...Foxit Reader and PhantomPDF are plagued by several high-severity flaws that, if exploited, could enable remote code execution.In a reminder to regulated entities, the New York Department of Financial Services warned last week of a potential uptick in phishing, fraud, and third-party risk.Cognizant is working with cyber defense firms and law enforcement to investigate the attack, disclosed April 17.Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.Certain NETGEAR devices are affected by a stack-based buffer overflow. This affects R6250 before 1.0.4.12, R6400v2 before 1.0.2.32, R7000P/R6900P before 1.0.0.56, R7900 before 1.0.1.18, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and D8500 before 1.0.3.29.Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38 and R6800 before 1.1.0.38.Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, and D7000 before 1.0.1.50.Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.46, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.46, and D7000 before 1.0.1.50.Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems.Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March.More than 4,300 domains related to stimulus and relief packages, many of them malicious, have been registered since January.Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.A combination of clever tools, good education, and better mindfulness might keep users from being manipulated.Drinking bleach does NOT cure coronavirus: it's just one dangerous myth that Facebook will alert us to if we've interacted with it.Research analyzing three months of coronavirus-themed attacks show cybercriminals adjusting threat levels to evolve with pandemic and typical employment trends.Researchers find massive spike in infected enterprises worldwide.As governments broaden use of digital technologies to stem pandemic, sensitive health and location data need to be protected, company says.Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.Highly targeted spearphishing emails are being sent to oil and gas companies in hopes of infecting them with the Agent Tesla spyware.Designed to mimic legitimate users, these bots allow attackers to mine data, brute force login credentials, and harvest personal information, according to Imperva.OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.The acquisition brings password cracking and password auditing capabilities together in a single company.Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.Many small- and mid-sized business owners say they lack of the time or resources to effectively battle ransomware, according to a survey from security provider Infrascale.Here's something officially useful you can do with all those phishing scams - and the cost to you is approximately zero!Attackers seed Ruby Gems repository with more than 760 malicious packages using names just a bit different than the standard code libraries.NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.Discovering how not to treat all vulnerabilities as equal is a key strategy in patch management, says risk-based vulnerability firm Kenna Security.Three separate flaws can be chained to achieve full system compromise.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.Overall, security practitioners should find themselves in a better working situation than many other professionals. However, we are not immune.Cybercriminals capitalize on the popularity of media and entertainment to target consumers looking for at-home activities.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings.NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.Fears over data leaks from remote workers are not only founded, they're much worse than anticipated, said the International Association of IT Asset Managers.A survey of 100 security professionals found that traditional defenses are prone to failure.It won't happen until October at the earliest but the Supreme Court said Monday it will review how the U.S. Computer Fraud and Abuse Act is interpreted for the first time.Certain NETGEAR devices are affected by command injection. This affects WAC510 before 1.3.0.10, WAC120 before 2.1.4, WNDAP620 before 2.1.3, WND930 before 2.1.2, WN604 before 3.3.7, WNDAP660 before 3.7.4.0, WNDAP350 before 3.7.4.0, WNAP320 before 3.7.4.0, WNAP210v2 before 3.7.4.0, and WNDAP360 before 3.7.4.0.Certain NETGEAR devices are affected by command injection. This affects R7800 before 1.0.2.16 and R9000 before 1.0.2.4.NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.Certain NETGEAR devices are affected by command injection. This affects R6220 before 1.1.0.50, R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, WNDR3700v5 before 1.1.0.48, and D7000 before 1.0.1.50.Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28.Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.Researchers weigh in on potential security concerns surrounding the 2020 NFL Draft.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects R6400 before 1.0.1.24, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.Certain NETGEAR devices are affected by command injection. This affects R6400 before 1.0.1.24, R6700 before 1.0.1.26, R6900 before 1.0.1.28, R7000 before 1.0.9.10, R7000P before 1.0.1.16, R6900P before 1.0.1.16, and R7800 before 1.0.2.36.Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.28 and D6100 before 1.0.0.50_0.0.50.Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.50.NETGEAR R7800 devices before 1.0.2.36 are affected by command injection.NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, and R8500 before 1.0.2.100.The technique would enable attackers to run malicious code via Remote Desktop Protocol using DLL side-loading to bypass security controls.The share of bot traffic to online sites declines, but businesses are seeing an overall increase in automated scraping of data, login attempts, and other detrimental activity.A new Android trojan targets banking customers with overlay attacks to steal their bank credentials and ultimately take over their accounts.As more governments consider the use of contact tracing apps to prevent the spread of coronavirus, researchers say privacy will have to be at the forefront of efforts in order for civilians to use it.Far from pausing operations during the COVID-19 pandemic, Chinaβs notorious Winnti hacking group has been busy launching new attacks on targets, researchers say.First, 267m records were exposed & sold for 0.0002 cents each on the Dark Web. It was taken down but got reposted with yet more records.A new button allowing meeting participants to report users is Zoom's latest attempt to bring its security features up to scratch.SophosLabs worked through five monthsβ worth of βporn scamβ emails and followed the money. Learn what they found...A huge increase in malicious website registrations has prompted concern from US lawmakers.The SBA said sensitive information about applicants may have been revealed to others applying for disaster loan program funds.As most generic spam now gets blocked, attackers have turned to more targeted, personalized phishing emails to reel in their victims, according to security firm Trustwave.Given the heterogeneous architectures of critical state and local systems, it's imperative we learn from the security exposures of other critical infrastructure and pledge to be betterBusiness owners who applied for federal disaster loans may have had information exposed to other applicants, the Small Business Administration reports.The flaws exist in Autodesk's FBX library, integrated in Microsoft's Office, Office 365 ProPlus and Paint 3D applications.With the unemployment rate surging due to COVID-19, are you concerned your job is in jeopardy?The Maze ransomware group is believed to be responsible for the attack, and it typically blackmails victims by demanding payment to decrypt stolen files.Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6250 before V1.0.4.8, R6400 before V1.0.1.22, R6400v2 before V1.0.2.32, R7100LG before V1.0.0.32, R7300 before V1.0.0.52, R8300 before V1.0.2.94, R8500 before V1.0.2.100, D6220 before V1.0.0.28, D6400 before V1.0.0.60, and D8500 before V1.0.3.29.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6150v2 before 1.0.1.54, EX6100v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.18, R6900P before 1.3.0.8, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R8000 before 1.0.4.4_1.1.42, R7900P before 1.1.5.14, R8000P before 1.1.5.14, R8300 before 1.0.2.110, R8500 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.14, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050, before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.12, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JR6150 before 1.0.1.12, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Zoom 5.0 is due to be launched within a week, bringing 256-bit encryption and new features for helping hosts stay in control of their meetings and their data.The DoppelPaymer ransomware group is claiming that it launched a cyberattack against Torrance - and is now leaking the LA city's data online.Certain NETGEAR devices are affected by CSRF. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, JR6150 before 1.0.1.12, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by a buffer overflow. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300v1 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.Certain NETGEAR devices are affected by authentication bypass. This affects D6100 before V1.0.0.55, D7000 before V1.0.1.50, D7800 before V1.0.1.24, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, R6100 before 1.0.1.12, R6220 before 1.1.0.50, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.40, WNR2000v5 before 1.0.0.42, WNR2020 before 1.1.0.40, and WNR2050 before 1.1.0.40.Certain NETGEAR devices are affected by CSRF. This affects R6100 before 1.0.1.12, R7500 before 1.0.0.108, WNDR3700v4 before 1.0.2.86, WNDR4300v1 before 1.0.2.88, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.42.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6100 before V1.0.0.55, D7800 before V1.0.1.24, EX6150v2 before 1.0.0.48, R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before V1.0.3.16, R7800 before V1.0.2.36, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.48.Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8.Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000 before 1.0.1.60, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.94, DGN2200Bv4 before 1.0.0.94, EX6200v2 before 1.0.1.50, EX7000 before 1.0.0.56, JR6150 before 1.0.1.18, R6050 before 1.0.1.10J, R6100 before 1.0.1.16, R6150 before 1.0.1.10, R6220 before 1.1.0.50, R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.26, R6700v2 before 1.2.0.4, R6800 before 1.0.1.10, R6900 before 1.0.1.26, R6900P before 1.0.0.58, R6900v2 before 1.2.0.4, R7000 before 1.0.9.6, R7000P before 1.0.0.58, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.40, WNDR3400v3 before 1.0.1.14, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR3500Lv2 before 1.2.0.44.Standard language and processes, not to mention more efficient dissemination of findings and alerts all make documenting your security processes a mustCertain NETGEAR devices are affected by CSRF. This affects EX6100 before 1.0.2.16_1.1.130, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.50, EX6400 before 1.0.1.60, EX7300 before 1.0.1.60, and WN3000RPv3 before 1.0.2.44.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.Users should update their firmware for three popular smart-home hubs.Researchers revealed two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS devices.Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.42, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.30, R6100 before 1.0.1.16, R7500 before 1.0.0.116, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR4300v2 before 1.0.0.48, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.30, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7900 before 1.0.2.4, R8000 before 1.0.4.2, WN2500RPv2 before 1.0.1.50, WNDR3400v3 before 1.0.1.14, and WNDR4000 before 1.0.2.10.Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86, DGND2200Bv4 before 1.0.0.86, R6050 before 1.0.0.86, JR6150 before 1.0.1.10, R6220 before 1.1.0.50, and WNDR3700v5 before V1.1.0.48.Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.The FBI, which has been urging vigilance around COVID-19 themed phishing attacks, this week gave indicators of compromise and hashes to aid admins in the fight.When Larry Cashdollar set up a honeypot in a Docker image, he found behavior that was more enlightening than he had imagined.To improve the security of your corporate's network, protect the remote use of AD credentials.The US intelligence agency teamed up with Australian Signals Directorate in newly released information on how to protect Web servers from the malware.One of the flaws is remotely exploitable with no user interaction needed, ZecOps says.The rapidly evolving Hoaxcalls botnet is exploiting an unpatched vulnerability in the ZyXEL Cloud CNM SecuManager in a bid to widen its spread.The Cloud Data Shield relies on confidential computing, which protects data while it's in use by enterprise applications.Financial data is still in demand, but ransomware becomes the most popular way to try to cash in from compromised companies, according to Trustwave.We discuss the biggest cybersecurity news stories of the week. New podcast episode out now!The event impacted the accounts of almost 8,000 people. Here are tips on how to protect yourself and your organization from website breaches.Many people said they would respond to emails claiming to be from the IRS or WHO, according to IBM X-Force.It's like a cloud of personal information breathed out in a plume by a database that didn't bother to wear a mask.Threat groups are increasingly relying on trojanized apps pretending to be legitimate - such as Skype or Signal - but are really spreading surveillanceware.Ruby developers beware: a would-be cryptocurrency thief is out to get at your digital wallet, and they're using typosquatting code to do it.Attackers are sending convincing emails that ultimately steal victims' Skype credentials.Bots' swerve to focus on APIs means businesses must take the threat seriously and take effective action.Iran's Charming Kitten and other nation-state actors are using the coronavirus pandemic to their advantage, for espionage.Hackers have used credentials allegedly stolen from the WHO, CDC and other notable groups to spread coronavirus misinformation online.To pay or not to pay continues to be the question as ransomware targets cities, even amid COVID-19.A mobile phone forensics outfit looking into real-world attacks going back more than two years has uncovered two Apple Mail app bugs.A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease.Leaked source code for Counter-Strike: Global Offensive and Team Fortress 2 has led to widespread gamer worries about security and cheating.While companies are cutting back on plans to hire, cybersecurity and the technology industry as a whole are doing better than the general economy.During unprecedented times such as these, both businesses and professional sports are forced to go back to basics.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Scammers use text-based images, QR codes, and other tricks to evade spam filters, says email security provider Vade Secure.Ranging from ethical hacking to cloud security, these certs make it easier to get promoted and negotiate a higher salary.Businesses say customer data, financial data, and intellectual property are the types of data most vulnerable to insider attacks.Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, R6050 before 1.0.1.10, R6100 before 1.0.1.16, R6220 before 1.1.0.50, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX6200v2 before 1.0.1.44, R6100 before 1.0.1.12, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, R7800 before 1.0.2.28, R9000 before 1.0.2.30, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.Apple said this week that it will fix two vulnerabilities affecting iOS 6 through 13.4.1 that could let an attacker leak, modify, and delete user email.nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40.Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.0.1.20, R7000 before 1.0.7.10, R7000P before 1.0.0.58, R6900P before 1.0.0.58, R7100LG before 1.0.0.32, R7900 before 1.0.1.14, R8000 before 1.0.3.22, and R8500 before 1.0.2.94.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4.Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100.Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14.New decentralized, criminal marketplaces and "as-a-service" offerings make it easy for employees to monetize their knowledge and access to enterprise networks and systems.Tightened budgets are placing jobs at risk, but security pros say they're armed with ways to demonstrate that what they're doing merits keeping them employed.The New York-based credit-card processor left a server without password protection for approximately three weeks.For years, abusers have used complex keywords to covertly talk about imagery, but analysts have sussed out much of the secret code.DomainTools security analyst looked at 130 registrations that cover everything from reopenohio to reopendaycares.A security researcher claims to have unearthed a previously-unknown APT group after reading the NSA files leaked by the Shadow Brokers in 2016.You might not have heard of FBX files... but the latest Office versions support them, so don't neglect this patch!Company said there is no evidence that iOS bugs revealed by ZecOps earlier this week were ever used against customers.Campaigns against government agencies, educational establishments, and healthcare providers aren't proving as successful as expected, says security firm Emsisoft.A malicious campaign analyzed by email security provider INKY spoofs the US Federal Reserve with promises of a government payment for those affected by COVID-19.The email addresses of about 450 active employees were leaked online this week along with thousands of others working on COVID-19 response, WHO said.The NFL's first ever virtual draft went off without a hitch in the first round, but teams will have to be on watch through the six remaining rounds.After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked.Many organizations are doing more than they need regarding compliance.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24. R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.1.00.26, R6080 before 1.1.00.26; R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60.NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of service.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.Tracking the cryptocurrency paid by victims finds that, even with a low rate of payout, the scheme netted a cool half million for the various groups involved.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.MIT professor makes the case for certifying a person's immune health status via a protected digital identity.Nintendo account hacks, two Apple zero days reportedly being exploited in the wild, and the NFL virtual draft were all hot topics in the security space this week.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect configuration of security settings.Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R9000 before 1.0.2.52, WNDR3400v3 before 1.0.1.16, WNR3500Lv2 before 1.2.0.46, and WNDR3700v5 before 1.1.0.48.A breach has impacted the accounts of some 160,000 Nintendo users. Here's what to do if you're one of them.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6100 before 1.0.1.20, R7800 before 1.0.2.40, and R9000 before 1.0.2.52.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52.Economist Daniel Kahneman's classic book has lessons for those in security, especially now.Telecommuting comes with its own set of cybersecurity risks. Kaspersky has announced a free training module to help remote teams make more informed cybersecurity decisions.A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies.Aimed at students and faculty at colleges in the US, this phishing campaign tried to infect machines with the Hupigon remote access trojan, says security provider Proofpoint.Bugs don't pose an immediate threat, and there is no evidence they were exploited, as ZecOps claimed earlier this week, Apple says.267 million Facebook profiles found being sold on the dark web, the virtual NFL draft raises cybersecurity concerns, and email phishing campaigns target US healthcare providers - catch up on the week's news with the Friday Five.Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them.The free online conference, scheduled for April 28-30, will feature top security researchers from across the industry.Now patched flaw allowed attacker to take over an organizationβs entire roster of Microsoft Teams accounts.It's weekly roundup time!The US NSA and its Australian counterpart the ASD have published a set of guidelines to help companies avoid a common kind of attack: web shell exploits.Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable.Use these spare moments at home to master new skills that will help protect your organization and enhance your career.Docker brought containers into the enterprise; static scanning makes sure they are secure when the images are created. Who watches them when they run?URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.If an employee decides to pursue another job during the coronavirus pandemic, organizations must be prepared to keep proprietary data and company technology safe.Here are five simple tips that will help you keep ransomware out and your precious data inMore than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses.A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing campaign against XG firewalls, using the Asnarok trojan.The latest release of the Vivaldi web browser includes one of the easiest to use tracker blockers on the market.If cloud services vendors successfully asked themselves these three questions, we'd all be better off.Preventing idle SSH sessions from remaining connected is an easy way to add a bit more security to secure shell. Find out how.The flaws exist in Autodesk's FBX Software Development Kit, which is supported in Microsoft Office 2019 and Office 365 ProPlus.In a recent survey, data protection officers cited a lack of budget and cohesion across all business units when it comes to developing an organization-wide data protection and privacy strategy as some of the role's top challenges.CyberArk says issue would have allowed attackers to take over Teams accounts using a malicious GIF.A recent bug discovered can allow your device to be compromised through Apple's default Mail application, but until a patch is released, follow these steps to protect yourself.Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.Apple added more security to screen sharing, so the default behavior restricts all but local users from enabling this feature. With an MDM, admins can automate this process.From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.Commentary: Let's Encrypt cofounder Josh Aas is quick to deflect praise, but each of us has a great deal to thank him for, as 85% of page loads are now secured.ExecuPharm said its internal servers were hit with ransomware after attackers launched a phishing attack.Scammers have turned to employment worries as their latest lure for Zoom phishing scams.Microsoft has fixed a flaw in Teams that could have allowed attackers to launch a wormlike attack on multiple accounts by sending one victim a malicious GIF image.Germany's ditched a homegrown alternative that featured a centralized database of location data, raising privacy concerns.Several new databases have been uncovered on underground forums sharing recycled Zoom credentials.Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.The attack accuses victims of possessing pornography, encrypts all files on the device, and then instructs them to pay a fine to unlock the data, according to Check Point Research.To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn't easy.Most security practitioners surveyed say their job functions have changed during the pandemic, and 90% are now working remotely full time.Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia -- and could be the work of the OceanLotus APT.Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.With just a few Bitcoins and a quick search of Dark Web marketplaces, bad actors can become the owners of powerfully malicious tools.Conscious of the state of employment during the pandemic, as well as after, Fortinet offers an opportunity to build skill sets from home.47% of respondents have been temporarily moved to assist with IT-related tasks during remote work, (ISC)2 survey finds.Yes, a rogue "word" could freeze up your iPhone - but it's not malware, it doesn't steal data and doesn't do permanent damage.The Clop ransomware group has reportedly leaked compromised data of biopharmaceutical company ExecuPharm after a recent cyberattack.12 of the 15 most popular video call apps meet Mozilla's Minimum Security Standards, according to a new report.Three things your company should do to protect credentials during the coronavirus pandemic.Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10.Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06.The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs.Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier.Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11.NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.The U.S. Department of Defense is urging military medical treatment facilities to protect controlled unclassified data, like patient health information and personally identifiable information.Accustomed to working in the same room, security teams now must find ways to operate effectively in the new remote reality.Adobe fixed critical flaws in Illustrator, Magento and Bridge in an out-of-band security update.Researchers say incidents of mobile malware are becoming more common and growing more sophisticated.OceanLotus targeted Android devices in the so-called PhantomLance campaign.The purchase will boost Rapid7's multicloud capabilities.Thanks to WFH, IoT refrigerators, Samsung TVs and more can now be back-channel proxies into the corporate network.With support for the programming language no longer available, organizations should port to Python 3, security researches say.Understanding failures and attacks can help us build safer AI applications.Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.A NordPass survey explores how people manage passwords and found forgetting one is as anxiety-inducing as losing a wallet.Buh-bye, original way of tweeting. Twitter said it's to keep our accounts safe, referring to unspecified SMS-enabled vulnerabilities.A vulnerability in the defunct OneTone WordPress theme plugin is being exploited to compromise entire sites while installing backdoor admin accounts.Malicious actors could potentially harvest data over the air and use it to shake confidence in the public-health system, EFF says.To hold your own against nation-state-grade attacks, you must think and act differently.With the new 5.0 version of Zoom, the app has added features to help you protect your virtual meetings from Zoombombing and other unwanted intrusion.Security concerns over personal data was the sole reason for not doing business with a specific company, says a survey from Arcserve.A new compilation of data says the home of Hollywood and Silicon Valley has seen nearly 19 million records lost in attacks since 2005.WireGuard has yet to arrive in the Linux kernel, but you can still start testing how this new feature will work.As businesses grow, it's wise to reevaluate how a business runs its internal security operations center, according to a new report from an industry group.A decade after their first use, Web shells remain a common tool for all stripes of attackers, from common cybercriminals to sophisticated state actors.A GitLab path traversal flaw could allow attackers to read arbitrary files and remotely execute code.Overall bot activity on the web has soared, with a 26 percent growth rate -- attacks on applications, APIs and mobile sites are all on the rise.A decade after their first use, Web shells remain a common tool for all stripes of attackers, from common cybercriminals to sophisticated state actors.Businesses need to be aware of the dangers associated with employees using WhatsApp, WeChat, and other communication channels.It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusionBusinesses need to be aware of the dangers associated with employees using WhatsApp, WeChat, and other communication channels.An active campaign inserts malicious VBScript into ZIP files posing as downloads for "John Wick 3," "Contagion," and other popular movies.Secure remote access is a "must" for enterprise computing today, and there are options for you to explore in the dynamic current environment.Automated attacks on Remote Desktop Protocol accounts are aimed at taking over corporate desktops and infiltrating networks.Cisco's IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw.Google has finally added the Eyes Open requirement for Google Pixel 4 Face Unlock. Learn how to enable it.A non-profit tech consortium has released a series of best practices that companies should follow in order to protect digital IPNearly two-thirds say disruptions were at least moderate in severity, and more have seen VPN connectivity issues as employees work from home.Although the controversial option of voting by mobile app is one pressing consideration, cybersecurity experts agree that there are other, older issues that need to be resolved before November 3.Criminals extorting large amounts of money from big enterprises pulled up the overall average significantly compared with the fourth quarter of 2019, Coveware says.Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.Attackers used an account checker tool to identify Nintendo accounts with compromised and vulnerable login credentials, says SpyCloud.The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub.A rise in remote workers has opened a window of opportunity for hackers, who are now trying to access enterprise networks by targeting Microsoft RDP accounts.Justice has already been slow in this case, and the pandemic isnβt helping: His trial has been postponed for a third time.After a light Patch Tuesday earlier this month, Adobe has issued an unexpectedly large bundle of critical security fixes for flaws affecting its Magento, Bridge and Illustrator products. These might look casually out of band but in fact Adobe often staggers its patches throughout the month. Nevertheless, with a total of 35 CVEs to fix [β¦]Such threats continued to spread in April and are likely to be the new norm, at least until the pandemic subsides, according to Bitdefender.Convincing deepfakes are a real concern, but there are ways of fighting back.Although the controversial option of voting by mobile app is one pressing consideration, cybersecurity experts agree that older issues need to be resolved before November 3.Researchers warn that the EventBot Android malware, which targets over 200 financial apps, could be the "next big mobile malware."What if a messaging app has to show you an unwanted message so you can decide whether you want it shown to you?As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.Learn about what a Software as a Service, or SaaS, company is and why it may make sense for your organization in this weekβs Data Protection 101, our series on the fundamentals of information security.Zoom is now a household name for work-from-home employees. Here is your guide to Zoom basics, including its security vulnerabilities and video conferencing alternatives such as Microsoft Teams.The road to secure containers is long and winding. One stop you should take on that journey is unloading unnecessary kernel modules in your Linux containers.Frictionless security, improved interfaces, and more usable design may improve the efficacy of security tools and features (and make life easier for users and infosec pros alike). So why has there been so much resistance?The latest incident compromised names, Social Security numbers, and other data belonging to 700 current and former Chegg employees.Lessons from Facebook and Google show how to safely scale your environment for security.Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.Google is striving to block Gmail messages and other content that exploit COVID-19, but there are steps users can take to fight such malware.Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.Researchers say the bugs are easy to exploit and will likely be weaponized within a day.Are you certain your users are working with strong passwords on your Linux servers? Let John the Ripper show you who is and who isn't.The "PerSwaysion" attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign.EventBot is an Android information stealer on its way to becoming a very capable piece of malware.Records Management is intended to help businesses manage security and data governance as more struggle to handle increased amounts of data and regulatory requirements.The DHS is urging users to secure Office 365 accounts after reporting security weaknesses in Microsoft's online productivity service.The policies are specifically meant to fight spam, but they outlaw tactics taken by malicious extensions as well, including fake reviews.Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign, said IBM X-Force.We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.Australia's contact tracing app sparks privacy concerns, Shade ransomware ceases operations, and Google Play deals with malicious apps. Catch up on the week's news with the Friday Five!The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code.Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.Threatpost editors discuss a phishing attack abusing Microsoft Sway, a Microsoft Teams flaw and an Android spyware campaign unearthed this week.Experts share what it takes to get your security analysts effectively countering threats from their home offices.Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.Cybercriminals are leveraging overwhelmed delivery services to further phishing schemes.Attackers are exploiting the surge in the use of Microsoft Teams in an attempt to trap unsuspecting users, says Abnormal Security.The new website is intended to be a one-stop source for information on securing teleworkers and their employers.In a Twitter thread, Microsoft warned people in Spain and South America to watch what they torrent.Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says.No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.It's weekly roundup time!The US federal government has been protecting its users by blocking malicious destinations for years, but it wonβt let them take advantage of the latest protective measure in DNS β encryption β just yet.Got plenty of quaran-time to teach something to roll over? Be careful! Puppy lust is leading to broken hearts and emptied wallets.Get the latest cybersecurity news, opinion and advice from Sophos.The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.Cisco survey finds security experts at mid-sized companies have strong incident response plans and prioritize proactive threat hunting.CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.How working together across the spectrum of young to old makes our organizations more secure.It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after.CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection.SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.If you weren't using a computer 20 years ago, this is what people mean when they talk with dismay about ILOVEYOU or the Love Bug...Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.The act would require βaffirmative express consentβ for transferring any health, location and proximity data, and allow individuals to opt out of data collection.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.Cybercriminals are making millions by holding the data of healthcare institutions hostage until they get paid.sshprank is a fast SSH mass-scanner, login cracker, and banner grabber tool using the python-masscan and shodan modules.sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects: D6220, running firmware versions prior to 1.0.0.40 D8500, running firmware versions prior to 1.0.3.39 EX3700, running firmware versions prior to 1.0.0.70 EX3800, running firmware versions prior to 1.0.0.70 EX6000, running firmware versions prior to 1.0.0.30 EX6100, running firmware versions prior to 1.0.2.22 EX6120, running firmware versions prior to 1.0.0.40 EX6130, running firmware versions prior to 1.0.0.22 EX6150v1, running firmware versions prior to 1.0.0.42 EX6200, running firmware versions prior to 1.0.3.88 EX7000, running firmware versions prior to 1.0.0.66 R6300v2, running firmware versions prior to 1.0.4.18 R6400, running firmware versions prior to 1.0.1.24 R6400v2, running firmware versions prior to 1.0.2.32 R6700, running firmware versions prior to 1.0.1.22 R6700v3, running firmware versions prior to 1.0.2.32 R6900, running firmware versions prior to 1.0.1.22 R7000, running firmware versions prior to 1.0.9.6 R6900P, running firmware versions prior to 1.0.0.56 R7000P, running firmware versions prior to 1.0.0.56 R7100LG, running firmware versions prior to 1.0.0.42 R7300DST, running firmware versions prior to 1.0.0.54 R7900, running firmware versions prior to 1.0.1.26 R8300, running firmware versions prior to 1.0.2.106 R8500, running firmware versions prior to 1.0.2.106 WN2500RPv2, running firmware versions prior to 1.0.1.54 WNR3500Lv2, running firmware versions prior to 1.2.0.46More than 86,600 new domains related to the pandemic are considered "risky" or "malicious," according to a new report.Hackers targeted Ghost on Sunday, in a cryptocurrency mining attack that caused widespread outages.Intruders gained access to core systems at the Android-based LineageOS project and the Ghost platform.One Rhode Island university has transitioned nearly seamlessly into remote learning. Here's how they did it safely and effectively.Security pros are banding together to ensure healthcare facilities can focus on saving lives instead of defending against cyber attacks. Here are a few places you can volunteer your services.Small and midsize businesses face issues similar to those of large organizations and have updated security practices to respond with threat hunting, patch management, and dedicated personnel.Stuck at home with a primary- or secondary-school student? Organizations from professional training groups to national governments are teaming up to offer virtual cybersecurity training for teens -- in some cases, for free.Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft.It's not the first ISP to be held accountable for alleged piracy: Cox is looking at a $1b damage order.Mozilla has announced that it is testing an experimental service called Firefox Private Relay that it thinks will offer an appealing solution to the issue of having to hand over your email address every time you want to set up any online account.The virus infected some 50 million systems worldwide, often rendering them unusable, and cost more than $15 billion to repair.A LastPass report reveals 91% use the same passwords on multiple accounts, and 53% haven't changed passwords in 12 months, despite high-profile security breaches.Ahead of World Password Day, a survey finds management is worse than junior staff at practicing good password hygiene, according to SecureAuth.Password protection, user authentication, and keeping software patched are a few ways you can keep video conferencing secure. Tom Merritt suggests five things to do to ensure safer video meetings.Firmware has become an increasingly prevalent target for hackers. Here's how to stop them.The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week.The botnet uses SSH brute-force attacks to infect devices and uses a custom implant written in the Go Language.Coming to a conference near you -- who knows when.The domain registrar giant said that the breach started in October 2019.Web hosting behemoth GoDaddy just filed a data breach notification with the US state of California.Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104.Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104.Password protection, user authentication, and keeping software patched are a few ways you can keep video conferencing secure. Tom Merritt suggests five things to do to ensure safer video meetings.We should prepare for a future in which artificially intelligent cyberattacks become more common.The Israeli cloud security startup has built a platform to help organizations gain greater visibility into multicloud deployments.Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic repeater settings via an SSID.Maintaining visibility and availability when you suddenly have a large remote footprint takes planning.Researchers say spear-phishing emails purporting to be from telecom giant EE are being sent to top corporate execs.Attackers could have exploited the issue to lead online shoppers to malicious websites or to get them to download malware, Tenable says.FINRA warned financial services firms of a new phishing campaign on Monday that it claims is widespread and ongoing.Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.Mimecast's "100 Days of Coronavirus" report shows 33% overall increase in cyber threats ranging from malware to impersonation attacks.The October 2019 breach left some customer data open to hacking eyes.An unauthorized person was able to access the login credentials of a number of accounts with the hosting company.Over the past several months, threat actors have quickly shifted their tactics to take advantage of interest in the coronavirus, two studies find.Participants can earn up to $100,000 for finding severe flaws in Microsoft's Linux-based Azure Sphere IoT operating system.SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users.ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.The leak exposed millions of records with full names, emails, user conversations, payment logs, and IP addresses dating back to March.Researchers have poked another small hole in air gapped security by showing how the electronics inside computer power supply units (PSUs) can be turned into covert data transmission devices.Track and monitor who has access, when it's accessed, and why, to keep it safe and use it to its full potential.The built-in technology would ban the use of GPS location data to monitor contact with people who test positive for COVID-19.Investment brokers are the target of a new wave of socially engineered phishing attacks, warns FINRA.More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.The rapid move to remote working has left many businesses more vulnerable to cybersecurity threats, with nearly half saying they've encountered at least one scare as a direct result of the shift.More than half of the professionals surveyed for Barracuda Networks said their workforce isn't properly trained to handle the risks associated with remote working.Ahead of World Password Day, researchers are finding troubling trends despite numerous breaches and hacks.Australian transportation company Toll Group has been hit by the Nefilim ransomware, causing customers to experience delays.Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.Firefox's latest version is out, with new password management features and a raft of security fixes.Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution.IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199.A three-month Azure Sphere bug-bounty challenge will offer top rewards for compromising Pluton or Secure World within Microsoft's IoT security suite.Malicious campaigns are using password spraying as a type of brute-force attack to find weak passwords at healthcare and medical facilities.A study from Kaspersky also reveals significant changes in the ways people work since COVID-19.It means attackers have been met with sufficient resistance that it's no longer worth their trouble and have moved onSince February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group.With the new 5.0 version of Zoom, the app has added features to help you protect your virtual meetings from Zoombombing and other unwanted intrusion.Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.The California Privacy Rights Act, a new data privacy effort introduced to narrow the scope of the California Consumer Privacy Act, now has enough support to make it onto the November 2020 ballot.Spammers are sending text messages with deceptive links designed to exploit interest and fear around COVID-19, says AdaptiveMobile Security.In the Europol-led takedown, police shut down databases with more than 170 million entries.ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.CyberX was founded in 2013 and has raised $48 million to build its cybersecurity platform for IoT and industrial control systems.Survey shows 49% expect to experience a data breach or cybersecurity incident in the next month.In the past year, the number of digital threats increased by nearly half as phishing swamped malware to become the most dominant attack technique.Some companies' endpoint security strategies may now cover an ever-widening array of devices, as Dark Reading's latest State of Endpoint Security survey discovered.A new report details major vulnerabilities among the executive suite at some of the largest pharmaceutical companies.The Dacls RAT has been ported from an existing Linux version.Defiant says it observed a 30-fold increase in attacks in just the past few days.Investigations show Maze ransomware operators leave "nothing to chance" when putting pressure on victims to pay.Five alleged members of hacking group InfinityBlack got some unexpected visitors last week when Polish law enforcement arrested them.In April, the company yanked 1,887 misleading accounts, pages and groups tied to eight influencer networks building fake engagement.60% of remote workers use personal devices, many without protection from their business' cybersecurity, a new report found.Palo Alto Networks has found 10 separate coronavirus-themed business email compromise campaigns, and all can be tied back to a single Nigerian group called SilverTerrier.The Chinese APT has been discovered behind a five-year espionage campaign that compromises government servers - and uses that as leverage for other attacks.Newly released evidence points to the Naikon APT being at the head of a 5-year espionage campaign that has phished information from countries all around the Asia-Pacific region.Passwords are no longer a secure method of identity verification, resulting in many organizations to turn to other tactics, Yubico found.It's 11 a.m. Are your kids locked in their rooms playing games online?Microsoft is offering researchers $100,000 if they can crack the company's custom-built Linux OS for Internet of Things devices.Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to steal various U.S. government payouts.As we celebrate another World Password Day, security pros are hopeful that when we move out of the stay-at-home period, companies will continue to focus on digital technologies - and ditching passwords.The famous cartoon cat can help kids ages 6 to 11 learn to be more secure when they're online.Get the latest cybersecurity news, opinion and advice.When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.A website seemingly offering images and icons for download is actually a cover-up for a credit card skimming operation, says Malwarebytes.Hackers who gain access to a remote system can launch malware, spread spam, and perform identity theft, according to McAfee.Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS).Here's a ransomware story with a bit of a difference. Some of your files get wiped out, but others can be recovered without paying.As we celebrate World Password Day, companies of all sizes are looking to password alternatives including YubiKeys, Google Titan keys, and biometrics. A Gartner analyst weighs in.More than one in five also acknowledge transitioning to remote work without a policy, according to an Alliant Cybersecurity report.Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22./server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.Yet, even with a 30% decline, web applications are still at risk and new scan targets have more vulnerabilities than others, according to a new Acunetix report.It seems as if there are alerts almost daily now around how bad actors are leveraging the ongoing coronavirus (COVID-19) pandemic to target end users.The latest came this week after agencies from two countries, the U.S. and the U.K. warned about how advanced persistent threat (APT) groups are using the pandemic to their advantage.Β The more things change, the more they stay the same. That's true for software security, even in these turbulent times.Cisco has fixed 12 high-severity flaws in its Adaptive Security Appliance software and Firepower Threat Defense software.The new macOS remote access Trojan from the Lazarus Group uses a two-factor authentication app as its delivery mechanism.Protecting your Linux servers against SYN attacks and IP spoofing isn't nearly as hard you think. Jack Wallen shows you how.dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.With grocery delivery in higher demand than ever, new add-ons have emerged to secure slots for consumers, presenting a new pathway for bad bots to wreak havoc.Malware, spies and hackers, plus erosion and sharks, threaten fiber-optics that transmit almost all the world's dataInformation Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53.Google deleted more malicious extensions from the Chrome Web Store after they were found to be phishing cryptocurrency users.If you enjoy what you read, hear and see from the Naked Security team, please vote for us - it means a lot!Companies are looking to "shift left" with Infrastructure-as-Code (IaC) security capabilities to boost improve developer productivity, avoid misconfigurations and prevent policy violations.DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.Malware, spies, and hackers, plus erosion and sharks, pose huge risks to the fiber optics that transmit almost all the world's data.The Shiny Hunters hacking group said it stole 500 GB of data from the tech giantβs repositories on the developer platform, which it owns.The emails, hashed passwords and usernames of 3.5 million users of the dating app MobiFriends were put up for sale on an underground forum.The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.The newly discovered campaign lures victims with a supposed file concerning the coronavirus pandemic.Nintendo suffers a server breach, a new phishing campaign targets the financial industry, and moreΒ - catch up on the week's news with the Friday Five.A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations.With so many IoT devices in use today, security is a major issue. Here are some steps to make sure your data is safe.A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user.A flaw was found in KeycloakΓ’β¬β’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.Experts say that the pressure to move to SAP's next-gen platform can be a big opportunity to move the needle on ERP cybersecurity.Governments and organizations are unleashing new technologies to fight the spread of the coronavirus, adding to privacy and data collection concerns.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.A new report details major vulnerabilities among the executive suite at some of the largest pharmaceutical companies.Due to the coronavirus pandemic, there will be no in-person Black Hat USA or DEF CON conferences this year.A new attack discovered by Abnormal Security aims to steal account credentials from people who use the online document signing platform.Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.It's weekly roundup time!Microsoft really wants to secure the Internet of Things (IoT), and it's enlisting citizen hackers' help to do it.β¦ nor to anybody, even law enforcement, in the place where privacy-oblivious biometrics companies are forced to their knees: Illinois.These threats are designed to capture usernames, passwords, bank details, network information, and other sensitive data, says security provider Lastline.The latest release of the Vivaldi web browser includes one of the easiest to use tracker blockers on the market.They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.Ransomware crooks are apparently threatening to dump personal data for a long of celebs including Lady Gaga, Madonna, Nicki Minaj and more.The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called "Thunderspy."A new report finds cyber resilience, security culture, and cloud security are hot topics for chief information security officers.The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.Adding security into DevOps hasn't been as easy as automating all the things. Sonatype's survey shows the state of the industryβand what you might want to work on next.Online training classes for newbies, managers, and privacy officers are on sale this week.Millions of employees working remotely have gotten no information about how to keep their devices and home networks safe.Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.The FTC is seeking comment on whether or not it should make changes to its Health Breach Notification Rule, a rule that compels orgs to disclose when health records are breached.Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server.Billions of data points are gathered throughout the UPS network every week. Find out how the information collected is revolutionizing the logistics giant.CVE-2020-9315 and CVE-2020-9314 in iPlanet version 7 will not receive patches.The infostealer has gone above and beyond in its new anti-analysis and obfuscation tactics.Attackers with physical access to targeted machines could exploit these flaws to access and copy data within minutes, researchers say.** REJECT ** Unused CVE for 2017.Most are designed to help organizations address teleworking risks related to COVID-19 scams.The latest SophosLabs report tells the story of how the infamous "Maze" ransomware has evolved over the past 12 months...Threat actors are cooking up new features for the sophisticated banking trojan that targets Google Android apps and devices.3.5 million user logins for the MobiFriends dating app are being offered for free on a popular dark web hackers forum.Numbers are down, but that may only be because organizations have been too busy fighting COVID-19-related cyberthreats to notice compromises, Risk Based Security says.Photo print service Chatbooks has disclosed a data breach after customers' emails, passwords and more were listed for sale on underground forums.How governments can protect personal privacy in contact tracing while saving peoples' livesTo understand the scope of the ransomware threat, Sophos commissioned a study into the state of ransomware 2020.Thunderbolt ports can provide direct access to the memory in your laptop... just how hard is it for crooks to do so when you aren't looking?Previously, manual contact tracing was used during pandemics. Now, the MIT Media Lab-hosted Safe Paths Project app can help track the virus and inform people if they've been exposed.Canadian-based BlackBerry partnered with the University of Windsor to create a cybersecurity "camp" for students to matriculate online during the COVID-19 crisis.Adobe patched 36 flaws, including critical vulnerabilities in Acrobat and Reader and its DNG Software Development Kit.Severe CSRF to XSS bugs open the door to code execution and complete website compromise.Attackers claim to steal 756GB of data from Grubman Shire Meiselas & Sacks, which includes Madonna and Lady Gaga among its clients.Assuming an attacker has physical access to a machine, a new attack could let allow for the access of data on a locked, password protected, and encrypted hard drive.Automation and other technologies are improving the organizational structure of the security operations center. This is ultimately for the better, but it means that roles will change too.Using a known exploit to infect unmaintained systems, the WannaCry ransomware worm remains a study in preventable catastrophes. Yet many companies continue to ignore its lessons.Important-rated EoP flaws make up the bulk of the CVEs; SharePoint continues its critical run with four worrying bugs.Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.Three new reports detail malware coming out of the Hidden Cobra cyber operations in North Korea.Cybercriminals used the REvil ransomware to attack a law firm used by the likes of Lady Gaga, Drake and Madonna. Now, they're threatening to leak the 756 gigabytes of stolen data.Experts worry that without proper planning, today's decisions about developing contact-tracing apps could have unforeseen consequences in the years to come.Almost every application uses open-source components and 91% use libraries that are out of date or that have been abandoned altogether.This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.Threat actors have pivoted from noisy attacks to intrusions where stealth and ROI are primary goals, new report says.Someone on the dark web is touting for sale an unusual database a lot of people might pay handsomely to get their hands on.Use of the kid-addicting, video-sharing app is exploding during lockdown, triggering yet another inquiry into how safe it is for young ones.The APT's new cyber-attack tools are laid bare on three-year anniversary of WannaCry.Getting over the cybersecurity skills gap takes creativity, flexibility, and a willingness to go "off-script" when it comes to picking out candidates.The outbreak of COVID-19 has triggered a wave of scams, from fake pharmacies to stimulus payment promises to phony cryptocurrency wallets, says Bolster.Companies that don't have a social media presence or posts that don't list salary or benefit information are a big turnoff, SimplyHired survey finds.While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.With the shift toward remote working, cybercriminals have been targeting exploits in VPN, Internet of Things, and authentication technology, says cybersecurity firm Nuspire.Preventing idle SSH sessions from remaining connected is an easy way to add a bit more security to secure shell. Find out how.Logins, personal information and tax info were all exfiltrated ahead of the ransomware attack, thanks to a phishing email.The cyber-espionage toolkit is under active development.A new report from Kudelski Security provides companies tips for how to recruit and retain talent up for the digital challenges of tomorrow.The $70 million deal is intended to help CyberArk strengthen its portfolio with secure and SaaS-based identity management.TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.Here's a DHL delivery scam with a simple twist - simplicity and a total lack of drama...The healthcare company has informed affected employees of a data breach on a single corporate server.Security issues in Microsoft products dominate the US government's top 10 list of commonly exploited vulnerabilities, but Apache Struts, Adobe Flash, and Drupal are also routinely targeted.Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today's regulated world of GDPR and CCPA. Here's why.In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic.In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.Half of the organizations surveyed by Netwrix suffered a data breach last year because of the unauthorized sharing of information.A thumbprint may be a good authentication factor for the living, but are you prepared to access mission-critical data and devices after an employee's death?Future features include plenty of self-reporting options, and officials' fears the data could be misused.Texas appellate courts and judicial agenciesβ websites and computer servers were shut down after a ransomware attack.The U.S. government recapped the top 10 most exploited vulnerabilities from 2016-2019 and warned how 2020 is shaping up vulnerability-wise on Tuesday.Compliance is no longer the primary motivator. AppSec is, Cobalt.io says.Are you certain your users are working with strong passwords on your Linux servers? Let John the Ripper show you who is and who isn't.The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.Windows users won't have to fix βbigβ exploited or public flaws this month, but May's Patch Tuesday is one of the biggest patch rounds.The cross-site scripting vulnerability could have allowed trivial account takeover.A security session at the AWS Summit Online focused on the basics of Control Tower, Landing Zones, and GuardDuty.BEC gangs like "Exaggerated Lion" are using tricky tactics - like exploiting G Suite - to scam companies out of millions.She wanted a sub, not Facebook, Instagram and SMS come-ons from the guy who served her and intercepted her contact-tracing details."Healthy Togetherβ app uses a raft of location data, including GPS, cell tower triangulation and Bluetooth, to pinpoint users and ID coronavirus hotspots.Oracle and KMPG threat report finds that over-privileged accounts and poorly protected cloud secrets are the biggest security risks.A remote PC infected with certain malware could take over a client that tries to connect to it, says Check Point Research. Here's how to prevent it.Three basic but comprehensive steps can help you and your organization get through adversityVolterra's VoltShare uses an app to read a key and an email address to verify identityMicrosoft is letting Windows Insiders test-drive DNS-over-HTTPS protocol in a pre-release build of Windows 10.Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.The social media giant in April affixed warning labels on 50 million pieces of contentBugs can last a long time... even if you thought you removed them years ago.Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.In an industry still experiencing a talent shortage despite the pandemic, recruiters and observers offer advice on what job seekers should and should not do.Several key resources and controls can help reduce overall risk by providing guidance on proper control implementation, preventative measures to deploy, and an emphasis on organizationwide training.In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like Γ’β¬œ../../../../topic2020Γ’β¬οΏ½ is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers).A ransomware incident analyzed by IBM X-Force shows that the attacker wouldn't have been able to decrypt the data, even if the ransom was paid.The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties.In a PSA on Wednesday, the FBI and CISA warned healthcare and pharmaceutical orgs that Chinese hackers are seeking valuable IP and health data regarding COVID-19 treatment.A group of children's privacy advocates alleged in a recent FTC complaint that TikTok violated an agreement to protect children's private data.Complex supply chains have complex security requirements, but secure them you must. Here's where to start.Descended from the COMPFun RAT, the malware can propagate to removable drives.Startup emerges with three-factor, no-password authentication.BotSight, a machine learning research project, rates Twitter users based on the likelihood that there is a human behind the keyboard. Could such technology blunt the impact of disinformation campaigns?The email also claims to have been scanned by Symantec email security, according to security provider Armorblox.Fix released in February is Microsoft's second pass at fully addressing issue that Check Point first disclosed at Black Hat USA last summer.Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700