messages17.html

<!DOCTYPE html>
<html>

 <head>

  <meta charset="utf-8"/>
<title>Exported Data</title>
  <meta content="width=device-width, initial-scale=1.0" name="viewport"/>

  <link href="css/style.css" rel="stylesheet"/>

  <script src="js/script.js" type="text/javascript">

  </script>

 </head>

 <body onload="CheckLocation();">

  <div class="page_wrap">

   <div class="page_header">

    <div class="content">

     <div class="text bold">
🛡 Cybersecurity &amp; Privacy news 🛡 
     </div>

    </div>

   </div>

   <div class="page_body chat_page">

    <div class="history">

     <a class="pagination block_link" href="messages16.html">
Previous messages
     </a>

     <div class="message service" id="message-676">

      <div class="body details">
10 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16098">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 15:21:22">
15:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – Shop safe online (you know why!) ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Live video - enjoy (and please share with your friends)!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/09/naked-security-live-shop-safe-online-you-know-why/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16099">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 15:21:23">
15:21
       </div>

       <div class="text">
<strong>⚠ Smishing attack tells you “mobile payment problem” – don’t fall for it! ⚠</strong><br><br><code>Don&apos;t be fooled by a website that looks OK - it&apos;s easy for crooks to make an exact copy. (This time, they got just one letter wrong.)</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/10/smishing-attack-tells-you-mobile-payment-problem-dont-fall-for-it/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16100">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:15:15">
16:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Overlooked Security Risks of the M&amp;A Rebound 🕴</strong><br><br><code>Successful technology integration, post-merger, is tricky in any market, and never more so than with today&apos;s remote work environments and distributed IT infrastructure.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/overlooked-security-risks-of-the-manda-rebound/a/d-id/1339290?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16101">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:49">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-26811 ‼</strong><br><br><code>SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26811">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16102">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:50">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-26807 ‼</strong><br><br><code>SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26807">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16103">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:51">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-26824 ‼</strong><br><br><code>SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26824">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16104">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:53">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-26820 ‼</strong><br><br><code>SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26820">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16105">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:54">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-26823 ‼</strong><br><br><code>SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26823">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16106">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:56">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-28055 ‼</strong><br><br><code>A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows a local unprivileged attacker, such as a malicious App, to read &amp; write to the /data/vendor/tcl, /data/vendor/upgrade, and /var/TerminalManager directories within the TV file system. An attacker, such as a malicious APK or local unprivileged user could perform fake system upgrades by writing to the /data/vendor/upgrage folder.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16107">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:57">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-27146 ‼</strong><br><br><code>The Core component of TIBCO Software Inc.&apos;s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.&apos;s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27146">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16108">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:26:59">
16:26
       </div>

       <div class="text">
<strong>‼ CVE-2020-26810 ‼</strong><br><br><code>SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26810">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16109">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:00">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-6316 ‼</strong><br><br><code>SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6316">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16110">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:49">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26808 ‼</strong><br><br><code>SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26808">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16111">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:51">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26819 ‼</strong><br><br><code>SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26819">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16112">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:53">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26815 ‼</strong><br><br><code>SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26815">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16113">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:54">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26814 ‼</strong><br><br><code>SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26814">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16114">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:55">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26817 ‼</strong><br><br><code>SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26817">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16115">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:57">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-27403 ‼</strong><br><br><code>A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 that lists all files &amp; directories. An unprivileged remote attacker on the adjacent network, can download most system files, leading to serious critical information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27403">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16116">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:58">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-26809 ‼</strong><br><br><code>SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the &apos;/medias&apos; endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26809">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16117">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:27:59">
16:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25074 ‼</strong><br><br><code>The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25074">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16118">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:28:00">
16:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-26818 ‼</strong><br><br><code>SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26818">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16119">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:28:02">
16:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-26822 ‼</strong><br><br><code>SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26822">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16120">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 16:28:04">
16:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-26821 ‼</strong><br><br><code>SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26821">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16121">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 17:45:12">
17:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cloud Usage, Biometrics Surge As Remote Work Grows Permanent 🕴</strong><br><br><code>A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cloud-usage-biometrics-surge-as-remote-work-grows-permanent/d/d-id/1339413?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16122">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 17:53:07">
17:53
       </div>

       <div class="text">
<strong>🔏 New Government Contractor Cybersecurity Requirements Loom 🔏</strong><br><br><code>A new cybersecurity rule will go into effect for DoD contractors at the end of the month to enhance the protection of unclassified information within the supply chain.</code><br><br><a href="https://digitalguardian.com/blog/new-government-contractor-cybersecurity-requirements-loom">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16123">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 18:07:32">
18:07
       </div>

       <div class="text">
<strong>❌ Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers ❌</strong><br><br><code>Retail bots are helping scalpers scoop up PS5, Xbox Series X inventory and charge massive markups.</code><br><br><a href="https://threatpost.com/scalper-bots-shake-down-desperate-ps5-xbox-series-x-shoppers/161090/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16124">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 18:07:34">
18:07
       </div>

       <div class="text">
<strong>❌ Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs ❌</strong><br><br><code>Intel released 40 security advisories in total, addressing critical- and high-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.</code><br><br><a href="https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16125">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 18:27:55">
18:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28368 ‼</strong><br><br><code>Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a &quot;Platypus&quot; attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16126">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 18:27:56">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2019-7357 ‼</strong><br><br><code>Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can remotely activate/deactivate the plugins.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-7357">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16127">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 18:27:57">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-23968 ‼</strong><br><br><code>Ilex International Sign&amp;go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\Ilex\S&amp;G\Logs\000-sngWSService1.log.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23968">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16128">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 18:27:58">
18:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-27165 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-28050. Reason: This candidate is a reservation duplicate of CVE-2020-28050. Notes: All CVE users should reference CVE-2020-28050 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16129">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 18:37:32">
18:37
       </div>

       <div class="text">
<strong>❌ Microsoft Patch Tuesday Update Fixes 17 Critical Bugs ❌</strong><br><br><code>Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.</code><br><br><a href="https://threatpost.com/microsoft-patch-tuesday-critical-bugs/161098/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16130">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 19:15:16">
19:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Microsoft Patches Windows Kernel Flaw Under Active Attack 🕴</strong><br><br><code>This month&apos;s Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/microsoft-patches-windows-kernel-flaw-under-active-attack/d/d-id/1339415?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16131">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:15:16">
20:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Claroty Details Vulnerabilities in Schneider PLCs 🕴</strong><br><br><code>The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/claroty-details-vulnerabilities-in-schneider-plcs/d/d-id/1339417?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16132">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:27:22">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25268 ‼</strong><br><br><code>Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25268">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16133">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:27:23">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-25267 ‼</strong><br><br><code>An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25267">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16134">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:27:24">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-28408 ‼</strong><br><br><code>The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28408">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16135">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:27:25">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-28409 ‼</strong><br><br><code>The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28409">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16136">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:27:27">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-24367 ‼</strong><br><br><code>Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16137">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:27:28">
20:27
       </div>

       <div class="text">
<strong>‼ CVE-2020-24063 ‼</strong><br><br><code>The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16138">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:45:18">
20:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Malware Hidden in Encrypted Traffic Surges Amid Pandemic 🕴</strong><br><br><code>Zscaler says attacks involving the use of SSL/TLS encryption jumped 260% in the first nine months of 2020 compared to the same period last year.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/malware-hidden-in-encrypted-traffic-surges-amid-pandemic/d/d-id/1339420?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16139">

      <div class="body">

       <div class="pull_right date details" title="10.11.2020 20:45:19">
20:45
       </div>

       <div class="text">
<strong>🕴 Flaws in Privileged Management Apps Expose Machines to Attack 🕴</strong><br><br><code>The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links.</code><br><br><a href="https://www.darkreading.com/application-security/flaws-in-privileged-management-apps-expose-machines-to-attack/d/d-id/1339419?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-677">

      <div class="body details">
11 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16140">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 03:28:25">
03:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-16126 ‼</strong><br><br><code>An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16141">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 03:28:26">
03:28
       </div>

       <div class="text">
<strong>‼ CVE-2020-16127 ‼</strong><br><br><code>An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16142">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:34:54">
08:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-17053 ‼</strong><br><br><code>, aka &apos;Internet Explorer Memory Corruption Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16143">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:34:55">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-17019 ‼</strong><br><br><code>, aka &apos;Microsoft Excel Remote Code Execution Vulnerability&apos;. This CVE ID is unique from CVE-2020-17064, CVE-2020-17065, CVE-2020-17066.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16144">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:34:56">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-17055 ‼</strong><br><br><code>, aka &apos;Windows Remote Access Elevation of Privilege Vulnerability&apos;. This CVE ID is unique from CVE-2020-17025, CVE-2020-17026, CVE-2020-17027, CVE-2020-17028, CVE-2020-17031, CVE-2020-17032, CVE-2020-17033, CVE-2020-17034, CVE-2020-17043, CVE-2020-17044.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16145">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:34:57">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-17071 ‼</strong><br><br><code>, aka &apos;Windows Delivery Optimization Information Disclosure Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16146">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:34:58">
08:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-17070 ‼</strong><br><br><code>, aka &apos;Windows Update Medic Service Elevation of Privilege Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17070">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16147">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:02">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17106 ‼</strong><br><br><code>, aka &apos;HEVC Video Extensions Remote Code Execution Vulnerability&apos;. This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17106">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16148">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:03">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17040 ‼</strong><br><br><code>, aka &apos;Windows Hyper-V Security Feature Bypass Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16149">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:04">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17012 ‼</strong><br><br><code>, aka &apos;Windows Bind Filter Driver Elevation of Privilege Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17012">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16150">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:05">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-7328 ‼</strong><br><br><code>External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7328">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16151">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:06">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17018 ‼</strong><br><br><code>, aka &apos;Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability&apos;. This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17021.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17018">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16152">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:07">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17020 ‼</strong><br><br><code>, aka &apos;Microsoft Word Security Feature Bypass Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17020">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16153">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:08">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17057 ‼</strong><br><br><code>, aka &apos;Windows Win32k Elevation of Privilege Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16154">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:09">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17064 ‼</strong><br><br><code>, aka &apos;Microsoft Excel Remote Code Execution Vulnerability&apos;. This CVE ID is unique from CVE-2020-17019, CVE-2020-17065, CVE-2020-17066.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17064">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16155">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:10">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17102 ‼</strong><br><br><code>, aka &apos;WebP Image Extensions Information Disclosure Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17102">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16156">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:11">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17058 ‼</strong><br><br><code>, aka &apos;Microsoft Browser Memory Corruption Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16157">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:12">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-16994 ‼</strong><br><br><code>, aka &apos;Azure Sphere Unsigned Code Execution Vulnerability&apos;. This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16158">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:13">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17000 ‼</strong><br><br><code>, aka &apos;Remote Desktop Protocol Client Information Disclosure Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16159">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:14">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17021 ‼</strong><br><br><code>, aka &apos;Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability&apos;. This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17018.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16160">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:15">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17085 ‼</strong><br><br><code>, aka &apos;Microsoft Exchange Server Denial of Service Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17085">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16161">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 08:35:19">
08:35
       </div>

       <div class="text">
<strong>‼ CVE-2020-17046 ‼</strong><br><br><code>, aka &apos;Windows Error Reporting Denial of Service Vulnerability&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17046">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16162">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 10:38:20">
10:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ COVID-19 Data-Sharing App Leaked Healthcare Worker Info ❌</strong><br><br><code>Philippines COVID-KAYA app allowed for unauthorized access typically protected by ‘superuser’ credentials and also may have exposed patient data.</code><br><br><a href="https://threatpost.com/covid-19-data-leaked-healthcare-worker-info/161108/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16163">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 12:08:24">
12:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ High-Severity Cisco DoS Flaw Can Immobilize ASR Routers ❌</strong><br><br><code>The flaw stems from an issue with the ingress packet processing function of Cisco IOS XR software.</code><br><br><a href="https://threatpost.com/high-severity-cisco-dos-flaw-asr-routers/161115/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16164">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 12:15:56">
12:15
       </div>

       <div class="text">
<strong>🕴 How to Avoid Getting Killed by Ransomware 🕴</strong><br><br><code>Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/how-to-avoid-getting-killed-by-ransomware/a/d-id/1339181?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16165">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 12:29:55">
12:29
       </div>

       <div class="text">
<strong>‼ CVE-2020-4685 ‼</strong><br><br><code>A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16166">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 12:44:58">
12:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 nfstream 6.2.2 🛠</strong><br><br><code>nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.</code><br><br><a href="https://packetstormsecurity.com/files/160029/nfstream-6.2.2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16167">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 14:30:12">
14:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-15275 ‼</strong><br><br><code>MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user&apos;s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15275">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16168">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 14:30:13">
14:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-27523 ‼</strong><br><br><code>Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27523">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16169">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 14:30:14">
14:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-27524 ‼</strong><br><br><code>On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16170">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 14:46:22">
14:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Former Microsoft Software Engineer Sentenced to 9 Years in Prison 🕴</strong><br><br><code>The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/former-microsoft-software-engineer-sentenced-to-9-years-in-prison/d/d-id/1339422?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16171">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 14:52:40">
14:52
       </div>

       <div class="text">
<strong>⚠ “Instant bank fraud” hoax is back – don’t spread fake news! ⚠</strong><br><br><code>You need to spread the word to your family and friends NOT to spread the word to their family and friends</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/11/instant-bank-fraud-hoax-is-back-dont-spread-fake-news/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16172">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 14:52:41">
14:52
       </div>

       <div class="text">
<strong>⚠ Smishing attack tells you “mobile payment problem” – don’t fall for it! ⚠</strong><br><br><code>Don&apos;t be fooled by a website that looks OK - it&apos;s easy for crooks to make an exact copy. (This time, they got just one letter wrong.)</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/10/smishing-attack-tells-you-mobile-payment-problem-dont-fall-for-it/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16173">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 15:08:39">
15:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Minecraft Apps on Google Play Fleece Players Out of Big Money ❌</strong><br><br><code>Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.</code><br><br><a href="https://threatpost.com/minecraft-apps-google-play-fleece-players/161125/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16174">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 16:08:52">
16:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic ❌</strong><br><br><code>Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.</code><br><br><a href="https://threatpost.com/ragnar-locker-ransomware-facebook-ads/161133/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16175">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 16:08:53">
16:08
       </div>

       <div class="text">
<strong>❌ Nvidia Warns Windows Gamers of GeForce NOW Flaw ❌</strong><br><br><code>Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia&apos;s GeForce NOW.</code><br><br><a href="https://threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16176">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 16:30:25">
16:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-8353 ‼</strong><br><br><code>Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16177">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 16:30:26">
16:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-8354 ‼</strong><br><br><code>A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8354">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16178">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 16:30:26">
16:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-8352 ‼</strong><br><br><code>In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16179">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 16:30:28">
16:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-5426 ‼</strong><br><br><code>Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5426">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16180">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 16:46:30">
16:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 9 New Tactics to Spread Security Awareness 🕴</strong><br><br><code>Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they&apos;re raising awareness.</code><br><br><a href="https://www.darkreading.com/edge/theedge/9-new-tactics-to-spread-security-awareness/b/d-id/1339416?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16181">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 17:46:33">
17:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Barracuda to Acquire Fyde for Zero-Trust Capabilities 🕴</strong><br><br><code>Plans call for expanding the Barracuda CloudGen SASE platform.</code><br><br><a href="https://www.darkreading.com/endpoint/barracuda-to-acquire-fyde-for-zero-trust-capabilities/d/d-id/1339426?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16182">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 17:54:16">
17:54
       </div>

       <div class="text">
<strong>🔏 Best Practices for Organizations to Mitigate Risks in Collaboration Software 🔏</strong><br><br><code>Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.</code><br><br><a href="https://digitalguardian.com/blog/best-practices-organizations-mitigate-risks-collaboration-software">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16183">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 18:08:54">
18:08
       </div>

       <div class="text">
<strong>❌ Silver Peak SD-WAN Bugs Allow for Network Takeover ❌</strong><br><br><code>Three security vulnerabilities can be chained to enable unauthenticated remote code execution.</code><br><br><a href="https://threatpost.com/silver-peak-sd-wan-bugs-network-takeover/161142/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16184">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 19:14:11">
19:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 3 Tips For Successfully Running Tech Outside the IT Department 🕴</strong><br><br><code>When marketing opts for &quot;extra-departmental IT,&quot; coordination and communication are required to keep things secured.</code><br><br><a href="https://www.darkreading.com/operations/3-tips-for-successfully-running-tech-outside-the-it-department/a/d-id/1339245?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16185">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 20:25:07">
20:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Security Hiring Plans Remain Constant Despite Pandemic 🕴</strong><br><br><code>Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/security-hiring-plans-remain-constant-despite-pandemic/d/d-id/1339429?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16186">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 20:30:37">
20:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-26218 ‼</strong><br><br><code>touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26218">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16187">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 20:30:38">
20:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-26219 ‼</strong><br><br><code>touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26219">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16188">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 20:46:39">
20:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Want to Avoid an Extreme Cyberloss? Focus on the Basics 🕴</strong><br><br><code>New analysis of attacks and breaches -- to the tune of more than $20 million in damages and losses of at least 20 million records -- underscores the importance of planning for these events.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/want-to-avoid-an-extreme-cyberloss-focus-on-the-basics/d/d-id/1339430?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16189">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 21:16:40">
21:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 NSF-Funded Research Aims to Help Disrupt Cybercrime Supply Chains 🕴</strong><br><br><code>The National Science Foundation awarded a grant to Georgia State University (GSU) to come up with innovative ways to thwart the supply chains for counterfeiting, loan- and unemployment fraud.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/nsf-funded-research-aims-to-help-disrupt-cybercrime-supply-chains-/d/d-id/1339431?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16190">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:48">
22:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26221 ‼</strong><br><br><code>touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user&apos;s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. The issue is patched in version 2.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26221">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16191">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:49">
22:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-1999 ‼</strong><br><br><code>A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-based threat detection. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.17; PAN-OS 9.0 versions earlier than 9.0.11; PAN-OS 9.1 versions earlier than 9.1.5; All versions of PAN-OS 7.1 and PAN-OS 8.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1999">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16192">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:50">
22:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-26220 ‼</strong><br><br><code>toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26220">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16193">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:51">
22:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-5992 ‼</strong><br><br><code>NVIDIA GeForce NOW application software on Windows, all versions prior to 2.0.25.119, contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5992">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16194">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:52">
22:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-2022 ‼</strong><br><br><code>An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator&apos;s session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2022">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16195">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:56">
22:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-2048 ‼</strong><br><br><code>An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2048">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16196">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:57">
22:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-2000 ‼</strong><br><br><code>An OS command injection and memory corruption vulnerability in the PAN-OS management web interface that allows authenticated administrators to disrupt system processes and potentially execute arbitrary code and OS commands with root privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16197">

      <div class="body">

       <div class="pull_right date details" title="11.11.2020 22:30:57">
22:30
       </div>

       <div class="text">
<strong>‼ CVE-2020-2050 ‼</strong><br><br><code>An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2050">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-678">

      <div class="body details">
12 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16198">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 10:31:31">
10:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7770 ‼</strong><br><br><code>This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7770">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16199">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 10:47:02">
10:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Like the Energizer Bunny, Trickbot Goes On and On 🕴</strong><br><br><code>Recent efforts to take down the virulent botnet have been largely -- but not entirely -- successful.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/like-the-energizer-bunny-trickbot-goes-on-and-on-/d/d-id/1339432?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16200">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 11:09:27">
11:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ From Triton to Stuxnet: Preparing for OT Incident Response ❌</strong><br><br><code>Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic - and how they can prepare for future threats.</code><br><br><a href="https://threatpost.com/triton-stuxnet-ot-incident-response/161147/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16201">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 11:20:18">
11:20
       </div>

       <div class="text">
<strong>🦿 New survey details IT challenges, shadow IT risks, 2021 outlook, and more 🦿</strong><br><br><code>The report also illustrates a shift in the way workers perceive IT. Half of the respondent employees said they &quot;had more empathy, had more respect or were more grateful for IT.&quot;</code><br><br><a href="https://www.techrepublic.com/article/new-survey-details-it-challenges-shadow-it-risks-2021-outlook-and-more/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16202">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 11:39:28">
11:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 2 More Google Chrome Zero-Days Under Active Exploitation ❌</strong><br><br><code>Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution.</code><br><br><a href="https://threatpost.com/2-zero-day-bugs-google-chrome/161160/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16203">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 11:50:19">
11:50
       </div>

       <div class="text">
<strong>🦿 How to combat the latest and most aggressive botnets and malware 🦿</strong><br><br><code>Launching more sophisticated botnets, malware, and other threats, cybercriminals are getting more ruthless, says Nuspire.</code><br><br><a href="https://www.techrepublic.com/article/how-to-combat-the-latest-and-most-aggressive-botnets-and-malware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16204">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 12:25:05">
12:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 5 Steps Every Company Should Take to Avoid Data Theft Risk 🕴</strong><br><br><code>It&apos;s never been easier for employees to download company data and take it with them to their next gig.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/5-steps-every-company-should-take-to-avoid-data-theft-risk/a/d-id/1339272?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16205">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 12:31:37">
12:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-9128 ‼</strong><br><br><code>FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16206">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 12:31:39">
12:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-13954 ‼</strong><br><br><code>By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13954">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16207">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 12:31:40">
12:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-25658 ‼</strong><br><br><code>It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25658">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16208">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 12:31:41">
12:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-25706 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25706">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16209">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 12:31:42">
12:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-27481 ‼</strong><br><br><code>An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin &lt;= 2.1.4 exists due to the usage of &quot;wp_ajax_nopriv&quot; call in WordPress, which allows any unauthenticated user to get access to the function &quot;gdlr_lms_cancel_booking&quot; where POST Parameter &quot;id&quot; was sent straight into SQL query without sanitization.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16210">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 13:16:22">
13:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Sifter 11 🛠</strong><br><br><code>Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.</code><br><br><a href="https://packetstormsecurity.com/files/160040/sifter-11.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16211">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 13:16:23">
13:16
       </div>

       <div class="text">
<strong>🛠 OATH Toolkit 2.6.4 🛠</strong><br><br><code>OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.</code><br><br><a href="https://packetstormsecurity.com/files/160041/oath-toolkit-2.6.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16212">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 13:22:34">
13:22
       </div>

       <div class="text">
<strong>⚠ S3 Ep6: How not to get scammed [Podcast] ⚠</strong><br><br><code>New episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/12/s3-ep6-how-not-to-get-scammed-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16213">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 14:09:35">
14:09
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks ❌</strong><br><br><code>Security problems in Schneider Electric programmable logic controllers allow compromise of the hardware, responsible for physical plant operations.</code><br><br><a href="https://threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16214">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 14:31:44">
14:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-24443 ‼</strong><br><br><code>Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24443">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16215">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 14:31:45">
14:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-24442 ‼</strong><br><br><code>Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24442">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16216">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 14:31:47">
14:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-24441 ‼</strong><br><br><code>Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16217">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 15:39:37">
15:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys ❌</strong><br><br><code>Hacker forums are a rich source of threat intelligence.</code><br><br><a href="https://threatpost.com/dark-web-security-researchers-bad-guys/161172/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16218">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:17:14">
16:17
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 DARPA and Academia Jumpstart 5G IoT Security Efforts 🕴</strong><br><br><code>With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.</code><br><br><a href="https://www.darkreading.com/iot/darpa-and-academia-jumpstart-5g-iot-security-efforts/a/d-id/1339388?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16219">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:49">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-0588 ‼</strong><br><br><code>Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0588">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16220">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:50">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-8766 ‼</strong><br><br><code>Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8766">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16221">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:51">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-12310 ‼</strong><br><br><code>Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12310">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16222">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:52">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-28271 ‼</strong><br><br><code>Prototype pollution vulnerability in &apos;deephas&apos; versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28271">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16223">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:53">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2019-11121 ‼</strong><br><br><code>Improper file permissions in the installer for the Intel(R) Media SDK for Windows before version 2019 R1 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11121">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16224">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:54">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-8738 ‼</strong><br><br><code>Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16225">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:55">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-8746 ‼</strong><br><br><code>Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16226">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:56">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-8751 ‼</strong><br><br><code>Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R) TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8751">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16227">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:57">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-8692 ‼</strong><br><br><code>Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8692">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16228">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:31:57">
16:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-8755 ‼</strong><br><br><code>Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8755">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16229">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:02">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8739 ‼</strong><br><br><code>Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8739">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16230">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:03">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8690 ‼</strong><br><br><code>Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8690">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16231">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:05">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8761 ‼</strong><br><br><code>Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8761">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16232">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:07">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8754 ‼</strong><br><br><code>Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8754">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16233">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:08">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8767 ‼</strong><br><br><code>Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8767">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16234">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:09">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8750 ‼</strong><br><br><code>Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8750">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16235">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:10">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8740 ‼</strong><br><br><code>Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8740">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16236">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:12">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8760 ‼</strong><br><br><code>Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8760">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16237">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:13">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8752 ‼</strong><br><br><code>Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8752">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16238">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:32:14">
16:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8764 ‼</strong><br><br><code>Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8764">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16239">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:51">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-12307 ‼</strong><br><br><code>Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12307">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16240">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:52">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-12304 ‼</strong><br><br><code>Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12304">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16241">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:53">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-12319 ‼</strong><br><br><code>Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12319">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16242">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:54">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-12321 ‼</strong><br><br><code>Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16243">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:55">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-28270 ‼</strong><br><br><code>Overview:Prototype pollution vulnerability in â€&amp;tilde;object-hierarchy-access’ versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28270">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16244">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:56">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-12308 ‼</strong><br><br><code>Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12308">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16245">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:57">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-8757 ‼</strong><br><br><code>Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8757">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16246">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:58">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-12312 ‼</strong><br><br><code>Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12312">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16247">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:37:59">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-28269 ‼</strong><br><br><code>Prototype pollution vulnerability in &apos;field&apos; versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28269">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16248">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 16:50:24">
16:50
       </div>

       <div class="text">
<strong>🦿 How and when to change your Google password 🦿</strong><br><br><code>If you&apos;ve ever been tempted to change your Google account password, but weren&apos;t sure how, don&apos;t let that confusion stop you. Jack Wallen walks you through the process.</code><br><br><a href="https://www.techrepublic.com/article/how-and-when-to-change-your-google-password/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16249">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 17:47:18">
17:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New &apos;CostaRicto&apos; Hack-for-Hire Group Targets Global Businesses 🕴</strong><br><br><code>The group of APT mercenaries uses bespoke malware and strong operation security to target a range of organizations, located primarily in Southeast Asia.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/new-costaricto-hack-for-hire-group-targets-global-businesses/d/d-id/1339434?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16250">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 17:54:59">
17:54
       </div>

       <div class="text">
<strong>🔏 Despite Pandemic, Cybersecurity Skills Gap Shrinking 🔏</strong><br><br><code>An industry nonprofit suggests that because of the pandemic, the cybersecurity talent gap is shrinking for the first time but that more than half of organizations still are at risk because of cybersecurity staff shortages.</code><br><br><a href="https://digitalguardian.com/blog/despite-pandemic-cybersecurity-skills-gap-shrinking">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16251">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:31:56">
18:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-12335 ‼</strong><br><br><code>Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12335">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16252">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:31:57">
18:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-26805 ‼</strong><br><br><code>In Sentrifugo 3.2, admin can edit employee&apos;s informations via this endpoint --&gt; /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, &quot;employeeNumId&quot; parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write data into the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26805">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16253">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:31:58">
18:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-12332 ‼</strong><br><br><code>Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16254">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:31:59">
18:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-12323 ‼</strong><br><br><code>Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16255">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:00">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-24525 ‼</strong><br><br><code>Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24525">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16256">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:01">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-26804 ‼</strong><br><br><code>In Sentrifugo 3.2, users can share an announcement under &quot;Organization -&gt; Announcements&quot; tab. Also, in this page, users can upload attachments with the shared announcements. This &quot;Upload Attachment&quot; functionality is suffered from &quot;Unrestricted File Upload&quot; vulnerability so attacker can upload malicious files using this functionality and control the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26804">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16257">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:03">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-26803 ‼</strong><br><br><code>In Sentrifugo 3.2, users can upload an image under &quot;Assets -&gt; Add&quot; tab. This &quot;Upload Images&quot; functionality is suffered from &quot;Unrestricted File Upload&quot; vulnerability so attacker can upload malicious files using this functionality and control the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26803">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16258">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:04">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-12334 ‼</strong><br><br><code>Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16259">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:05">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-12326 ‼</strong><br><br><code>Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12326">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16260">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:06">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-12349 ‼</strong><br><br><code>Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16261">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:07">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-12345 ‼</strong><br><br><code>Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12345">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16262">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:09">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-12353 ‼</strong><br><br><code>Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16263">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:10">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-12333 ‼</strong><br><br><code>Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16264">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:11">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-15783 ‼</strong><br><br><code>A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15783">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16265">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:12">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-0573 ‼</strong><br><br><code>Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0573">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16266">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:13">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-28414 ‼</strong><br><br><code>A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28414">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16267">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:14">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-8669 ‼</strong><br><br><code>Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8669">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16268">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:15">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-28415 ‼</strong><br><br><code>A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28415">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16269">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:16">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-27386 ‼</strong><br><br><code>An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager&apos;s rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /&lt;path_to_file&gt;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27386">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16270">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:32:17">
18:32
       </div>

       <div class="text">
<strong>‼ CVE-2020-24456 ‼</strong><br><br><code>Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24456">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16271">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:39:42">
18:39
       </div>

       <div class="text">
<strong>❌ Animal Jam Hacked, 46M Records Roam the Dark Web ❌</strong><br><br><code>Animal Jam, just the latest in a string of attacks on gaming apps, has adopted a transparent communications strategy after stolen data turned up on a criminal forum.</code><br><br><a href="https://threatpost.com/animal-jam-hack-data-breach/161177/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16272">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 18:50:28">
18:50
       </div>

       <div class="text">
<strong>🦿 Hackers for hire target victims with cyber espionage campaign 🦿</strong><br><br><code>The victims reside in the US and several other countries, while many of the targeted organizations are financial institutions, says BlackBerry.</code><br><br><a href="https://www.techrepublic.com/article/hackers-for-hire-target-victims-with-cyber-espionage-campaign/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16273">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 19:39:46">
19:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software ❌</strong><br><br><code>The modular malware is highly sophisticated but may not be able to capture credit-card info.</code><br><br><a href="https://threatpost.com/cyberattackers-custom-backdoor-oracle-restaurant/161180/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16274">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 19:47:20">
19:47
       </div>

       <div class="text">
<strong>🕴 Credential Stuffing Fills E-commerce Pipeline in 2020 🕴</strong><br><br><code>There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/credential-stuffing-fills-e-commerce-pipeline-in-2020/d/d-id/1339435?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16275">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 20:22:24">
20:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Manufacturing Sees Rising Ransomware Threat 🕴</strong><br><br><code>Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/manufacturing-sees-rising-ransomware-threat/d/d-id/1339438?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16276">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 20:22:25">
20:22
       </div>

       <div class="text">
<strong>🕴 &apos;Pay2Key&apos; Could Become Next Big Ransomware Threat 🕴</strong><br><br><code>Researchers from Check Point say an Iranian-based threat actor has successfully attacked multiple Israeli companies could soon go global.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/pay2key-could-become-next-big-ransomware-threat/d/d-id/1339436?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16277">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 20:31:14">
20:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-13877 ‼</strong><br><br><code>SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remote code execution and information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16278">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 20:31:15">
20:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-27193 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16279">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 20:31:16">
20:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-24719 ‼</strong><br><br><code>Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka &quot;magic cookie&quot;). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16280">

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 20:31:17">
20:31
       </div>

       <div class="text">
<strong>‼ CVE-2020-17494 ‼</strong><br><br><code>Untangle Firewall NG before 16.0 uses MD5 for passwords.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16281">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="12.11.2020 22:42:46">
22:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7033 ‼</strong><br><br><code>A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Client (web client) used in Avaya Equinox Conferencing can allow an authenticated user to perform XSS attacks. The affected versions of Equinox Conferencing includes all 9.x versions before 9.1.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7033">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-679">

      <div class="body details">
13 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16282">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 03:32:59">
03:32
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7032 ‼</strong><br><br><code>An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7032">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16283">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 13:20:49">
13:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to temporarily mitigate SAD DNS for Linux servers and desktops 🦿</strong><br><br><code>Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops.</code><br><br><a href="https://www.techrepublic.com/article/how-to-temporarily-mitigate-sad-dns-for-linux-servers-and-desktops/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16284">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 13:52:45">
13:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 TOR Virtual Network Tunneling Tool 0.4.4.6</strong> <strong>🛠</strong><br><br><code>Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).</code><br><br><a href="https://packetstormsecurity.com/files/160056/tor-0.4.4.6.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16285">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:10:24">
14:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Ticketmaster Scores Hefty Fine Over 2018 Data Breach ❌</strong><br><br><code>The events giant faces a GDPR-related penalty in the U.K., and more could follow.</code><br><br><a href="https://threatpost.com/ticketmaster-fine-2018-data-breach/161198/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16286">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:20:50">
14:20
       </div>

       <div class="text">
<strong>🦿 4 phishing scams to watch out for during the holidays 🦿</strong><br><br><code>Fake shipping notices and charity frauds are two scams cited by the security company GreatHorn, which offers tips to consumers on how to avoid them.</code><br><br><a href="https://www.techrepublic.com/article/4-phishing-scams-to-watch-out-for-during-the-holidays/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16287">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:25:24">
14:25
       </div>

       <div class="text">
<strong>🔏 Friday Five 11/13 🔏</strong><br><br><code>Cyber Command trolling, end-to-end encryption debates, and stolen source code - catch up on all the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-11/13">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16288">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:39">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-6148 ‼</strong><br><br><code>A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6148">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16289">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:41">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-8583 ‼</strong><br><br><code>Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16290">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:42">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-25538 ‼</strong><br><br><code>An authenticated attacker can inject malicious code into &quot;lang&quot; parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25538">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16291">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:43">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-25165 ‼</strong><br><br><code>BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25165">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16292">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:45">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-6156 ‼</strong><br><br><code>A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6156">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16293">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:46">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-1847 ‼</strong><br><br><code>There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1847">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16294">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:47">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-4886 ‼</strong><br><br><code>IBM InfoSphere Information Server 11.7 stores sensitive information in the browser&apos;s history that could be obtained by a user who has access to the same system. IBM X-Force ID: 190910.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16295">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:48">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-26222 ‼</strong><br><br><code>Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: &quot;/$({curl,127.0.0.1})&quot;, Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26222">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16296">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:50">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-25151 ‼</strong><br><br><code>The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25151">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16297">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:51">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-25557 ‼</strong><br><br><code>In CMSuno 1.6.2, an attacker can inject malicious PHP code as a &quot;username&quot; while changing his/her username &amp; password. After that, when attacker logs in to the application, attacker&apos;s code will be run. As a result of this vulnerability, authenticated user can run command on the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16298">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:52">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-21667 ‼</strong><br><br><code>In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the &apos;table&apos; parameter passed is not filtered so a malicious parameter can be passed for SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16299">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:53">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-6147 ‼</strong><br><br><code>A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6147">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16300">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:54">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-6019 ‼</strong><br><br><code>Valve&apos;s Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6019">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16301">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:55">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-6149 ‼</strong><br><br><code>A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6149">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16302">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:56">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-6155 ‼</strong><br><br><code>A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6155">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16303">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:57">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-8582 ‼</strong><br><br><code>Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnerability which could allow an authenticated user to view sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8582">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16304">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:58">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-6150 ‼</strong><br><br><code>A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6150">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16305">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:33:59">
14:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-26825 ‼</strong><br><br><code>SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim&apos;s web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim&apos;s browser and the victim can easily close the browser tab to terminate it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26825">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16306">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:34:00">
14:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-9127 ‼</strong><br><br><code>Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16307">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:34:02">
14:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-9129 ‼</strong><br><br><code>HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16308">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:50:49">
14:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 STEM and cybersecurity training are critical for the future 🦿</strong><br><br><code>Training people to fill cybersecurity jobs is important, but teaching everyone safe practices is also essential.</code><br><br><a href="https://www.techrepublic.com/article/stem-and-cybersecurity-training-are-critical-for-the-future/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16309">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:50:50">
14:50
       </div>

       <div class="text">
<strong>🦿 Adults and children should learn cybersecurity and safety practices 🦿</strong><br><br><code>STEM education that includes cybersecurity can help the US prepare for the future.</code><br><br><a href="https://www.techrepublic.com/videos/adults-and-children-should-learn-cybersecurity-and-safety-practices/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16310">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 14:50:51">
14:50
       </div>

       <div class="text">
<strong>🦿 6 training trends to watch that &quot;will define the workplace in 2021&quot; 🦿</strong><br><br><code>With the shift to remote work amid the coronavirus pandemic, online learning related to mindfulness, cybersecurity, and hybrid tech capabilities surged, Udemy found.</code><br><br><a href="https://www.techrepublic.com/article/6-training-trends-to-watch-that-will-define-the-workplace-in-2021/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16311">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 15:18:00">
15:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Self-Service Security for Developers Is the DevSecOps Brass Ring 🕴</strong><br><br><code>DevOps teams with full security integration and self-service capabilities are 80% more likely to fix critical vulnerabilities in under a day, according to the ninth annual &quot;State of DevOps Report.&quot;</code><br><br><a href="https://www.darkreading.com/application-security/self-service-security-for-developers-is-the-devsecops-brass-ring/d/d-id/1339440?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16312">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 15:40:27">
15:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 2020 Reader Survey: Share Your Feedback to Help Us Improve ❌</strong><br><br><br><br><a href="https://threatpost.com/2020-reader-survey/161168/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16313">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 15:40:28">
15:40
       </div>

       <div class="text">
<strong>❌ Botnet Attackers Turn to Vulnerable IoT Devices ❌</strong><br><br><code>Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.</code><br><br><a href="https://threatpost.com/botnet-attackers-turn-to-vulnerable-iot-devices/161210/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16314">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 15:40:29">
15:40
       </div>

       <div class="text">
<strong>❌ Nation-State Attackers Actively Target COVID-19 Vaccine-Makers ❌</strong><br><br><code>Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.</code><br><br><a href="https://threatpost.com/russia-north-korea-attacking-covid-19-vaccine-makers/161205/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16315">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 16:10:27">
16:10
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Amazon Sues Instagram, TikTok Influencers Over Knockoff Scam ❌</strong><br><br><code>&apos;Order This, Get This&apos;: Social-media influencers are in Amazon’s legal crosshairs for promoting generic Amazon listings with the promise to get prohibited counterfeit luxury items instead.</code><br><br><a href="https://threatpost.com/amazon-sues-instagram-tiktok-knockoff-scam/161233/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16316">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 16:33:46">
16:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26223 ‼</strong><br><br><code>Spree is a complete open source e-commerce solution built with Ruby on Rails. In Spree from version 3.7 and before versions 3.7.13, 4.0.5, and 4.1.12, there is an authorization bypass vulnerability. The perpetrator could query the API v2 Order Status endpoint with an empty string passed as an Order token. This is patched in versions 3.7.11, 4.0.4, or 4.1.11 depending on your used Spree version. Users of Spree &lt; 3.7 are not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26223">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16317">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 17:18:05">
17:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Director Expects to Be Fired Following Secure Election 🕴</strong><br><br><code>Top US cybersecurity leader Chris Krebs, who has been vocal about the security of this year&apos;s election, expects he&apos;ll be removed from his role.</code><br><br><a href="https://www.darkreading.com/risk/cisa-director-expects-to-be-fired-following-secure-election/d/d-id/1339442?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16318">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:33:53">
18:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-0599 ‼</strong><br><br><code>Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0599">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16319">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:33:54">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-5796 ‼</strong><br><br><code>Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5796">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16320">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:33:55">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-12338 ‼</strong><br><br><code>Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12338">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16321">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:33:56">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-26230 ‼</strong><br><br><code>Radar COVID is the official COVID-19 exposure notification app for Spain. In affected versions of Radar COVID, identification and de-anonymization of COVID-19 positive users that upload Radar COVID TEKs to the Radar COVID server is possible. This vulnerability enables the identification and de-anonymization of COVID-19 positive users when using Radar COVID. The vulnerability is caused by the fact that Radar COVID connections to the server (uploading of TEKs to the backend) are only made by COVID-19 positives. Therefore, any on-path observer with the ability to monitor traffic between the app and the server can identify which users had a positive test. Such an adversary can be the mobile network operator (MNO) if the connection is done through a mobile network, the Internet Service Provider (ISP) if the connection is done through the Internet (e.g., a home network), a VPN provider used by the user, the local network operator in the case of enterprise networks, or any eavesdropper with access to the same network (WiFi or Ethernet) as the user as could be the case of public WiFi hotspots deployed at shopping centers, airports, hotels, and coffee shops. The attacker may also de-anonymize the user. For this additional stage to succeed, the adversary needs to correlate Radar COVID traffic to other identifiable information from the victim. This could be achieved by associating the connection to a contract with the name of the victim or by associating Radar COVID traffic to other user-generated flows containing identifiers in the clear (e.g., HTTP cookies or other mobile flows sending unique identifiers like the IMEI or the AAID without encryption). The former can be executed, for instance, by the Internet Service Provider or the MNO. The latter can be executed by any on-path adversary, such as the network provider or even the cloud provider that hosts more than one service accessed by the victim. The farther the adversary is either from the victim (the client) or the end-point (the server), the less likely it may be that the adversary has access to re-identification information. The vulnerability has been mitigated with the injection of dummy traffic from the application to the backend. Dummy traffic is generated by all users independently of whether they are COVID-19 positive or not. The issue was fixed in iOS in version 1.0.8 (uniform distribution), 1.1.0 (exponential distribution), Android in version 1.0.7 (uniform distribution), 1.1.0 (exponential distribution), Backend in version 1.1.2-RELEASE. For more information see the referenced GitHub Security Advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26230">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16322">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:33:57">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-7962 ‼</strong><br><br><code>An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7962">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16323">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:33:58">
18:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-13638 ‼</strong><br><br><code>lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16324">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:34:00">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-12313 ‼</strong><br><br><code>Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12313">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16325">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:34:01">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-6157 ‼</strong><br><br><code>Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6157">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16326">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 18:34:02">
18:34
       </div>

       <div class="text">
<strong>‼ CVE-2020-27217 ‼</strong><br><br><code>In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27217">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16327">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 19:18:05">
19:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Apple Issues Security Updates 🕴</strong><br><br><code>Vulnerabilities found in three most recent versions of macOS.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/apple-issues-security-updates/d/d-id/1339446?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16328">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 20:33:57">
20:33
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28638 ‼</strong><br><br><code>ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users&apos; files to be encrypted with &quot;tomb {W] Detected DISPLAY, but only pinentry-curses is found.&quot; as the encryption key.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16329">

      <div class="body">

       <div class="pull_right date details" title="13.11.2020 20:33:58">
20:33
       </div>

       <div class="text">
<strong>‼ CVE-2020-15481 ‼</strong><br><br><code>An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15481">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-680">

      <div class="body details">
15 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16330">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 14:36:18">
14:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7772 ‼</strong><br><br><code>This affects the package doc-path before 2.1.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16331">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 22:36:42">
22:36
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-19562 ‼</strong><br><br><code>An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16332">

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 22:36:44">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-19561 ‼</strong><br><br><code>A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16333">

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 22:36:45">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-19557 ‼</strong><br><br><code>A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16334">

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 22:36:46">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-19556 ‼</strong><br><br><code>An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16335">

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 22:36:47">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-19563 ‼</strong><br><br><code>A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16336">

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 22:36:48">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2020-28268 ‼</strong><br><br><code>Prototype pollution vulnerability in &apos;controlled-merge&apos; versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28268">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16337">

      <div class="body">

       <div class="pull_right date details" title="15.11.2020 22:36:48">
22:36
       </div>

       <div class="text">
<strong>‼ CVE-2019-19560 ‼</strong><br><br><code>A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19560">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-681">

      <div class="body details">
16 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16338">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 10:12:48">
10:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut ❌</strong><br><br><code>A report on the underground economy finds that malicious actors are offering cloud-based troves of stolen data, accessible with handy tools to slice and dice what&apos;s on offer.</code><br><br><a href="https://threatpost.com/cybercrime-cloud-accelerate-attacks-data-glut/161243/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16339">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 10:37:22">
10:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-8897 ‼</strong><br><br><code>A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM (and other AEAD ciphers such as AES-GCM-SIV or (X)ChaCha20Poly1305) used by the SDKs to encrypt messages, an attacker can craft a unique cyphertext which will decrypt to multiple different results, and becomes especially relevant in a multi-recipient setting. We recommend users update their SDK to 2.0.0 or later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8897">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16340">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 10:37:23">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-7765 ‼</strong><br><br><code>This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7765">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16341">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 10:37:24">
10:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-7773 ‼</strong><br><br><code>This affects the package markdown-it-highlightjs before 3.3.1. It is possible insert malicious JavaScript as a value of lang in the markdown-it-highlightjs Inline code highlighting feature. const markdownItHighlightjs = require(&quot;markdown-it-highlightjs&quot;); const md = require(&apos;markdown-it&apos;); const reuslt_xss = md() .use(markdownItHighlightjs, { inline: true }) .render(&apos;console.log(42){.&quot;&gt;js}&apos;); console.log(reuslt_xss);</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7773">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16342">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 11:20:02">
11:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 A Call for Change in Physical Security 🕴</strong><br><br><code>We&apos;re at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?</code><br><br><a href="https://www.darkreading.com/physical-security/a-call-for-change-in-physical-security/a/d-id/1339312?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16343">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 12:25:03">
12:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep6: How not to get scammed [Podcast] ⚠</strong><br><br><code>New episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/12/s3-ep6-how-not-to-get-scammed-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16344">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 12:25:04">
12:25
       </div>

       <div class="text">
<strong>⚠ How to do cybersecurity – join us online for the Sophos Evolve event! ⚠</strong><br><br><code>Join us this week or next week for a free online event to learn how cybersecurity is evolving, and why.</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/16/how-to-do-cybersecurity-join-us-online-for-the-sophos-evolve-event/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16345">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:12:57">
14:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Exposed Database Reveals 100K+ Compromised Facebook Accounts ❌</strong><br><br><code>Cybercriminals left an ElasticSearch database exposed, revealing a global attack that compromised Facebook accounts and used them to scam others.</code><br><br><a href="https://threatpost.com/exposed-database-100k-facebook-accounts/161247/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16346">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:25:11">
14:25
       </div>

       <div class="text">
<strong>🛠 nfstream 6.2.3 🛠</strong><br><br><code>nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.</code><br><br><a href="https://packetstormsecurity.com/files/160094/nfstream-6.2.3.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16347">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:25:13">
14:25
       </div>

       <div class="text">
<strong>🛠 Machosec 1.0 🛠</strong><br><br><code>Machosec is a script that checks the security of Mach-O 64-bit executables and application bundles for dyld injection vulnerabilities, LC_RPATH vulnerabilities leading to dyld injection, symlinks pointing to attacker controlled locations, writable by others vulnerabilities, missing stack canaries, disabled PIE (ASLR), and disabled FORTIFY_SOURCE (keeping insecure functions such as strcpy, memcpy etc.).</code><br><br><a href="https://packetstormsecurity.com/files/160084/machosec-v1.0.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16348">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:35">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27422 ‼</strong><br><br><code>In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn&apos;t expire once used, allowing an attacker to use the same link to takeover the account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27422">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16349">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:36">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-25209 ‼</strong><br><br><code>In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25209">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16350">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:37">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27627 ‼</strong><br><br><code>JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27627">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16351">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:38">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-13772 ‼</strong><br><br><code>In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16352">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:39">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-25207 ‼</strong><br><br><code>JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25207">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16353">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:40">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-13769 ‼</strong><br><br><code>LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13769">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16354">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:41">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27626 ‼</strong><br><br><code>JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27626">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16355">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:42">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27423 ‼</strong><br><br><code>Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user&apos;s mailbox</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27423">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16356">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:43">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27622 ‼</strong><br><br><code>In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27622">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16357">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:44">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-26129 ‼</strong><br><br><code>In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16358">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:45">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-25013 ‼</strong><br><br><code>JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25013">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16359">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:46">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27625 ‼</strong><br><br><code>In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27625">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16360">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:47">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27459 ‼</strong><br><br><code>Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post. If any user sees the post, the inserted XSS code is executed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27459">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16361">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:48">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-13773 ‼</strong><br><br><code>Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13773">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16362">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:49">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-24366 ‼</strong><br><br><code>Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24366">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16363">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:50">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27623 ‼</strong><br><br><code>JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27623">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16364">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:51">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-25952 ‼</strong><br><br><code>SQL injection vulnerability in PHPGurukul User Registration &amp; Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25952">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16365">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:52">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-25210 ‼</strong><br><br><code>In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25210">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16366">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:53">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27191 ‼</strong><br><br><code>LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27191">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16367">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:37:54">
14:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27628 ‼</strong><br><br><code>In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27628">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16368">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 14:55:04">
14:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – Don’t get hoaxed (pass it on)! ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Live video - enjoy (and please share with your friends)!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/16/naked-security-live-dont-get-hoaxed-pass-it-on/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16369">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 15:43:01">
15:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Hacked Security Software Used in Novel South Korean Supply-Chain Attack ❌</strong><br><br><code>Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea.</code><br><br><a href="https://threatpost.com/hacked-software-south-korea-supply-chain-attack/161257/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16370">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:20:12">
16:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Zoom Debuts New Tools to Fight Meeting Disruptions 🕴</strong><br><br><code>Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.</code><br><br><a href="https://www.darkreading.com/endpoint/zoom-debuts-new-tools-to-fight-meeting-disruptions/d/d-id/1339447?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16371">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:42">
16:37
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27988 ‼</strong><br><br><code>Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16372">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:44">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4665 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16373">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:45">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-27990 ‼</strong><br><br><code>Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16374">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:46">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-23490 ‼</strong><br><br><code>There was a local file disclosure vulnerability in AVideo &lt; 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23490">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16375">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:48">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4672 ‼</strong><br><br><code>IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4672">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16376">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:49">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4647 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4647">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16377">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:50">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4671 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4671">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16378">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:51">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4763 ‼</strong><br><br><code>IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4763">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16379">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:52">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4655 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 186091.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4655">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16380">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:56">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4700 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16381">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:57">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4705 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16382">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:58">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4476 ‼</strong><br><br><code>IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4476">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16383">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:37:59">
16:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-4475 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4475">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16384">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:38:00">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-23489 ‼</strong><br><br><code>The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23489">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16385">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:38:01">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-27991 ‼</strong><br><br><code>Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16386">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:38:02">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-28723 ‼</strong><br><br><code>Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16387">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:38:03">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-27989 ‼</strong><br><br><code>Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16388">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:38:05">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-4692 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4692">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16389">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:38:06">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-28692 ‼</strong><br><br><code>In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28692">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16390">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:38:08">
16:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-4566 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16391">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 16:52:26">
16:52
       </div>

       <div class="text">
<strong>🦿 Cybersecurity: Top hackers make big money from bug bounties 🦿</strong><br><br><code>You might not make a million dollars, but hackers are making good money from reporting vulnerabilities.</code><br><br><a href="https://www.techrepublic.com/videos/cybersecurity-top-hackers-make-big-money-from-bug-bounties/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16392">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 17:43:20">
17:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Citrix SD-WAN Bugs Allow Remote Code Execution ❌</strong><br><br><code>The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center.</code><br><br><a href="https://threatpost.com/citrix-sd-wan-bugs-remote-code-execution/161274/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16393">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 17:52:28">
17:52
       </div>

       <div class="text">
<strong>🦿 Data is worth its weight in gold 🦿</strong><br><br><code>IT leaders are placing an increased, permanent focus on the value of data, digital transformation, and security, a new survey finds.</code><br><br><a href="https://www.techrepublic.com/article/data-is-worth-its-weight-in-gold/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16394">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 17:57:36">
17:57
       </div>

       <div class="text">
<strong>🔏 Amendments to Singapore&apos;s Personal Data Protection Act Take Effect 🔏</strong><br><br><code>Singapore&apos;s recently amended Personal Data Protection Act (PDPA) increases the penalizations imposed on companies for data breaches and recognizes the rights of individuals to protect their personal data.</code><br><br><a href="https://digitalguardian.com/blog/amendments-singapores-personal-data-protection-act-take-effect">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16395">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 18:25:08">
18:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Twitter Taps Mudge 🕴</strong><br><br><code>Noted security researcher Peiter Zatko joins the social network as head of security.</code><br><br><a href="https://www.darkreading.com/careers-and-people/twitter-taps-mudge/d/d-id/1339451?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16396">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 18:37:47">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-5424 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5424">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16397">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 18:37:48">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-26510 ‼</strong><br><br><code>Airleader Master &lt;= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26510">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16398">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 18:37:49">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-26508 ‼</strong><br><br><code>The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26508">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16399">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 18:37:50">
18:37
       </div>

       <div class="text">
<strong>‼ CVE-2020-26509 ‼</strong><br><br><code>Airleader Master and Easy &lt;= 6.21 devices have default credentials that can be used for a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26509">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16400">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 19:13:23">
19:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Attackers Target Porn Site Goers in ‘Malsmoke’ Zloader Attack ❌</strong><br><br><code>A fake Java update found on various porn sites actually downloads the well-known Zloader malware.</code><br><br><a href="https://threatpost.com/attackers-porn-malsmoke-zloader-attack/161277/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16401">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 19:13:24">
19:13
       </div>

       <div class="text">
<strong>❌ Dating Site Bumble Leaves Swipes Unsecured for 100M Users ❌</strong><br><br><code>An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.</code><br><br><a href="https://threatpost.com/dating-site-bumble-swipes-unsecured-100m-users/161276/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16402">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 19:19:27">
19:19
       </div>

       <div class="text">
<strong>🕴 Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review 🕴</strong><br><br><code>From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre&apos;s (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.</code><br><br><a href="https://www.darkreading.com/physical-security/global-pandemic-fuels-cyber-threat-workload-for-national-cyber-security-centre-shows-annual-review/d/d-id/1339452?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16403">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 19:25:08">
19:25
       </div>

       <div class="text">
<strong>⚠ Cult videogame company Capcom pays a big round $0.00 to ransomware crooks ⚠</strong><br><br><code>Bad news: data stolen, data dumped, customers affected. Good news: crooks got $0. The ransom was $11M, so that&apos;s a big deal!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/16/cult-videogame-company-capcom-pays-a-big-round-0-00-to-ransomware-crooks/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16404">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 19:50:18">
19:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Breakdown of a Break-in: A Manufacturer&apos;s Ransomware Response 🕴</strong><br><br><code>The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/breakdown-of-a-break-in-a-manufacturers-ransomware-response/d/d-id/1339453?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16405">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 19:53:20">
19:53
       </div>

       <div class="text">
<strong>🦿 4 ways to keep your company&apos;s and customers&apos; data private and build trust 🦿</strong><br><br><code>Implementing appropriate data privacy is critical for company operations and success. Learn some of the challenges and solutions recommended to do the job right.</code><br><br><a href="https://www.techrepublic.com/article/4-ways-to-keep-your-companys-and-customers-data-private-and-build-trust/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16406">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:01">
20:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26224 ‼</strong><br><br><code>In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26224">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16407">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:02">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2020-27483 ‼</strong><br><br><code>Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27483">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16408">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:03">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2020-27485 ‼</strong><br><br><code>Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27485">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16409">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:04">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2020-28693 ‼</strong><br><br><code>An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/&lt;php_file_name&gt;</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28693">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16410">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:05">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2020-26217 ‼</strong><br><br><code>XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream&apos;s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26217">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16411">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:06">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2020-27484 ‼</strong><br><br><code>Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27484">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16412">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:07">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2020-27486 ‼</strong><br><br><code>Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27486">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16413">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:44:08">
20:44
       </div>

       <div class="text">
<strong>‼ CVE-2020-26225 ‼</strong><br><br><code>In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users&apos; web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26225">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16414">

      <div class="body">

       <div class="pull_right date details" title="16.11.2020 20:52:30">
20:52
       </div>

       <div class="text">
<strong>🦿 How to secure your Zoom account with two-factor authentication 🦿</strong><br><br><code>Follow these steps to better protect your Zoom account with a second layer of authentication.</code><br><br><a href="https://www.techrepublic.com/article/how-to-secure-your-zoom-account-with-two-factor-authentication/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-682">

      <div class="body details">
17 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16415">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:19">
03:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-15349 ‼</strong><br><br><code>BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16416">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:20">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25832 ‼</strong><br><br><code>Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25832">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16417">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:21">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-11851 ‼</strong><br><br><code>Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11851">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16418">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:22">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-27131 ‼</strong><br><br><code>Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27131">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16419">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:23">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-27130 ‼</strong><br><br><code>A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16420">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:24">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13353 ‼</strong><br><br><code>When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. Affected versions are: &gt;=1.79.0, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13353">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16421">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:25">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25834 ‼</strong><br><br><code>Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25834">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16422">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:26">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-27125 ‼</strong><br><br><code>A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27125">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16423">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:27">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13352 ‼</strong><br><br><code>Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: &gt;=10.2, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16424">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:28">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-27192 ‼</strong><br><br><code>BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift&apos;s helper tool.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27192">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16425">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:29">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25705 ‼</strong><br><br><code>A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16426">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:30">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13358 ‼</strong><br><br><code>A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: &gt;=13.4, &lt;13.4.5,&gt;=13.3, &lt;13.3.9,&gt;=13.5, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13358">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16427">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:31">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-13354 ‼</strong><br><br><code>A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: &gt;=12.6, &lt;13.3.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13354">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16428">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:32">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-10776 ‼</strong><br><br><code>A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10776">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16429">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:33">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-11860 ‼</strong><br><br><code>Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11860">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16430">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:37">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-14389 ‼</strong><br><br><code>It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16431">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:38">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-26406 ‼</strong><br><br><code>Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: &gt;=13.3, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26406">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16432">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 03:38:39">
03:38
       </div>

       <div class="text">
<strong>‼ CVE-2020-25833 ‼</strong><br><br><code>Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25833">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16433">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 11:20:48">
11:20
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs ❌</strong><br><br><code>Attackers can exploit the feature and send people’s data directly to remote servers, posing a privacy and security risk, researchers said.</code><br><br><a href="https://threatpost.com/some-apple-apps-on-macos-big-sur-bypass-content-filters-vpns/161295/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16434">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 11:20:49">
11:20
       </div>

       <div class="text">
<strong>🕴 Ransomware Operator Promotes Distributed Storage for Stolen Data 🕴</strong><br><br><code>The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/ransomware-operator-promotes-distributed-storage-for-stolen-data/d/d-id/1339457?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16435">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:39:01">
12:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28687 ‼</strong><br><br><code>The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28687">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16436">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:39:02">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-7774 ‼</strong><br><br><code>This affects the package y18n before 5.0.5. PoC by po6ix: const y18n = require(&apos;y18n&apos;)(); y18n.setLocale(&apos;__proto__&apos;); y18n.updateLocale({polluted: true}); console.log(polluted); // true</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7774">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16437">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:39:03">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-25746 ‼</strong><br><br><code>QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16438">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:39:04">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28647 ‼</strong><br><br><code>In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim&apos;s browser (XSS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28647">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16439">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:39:05">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-7841 ‼</strong><br><br><code>Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7841">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16440">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:39:06">
12:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28688 ‼</strong><br><br><code>The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16441">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:44:12">
12:44
       </div>

       <div class="text">
<strong>❌ Cisco Patches Critical Flaw After PoC Exploit Code Release ❌</strong><br><br><code>A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.</code><br><br><a href="https://threatpost.com/critical-cisco-flaw-sensitive-data/161305/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16442">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 12:50:51">
12:50
       </div>

       <div class="text">
<strong>🕴 An Inside Look at an Account Takeover 🕴</strong><br><br><code>AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.</code><br><br><a href="https://www.darkreading.com/edge/theedge/an-inside-look-at-an-account-takeover/b/d-id/1339461?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16443">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 13:27:23">
13:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 GNU Privacy Guard 2.2.24 🛠</strong><br><br><code>GnuPG (the GNU Privacy Guard or GPG) is GNU&apos;s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.</code><br><br><a href="https://packetstormsecurity.com/files/160111/gnupg-2.2.24.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16444">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 13:50:57">
13:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Security Risks Discovered in Tesla Backup Gateway 🕴</strong><br><br><code>Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/security-risks-discovered-in-tesla-backup-gateway/d/d-id/1339462?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16445">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:07">
14:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27558 ‼</strong><br><br><code>Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27558">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16446">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:09">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-27554 ‼</strong><br><br><code>Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16447">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:10">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-27553 ‼</strong><br><br><code>A directory traversal vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to gain access to sensitive information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16448">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:11">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-25798 ‼</strong><br><br><code>A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25798">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16449">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:12">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-13958 ‼</strong><br><br><code>A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16450">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:14">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-27555 ‼</strong><br><br><code>Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27555">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16451">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:15">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-27556 ‼</strong><br><br><code>A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16452">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:16">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-27557 ‼</strong><br><br><code>Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16453">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:39:17">
14:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-21665 ‼</strong><br><br><code>In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the &apos;table&apos; parameter passed is not filtered so a malicious parameter can be passed for SQL injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21665">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16454">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 14:45:12">
14:45
       </div>

       <div class="text">
<strong>❌ Zoom Takes on Zoom-Bombers Following FTC Settlement ❌</strong><br><br><code>The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.</code><br><br><a href="https://threatpost.com/zoom-bombers-ftc-settlement/161312/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16455">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 15:21:00">
15:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Chart: Undisputed Increase in Paid Claims 🕴</strong><br><br><code>While the number of enterprises that hold cyber insurance might not have increased significantly over the past year, the number of enterprises that have successfully filed a breach insurance claim has.</code><br><br><a href="https://www.darkreading.com/edge/theedge/chart-undisputed-increase-in-paid-claims/b/d-id/1339464?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16456">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:21:02">
16:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Researchers Scan for Supply-Side Threats in Open Source 🕴</strong><br><br><code>A recent project to scan the main Python repository&apos;s 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.</code><br><br><a href="https://www.darkreading.com/application-security/researchers-scan-for-supply-side-threats-in-open-source/d/d-id/1339465?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16457">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:21:03">
16:21
       </div>

       <div class="text">
<strong>🕴 To Pay or Not to Pay: Responding to Ransomware From a Lawyer&apos;s Perspective 🕴</strong><br><br><code>The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.</code><br><br><a href="https://www.darkreading.com/risk/to-pay-or-not-to-pay-responding-to-ransomware-from-a-lawyers-perspective-/a/d-id/1339367?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16458">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:39:13">
16:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26701 ‼</strong><br><br><code>Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16459">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:39:14">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-13351 ‼</strong><br><br><code>Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are &gt;=13.0, &lt;13.3.9,&gt;=13.4.0, &lt;13.4.5,&gt;=13.5.0, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16460">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:39:15">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-25400 ‼</strong><br><br><code>Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25400">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16461">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:39:16">
16:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-13350 ‼</strong><br><br><code>CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who&apos;s able to target GitLab instance administrators to pause/resume runners. Affected versions are &gt;=13.5.0, &lt;13.5.2,&gt;=13.4.0, &lt;13.4.5,&lt;13.3.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16462">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:44:21">
16:44
       </div>

       <div class="text">
<strong>❌ COVID-19 Antigen Firm Hit by Malware Attack ❌</strong><br><br><code>Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack.</code><br><br><a href="https://threatpost.com/covid-19-antigen-malware-attack/161317/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16463">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 16:52:51">
16:52
       </div>

       <div class="text">
<strong>🦿 The team behind the Essential PH-1 is back, and privacy is their focus 🦿</strong><br><br><code>A key member of the now-defunct Essential company has returned, and privacy is his goal. Jack Wallen digs in to try and make sense of what&apos;s to come with OSOM.</code><br><br><a href="https://www.techrepublic.com/article/the-team-behind-the-essential-ph-1-is-back-and-privacy-is-their-focus/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16464">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 17:58:19">
17:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 Google Fixes Zero Days, NAT Slipstream Attack, in Chrome 🔏</strong><br><br><code>Just days after fixing two zero day vulnerabilities, Google has rolled out yet another version of its Chrome browser, resolving a fix for last month&apos;s NAT Slipstream attack.</code><br><br><a href="https://digitalguardian.com/blog/google-fixes-zero-days-nat-slipstream-attack-chrome">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16465">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:22:52">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Google Authenticator: How to move from one iPhone or Android device to another 🦿</strong><br><br><code>If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.</code><br><br><a href="https://www.techrepublic.com/videos/google-authenticator-how-to-move-from-one-iphone-or-android-device-to-another/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16466">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:20">
18:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25988 ‼</strong><br><br><code>UPNP/Freeciv Service on port 5555 in Genexis Platinum 4410 Router V2.1 has an action &apos;X_GetAccess&apos; which leaks the credentials of &apos;admin&apos; account if the attacker is on the same network.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25988">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16467">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:21">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28139 ‼</strong><br><br><code>SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28139">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16468">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:22">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-13349 ‼</strong><br><br><code>An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are &gt;=8.12, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13349">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16469">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:24">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28140 ‼</strong><br><br><code>SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28140">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16470">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:25">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28133 ‼</strong><br><br><code>An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28133">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16471">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:26">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26405 ‼</strong><br><br><code>Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are &gt;=12.8, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26405">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16472">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:27">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28138 ‼</strong><br><br><code>SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28138">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16473">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:28">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28136 ‼</strong><br><br><code>An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28136">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16474">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:39:29">
18:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-13348 ‼</strong><br><br><code>An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are &gt;=10.2, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16475">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:45:23">
18:45
       </div>

       <div class="text">
<strong>❌ ThreatList: Pharma Mobile Phishing Attacks Turn to Malware ❌</strong><br><br><code>After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.</code><br><br><a href="https://threatpost.com/threatlist-pharma-mobile-phishing-attacks-turn-to-malware/161318/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16476">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:45:24">
18:45
       </div>

       <div class="text">
<strong>❌ Defining Security Policies to Manage Remote Insider Threats ❌</strong><br><br><code>This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population.</code><br><br><a href="https://threatpost.com/defining-policies-manage-remote-insider-threats/161327/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16477">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 18:51:03">
18:51
       </div>

       <div class="text">
<strong>🕴 Vulnerability Prioritization Tops Security Pros&apos; Challenges 🕴</strong><br><br><code>Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/vulnerability-prioritization-tops-security-pros-challenges/a/d-id/1339318?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16478">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 19:44:27">
19:44
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Multiple Industrial Control System Vendors Warn of Critical Bugs ❌</strong><br><br><code>Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.</code><br><br><a href="https://threatpost.com/ics-vendors-warn-critical-bugs/161333/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16479">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:21:08">
20:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 EFF, Security Experts Condemn Politicization of Election Security 🕴</strong><br><br><code>Open letter, signed by high-profile security professionals and organizations, urges White House to &quot;reverse course and support election security.&quot;</code><br><br><a href="https://www.darkreading.com/threat-intelligence/eff-security-experts-condemn-politicization-of-election-security-/d/d-id/1339468?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16480">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:27">
20:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26551 ‼</strong><br><br><code>An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16481">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:28">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28129 ‼</strong><br><br><code>Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields &apos;Package Name&apos; and &apos;Description&apos;.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16482">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:29">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26549 ‼</strong><br><br><code>An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26549">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16483">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:30">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26553 ‼</strong><br><br><code>An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16484">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:31">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26550 ‼</strong><br><br><code>An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16485">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:32">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-25890 ‼</strong><br><br><code>The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in &quot;Machine Address Book&quot;. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16486">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:33">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28092 ‼</strong><br><br><code>PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&amp;m=Task&amp;a=my&amp;status=3&amp;id=,?g=Team&amp;m=Task&amp;a=my&amp;status=0&amp;id=,?g=Team&amp;m=Task&amp;a=my&amp;status=1&amp;id=,?g=Team&amp;m=Task&amp;a=my&amp;status=10&amp;id=</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28092">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16487">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:34">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26552 ‼</strong><br><br><code>An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26552">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16488">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:35">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28914 ‼</strong><br><br><code>An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28914">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16489">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:37">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26548 ‼</strong><br><br><code>An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16490">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:38">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-26216 ‼</strong><br><br><code>TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26216">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16491">

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 20:39:39">
20:39
       </div>

       <div class="text">
<strong>‼ CVE-2020-28130 ‼</strong><br><br><code>An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28130">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16492">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 21:21:11">
21:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Nearly Two Dozen AWS APIs Are Vulnerable to Abuse 🕴</strong><br><br><code>Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.</code><br><br><a href="https://www.darkreading.com/cloud/nearly-two-dozen-aws-apis-are-vulnerable-to-abuse/d/d-id/1339471?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16493">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="17.11.2020 22:39:34">
22:39
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28183 ‼</strong><br><br><code>SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28183">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-683">

      <div class="body details">
18 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16494">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 08:40:06">
08:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28917 ‼</strong><br><br><code>An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28917">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16495">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 08:40:07">
08:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28915 ‼</strong><br><br><code>A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28915">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16496">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 10:14:57">
10:14
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Firing of CISA Chief Christopher Krebs Widely Condemned ❌</strong><br><br><code>President Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.</code><br><br><a href="https://threatpost.com/firing-of-krebs-condemned/161338/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16497">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 10:53:14">
10:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft&apos;s new security chip takes PC protection to a higher level 🦿</strong><br><br><code>Intel, AMD and Qualcomm will use the Microsoft-designed Pluton security processor from Xbox One and Azure Sphere in future SoCs to deliver better protection than a TPM.</code><br><br><a href="https://www.techrepublic.com/article/microsofts-new-security-chip-takes-pc-protection-to-a-higher-level/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16498">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 10:53:15">
10:53
       </div>

       <div class="text">
<strong>🦿 Zoom: These new features will prevent trolls and meeting-crashers 🦿</strong><br><br><code>Zoom hosts can now pause a meeting while they remove a disruptive participant, and a new web-scanning tool will seek out compromised meeting links.</code><br><br><a href="https://www.techrepublic.com/article/zoom-these-new-features-will-prevent-trolls-and-meeting-crashers/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16499">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 10:53:16">
10:53
       </div>

       <div class="text">
<strong>🦿 &quot;123456&quot; tops list of most common passwords for 2020 🦿</strong><br><br><code>People are still using very simple passwords, with many of them similar to the ones they used in 2019, according to NordPass.</code><br><br><a href="https://www.techrepublic.com/article/123456-tops-list-of-most-common-passwords-for-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16500">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 10:53:17">
10:53
       </div>

       <div class="text">
<strong>🦿 How to improve the security of your public cloud 🦿</strong><br><br><code>Almost all the professionals who responded to a survey from BitGlass were concerned about the security of their public cloud apps and data.</code><br><br><a href="https://www.techrepublic.com/article/how-to-improve-the-security-of-your-public-cloud/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16501">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 11:21:37">
11:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Researchers Say They&apos;ve Developed Fastest Open Source IDS/IPS 🕴</strong><br><br><code>With a five-processor core, &quot;Pigasus&quot; delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University&apos;s CyLab.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/researchers-say-theyve-developed-fastest-open-source-ids-ips/d/d-id/1339472?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16502">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 11:25:08">
11:25
       </div>

       <div class="text">
<strong>⚠ Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world ⚠</strong><br><br><code>Here&apos;s the latest Sophos Threat Report - learn what cybercriminals are up to on Windows, Linux, Android and more</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/18/sophos-threat-report-2021/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16503">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:21:38">
12:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How to Identify Cobalt Strike on Your Network 🕴</strong><br><br><code>Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/how-to-identify-cobalt-strike-on-your-network/a/d-id/1339357?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16504">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:24:40">
12:24
       </div>

       <div class="text">
<strong>🦿 Security experts level criticism at Apple after Big Sur launch issues 🦿</strong><br><br><code>Users took to social media to complain about slow systems with one report pointing to an OCSP responder as the culprit.</code><br><br><a href="https://www.techrepublic.com/article/security-experts-level-criticism-at-apple-after-big-sur-launch-issues/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16505">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:24:41">
12:24
       </div>

       <div class="text">
<strong>🦿 66% of companies say it would take 5 or more days to fully recover from a ransomware attack ransom not paid 🦿</strong><br><br><code>Veritas research finds data protection strategies are not keeping pace with the complexity of the attacks enterprises are facing.</code><br><br><a href="https://www.techrepublic.com/article/66-of-companies-say-it-would-take-5-or-more-days-to-fully-recover-from-a-ransomware-attack-ransom-not-paid/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16506">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:24:42">
12:24
       </div>

       <div class="text">
<strong>🦿 How remote working poses security risks for your organization 🦿</strong><br><br><code>Companies are at greater risk due to phishing attacks, password sharing, and unsecured personal devices, says SailPoint.</code><br><br><a href="https://www.techrepublic.com/article/how-remote-working-poses-security-risks-for-your-organization/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16507">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:40:16">
12:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-24723 ‼</strong><br><br><code>Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration &amp; Login and User Management System With admin panel 2.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16508">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:40:17">
12:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-7562 ‼</strong><br><br><code>A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16509">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:40:18">
12:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-7564 ‼</strong><br><br><code>A CWE-120: Buffer Copy without Checking Size of Input (&apos;Classic Buffer Overflow&apos;) vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7564">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16510">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:40:19">
12:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-7563 ‼</strong><br><br><code>A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16511">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 12:40:20">
12:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28361 ‼</strong><br><br><code>Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28361">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16512">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 14:45:04">
14:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Chrome 87 Closes High-Severity ‘NAT Slipstreaming’ Hole ❌</strong><br><br><code>Overall Google&apos;s Chrome 87 release fixed 33 security vulnerabilities.</code><br><br><a href="https://threatpost.com/google-chrome-87-nat-slipstreaming-flaw/161344/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16513">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 14:51:43">
14:51
       </div>

       <div class="text">
<strong>🕴 As Businesses Move to Multicloud Approach, Ransomware Follows 🕴</strong><br><br><code>The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.</code><br><br><a href="https://www.darkreading.com/cloud/as-businesses-move-to-multicloud-approach-ransomware-follows/d/d-id/1339475?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16514">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 15:21:43">
15:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Trump Fires CISA Director Chris Krebs 🕴</strong><br><br><code>Christopher Krebs was fired via tweet shortly after the Cybersecurity and Infrastructure Security Agency called the 2020 election &quot;the most secure in American history.&quot;</code><br><br><a href="https://www.darkreading.com/threat-intelligence/trump-fires-cisa-director-chris-krebs/d/d-id/1339476?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16515">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 15:24:45">
15:24
       </div>

       <div class="text">
<strong>🦿 Linux and open source: The biggest issue in 2020 🦿</strong><br><br><code>This year was rough for all involved--even Linux and open source didn&apos;t come through unscathed. See what Jack Wallen considers to be the biggest issue for Linux in 2020.</code><br><br><a href="https://www.techrepublic.com/article/linux-and-open-source-the-biggest-issue-in-2020/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16516">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:15:09">
16:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cisco Webex ‘Ghost’ Flaw Opens Meetings to Snooping ❌</strong><br><br><code>Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.</code><br><br><a href="https://threatpost.com/cisco-webex-flaw-snooping/161355/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16517">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:21:45">
16:21
       </div>

       <div class="text">
<strong>🕴 Out With the Old Perimeter, in With the New Perimeters 🕴</strong><br><br><code>A confluence of trends and events has exploded the whole idea of &quot;the perimeter.&quot; Now there are many perimeters, and businesses must adjust accordingly.</code><br><br><a href="https://www.darkreading.com/perimeter/out-with-the-old-perimeter-in-with-the-new-perimeters/a/d-id/1339309?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16518">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:28">
16:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26079 ‼</strong><br><br><code>A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26079">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16519">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:29">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28362 ‼</strong><br><br><code>Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28362">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16520">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:30">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26076 ‼</strong><br><br><code>A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26076">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16521">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:31">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26097 ‼</strong><br><br><code>** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26097">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16522">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:32">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26075 ‼</strong><br><br><code>A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26075">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16523">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:33">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28366 ‼</strong><br><br><code>Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28366">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16524">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:34">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26068 ‼</strong><br><br><code>A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device. The vulnerability is due to insufficient access authorization. An attacker could exploit this vulnerability by using the xAPI service to generate a specific token. A successful exploit could allow the attacker to use the generated token to enable experimental features on the device that should not be available to users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26068">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16525">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:35">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26080 ‼</strong><br><br><code>A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26080">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16526">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:36">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26078 ‼</strong><br><br><code>A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26078">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16527">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:40">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3392 ‼</strong><br><br><code>A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3392">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16528">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:41">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-4592 ‼</strong><br><br><code>IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4592">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16529">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:42">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26081 ‼</strong><br><br><code>Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26081">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16530">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:42">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26554 ‼</strong><br><br><code>REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16531">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:43">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28091 ‼</strong><br><br><code>cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28091">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16532">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:47">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26072 ‼</strong><br><br><code>A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16533">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:48">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26077 ‼</strong><br><br><code>A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26077">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16534">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:49">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26933 ‼</strong><br><br><code>Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16535">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:50">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-27126 ‼</strong><br><br><code>A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16536">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:51">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28367 ‼</strong><br><br><code>Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16537">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:40:52">
16:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3367 ‼</strong><br><br><code>A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3367">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16538">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 16:53:19">
16:53
       </div>

       <div class="text">
<strong>🦿 Webex security flaw allows people to secretly sneak into meetings as &quot;ghosts&quot; 🦿</strong><br><br><code>Now patched by Cisco, three flaws in Webex would have given intruders full access to a meeting without being seen, says IBM.</code><br><br><a href="https://www.techrepublic.com/article/webex-security-flaw-allows-people-to-secretly-sneak-into-meetings-as-ghosts/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16539">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 17:15:12">
17:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ LAPD Bans Facial Recognition, Citing Privacy Concerns ❌</strong><br><br><code>The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.</code><br><br><a href="https://threatpost.com/lapd-facial-recognition-privacy-concerns/161364/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16540">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 17:28:51">
17:28
       </div>

       <div class="text">
<strong>🔏 Congress Passes IoT Bill, Last Hurdle to Becoming Law 🔏</strong><br><br><code>The bill, which would establish cybersecurity guidelines for IoT devices purchased by the U.S. government, is on track to become law.</code><br><br><a href="https://digitalguardian.com/blog/congress-passes-iot-bill-last-hurdle-becoming-law">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16541">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:23:22">
18:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 GoPhish: How to run a phishing attack simulation 🦿</strong><br><br><code>Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.</code><br><br><a href="https://www.techrepublic.com/videos/gophish-how-to-run-a-phishing-attack-simulation/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16542">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:33">
18:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28580 ‼</strong><br><br><code>A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28580">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16543">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:34">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28579 ‼</strong><br><br><code>A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28579">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16544">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:35">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28574 ‼</strong><br><br><code>A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product&apos;s management console.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28574">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16545">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:36">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3586 ‼</strong><br><br><code>A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on the underling operating system with privileges of the web-based management application, which is running as a restricted user. This could result in changes being made to pages served by the web-based management application impacting the integrity or availability of the web-based management application.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16546">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:37">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-27695 ‼</strong><br><br><code>Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27695">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16547">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:38">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-27696 ‼</strong><br><br><code>Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27696">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16548">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:39">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3441 ‼</strong><br><br><code>A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16549">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:40">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3482 ‼</strong><br><br><code>A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3482">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16550">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:40">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3419 ‼</strong><br><br><code>A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list. This vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit requires the attacker to have access to join a Webex meeting, including applicable meeting join links and passwords. The attacker could then exploit this vulnerability to join meetings, without appearing in the participant list, while having full access to audio, video, chat, and screen sharing capabilities.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3419">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16551">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:41">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3531 ‼</strong><br><br><code>A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system. The vulnerability exists because the affected software does not properly authenticate REST API calls. An attacker could exploit this vulnerability by obtaining a cross-site request forgery (CSRF) token and then using the token with REST API requests. A successful exploit could allow the attacker to access the back-end database of the affected device and read, alter, or drop information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3531">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16552">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:45">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3470 ‼</strong><br><br><code>Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3470">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16553">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:46">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28578 ‼</strong><br><br><code>A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28578">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16554">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:47">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28572 ‼</strong><br><br><code>A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28572">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16555">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:48">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-28581 ‼</strong><br><br><code>A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28581">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16556">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:49">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-27697 ‼</strong><br><br><code>Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27697">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16557">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 18:40:50">
18:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-3471 ‼</strong><br><br><code>A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3471">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16558">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 19:15:14">
19:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Widespread Scans Underway for RCE Bugs in WordPress Websites ❌</strong><br><br><code>WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.</code><br><br><a href="https://threatpost.com/widespread-scans-rce-bugs-wordpress-websites/161374/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16559">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:21:52">
20:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Online Shopping Surge Puts Focus on Consumer Security Habits 🕴</strong><br><br><code>Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.</code><br><br><a href="https://www.darkreading.com/endpoint/online-shopping-surge-puts-focus-on-consumer-security-habits/d/d-id/1339484?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16560">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:21:53">
20:21
       </div>

       <div class="text">
<strong>🕴 Cisco Webex Vulns Let &apos;Ghost&apos; Attendees Spy on Meetings 🕴</strong><br><br><code>Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cisco-webex-vulns-let-ghost-attendees-spy-on-meetings/d/d-id/1339485?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16561">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:39">
20:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26215 ‼</strong><br><br><code>Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26215">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16562">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:40">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-22723 ‼</strong><br><br><code>A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16563">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:40">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-15301 ‼</strong><br><br><code>SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15301">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16564">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:41">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-26226 ‼</strong><br><br><code>In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26226">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16565">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:42">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-14208 ‼</strong><br><br><code>SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14208">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16566">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:43">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-15300 ‼</strong><br><br><code>SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15300">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16567">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:44">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-13799 ‼</strong><br><br><code>Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13799">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16568">

      <div class="body">

       <div class="pull_right date details" title="18.11.2020 20:40:45">
20:40
       </div>

       <div class="text">
<strong>‼ CVE-2020-25454 ‼</strong><br><br><code>Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25454">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-684">

      <div class="body details">
19 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16569">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 03:40:59">
03:40
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-5947 ‼</strong><br><br><code>In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5947">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16570">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 03:41:00">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-8279 ‼</strong><br><br><code>Missing validation of server certificates for out-going connections in Nextcloud Social &lt; 0.4.0 allowed a man-in-the-middle attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16571">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 03:41:02">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-15710 ‼</strong><br><br><code>Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15710">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16572">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 03:41:03">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-8278 ‼</strong><br><br><code>Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8278">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16573">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 03:41:05">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2019-20933 ‼</strong><br><br><code>InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20933">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16574">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 03:41:06">
03:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-8277 ‼</strong><br><br><code>A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions &lt; 15.2.1, &lt; 14.15.1, and &lt; 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8277">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16575">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 10:53:39">
10:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Microsoft gives Linux a security boost with these new attack detection tools 🦿</strong><br><br><code>Linux endpoint detection and response will help Microsoft Defender customers secure Linux servers and networks against security nasties.</code><br><br><a href="https://www.techrepublic.com/article/microsoft-gives-linux-a-security-boost-with-these-new-attack-detection-tools/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16576">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 11:15:45">
11:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks ❌</strong><br><br><code>While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks - from phishing to ransomware.</code><br><br><a href="https://threatpost.com/cybercriminals-automakers-ransomware-ip-theft-cyberattacks/161362/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16577">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 11:22:22">
11:22
       </div>

       <div class="text">
<strong>🕴 Unpatched Browsers Abound, Study Shows 🕴</strong><br><br><code>Google Chrome users don&apos;t always take time to relaunch browser updates, and some legacy applications don&apos;t support new versions of Chrome, Menlo Security says.</code><br><br><a href="https://www.darkreading.com/endpoint/unpatched-browsers-abound-study-shows/d/d-id/1339486?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16578">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 11:45:48">
11:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies ❌</strong><br><br><code>Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks.</code><br><br><a href="https://threatpost.com/apt-exploits-zerologon-targets-japanese-companies/161383/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16579">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 12:22:26">
12:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 2021 Cybersecurity Spending: How to Maximize Value 🕴</strong><br><br><code>This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.</code><br><br><a href="https://www.darkreading.com/operations/2021-cybersecurity-spending-how-to-maximize-value-/a/d-id/1339334?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16580">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 12:25:03">
12:25
       </div>

       <div class="text">
<strong>🦿 Consumers share their top frustrations about online retail purchasing 🦿</strong><br><br><code>People say they&apos;ve abandoned purchases at online retail stores because of the hassle of dealing with passwords, according to the FIDO Alliance.</code><br><br><a href="https://www.techrepublic.com/article/consumers-share-their-top-frustrations-about-online-retail-purchasing/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16581">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 12:59:10">
12:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 TestSSL 3.0.3 🛠</strong><br><br><code>testssl.sh is a free command line tool which checks a server&apos;s service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.</code><br><br><a href="https://packetstormsecurity.com/files/160142/testssl.sh-3.0.3.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16582">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 12:59:11">
12:59
       </div>

       <div class="text">
<strong>🛠 TCMalloc Inspector Tool 🛠</strong><br><br><code>TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.</code><br><br><a href="https://packetstormsecurity.com/files/160140/tcmalloc-inspector-20201119.zip">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16583">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 13:22:25">
13:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 New Proposed DNS Security Features Released 🕴</strong><br><br><code>Verisign&apos;s R&amp;D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.</code><br><br><a href="https://www.darkreading.com/risk/new-proposed-dns-security-features-released/d/d-id/1339469?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16584">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:15:53">
14:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk ❌</strong><br><br><code>Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.</code><br><br><a href="https://threatpost.com/iot-cybersecurity-improvement-act-passed/161396/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16585">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:15:54">
14:15
       </div>

       <div class="text">
<strong>❌ Food-Supply Giant Americold Admits Cyberattack ❌</strong><br><br><code>A reported ransomware attack took down operations at the company, which in talks for COVID-19 vaccine-distribution contracts.</code><br><br><a href="https://threatpost.com/food-supply-americold-cyberattack/161402/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16586">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:41:32">
14:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-11830 ‼</strong><br><br><code>QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11830">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16587">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:41:33">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-11831 ‼</strong><br><br><code>OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11831">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16588">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:41:34">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28054 ‼</strong><br><br><code>JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector&apos;s functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances&apos; consoles, accessing hardware configurations, etc.Exploiting this vulnerability won&apos;t grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28054">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16589">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:41:35">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-4718 ‼</strong><br><br><code>IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4718">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16590">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:41:37">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-11829 ‼</strong><br><br><code>Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11829">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16591">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:41:37">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-4701 ‼</strong><br><br><code>IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16592">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 14:41:38">
14:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-9049 ‼</strong><br><br><code>A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9049">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16593">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 15:23:46">
15:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Linux servers: How to encrypt files with gocryptfs 🦿</strong><br><br><code>Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose.</code><br><br><a href="https://www.techrepublic.com/videos/linux-servers-how-to-encrypt-files-with-gocryptfs/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16594">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 15:29:16">
15:29
       </div>

       <div class="text">
<strong>🛠 American Fuzzy Lop plus plus 2.68c 🛠</strong><br><br><code>Google&apos;s American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google&apos;s afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.</code><br><br><a href="https://packetstormsecurity.com/files/160146/AFLplusplus-2.68c.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16595">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 15:29:17">
15:29
       </div>

       <div class="text">
<strong>🛠 erfs 1.4 🛠</strong><br><br><code>erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user&apos;s computer and never stored or transferred to the server.</code><br><br><a href="https://packetstormsecurity.com/files/160144/erfs-1.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16596">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 15:29:19">
15:29
       </div>

       <div class="text">
<strong>🛠 Global Socket 1.4.22 🛠</strong><br><br><code>Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL&apos;s SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.</code><br><br><a href="https://packetstormsecurity.com/files/160147/gsocket-1.4.22.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16597">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:15:56">
16:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Code42 Incydr Series: Protect IP with Code42 Incydr ❌</strong><br><br><code>The Code42 Incydr data risk detection and response solution focuses on giving security teams simplicity, signal and speed.</code><br><br><a href="https://threatpost.com/code42-incydr-series-protect-ip-with-code42-incydr/161264/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16598">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:22:34">
16:22
       </div>

       <div class="text">
<strong>🕴 COVID-19: Latest Security News &amp; Commentary 🕴</strong><br><br><code>Check out Dark Reading&apos;s updated, exclusive news and commentary surrounding the coronavirus pandemic.</code><br><br><a href="https://www.darkreading.com/operations/covid-19-latest-security-news-and-commentary/d/d-id/1337452?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16599">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:22:35">
16:22
       </div>

       <div class="text">
<strong>🕴 The Yellow Brick Road to Risk Management 🕴</strong><br><br><code>Beginning the journey to risk management can be daunting, but protecting your business is worth every step.</code><br><br><a href="https://www.darkreading.com/risk/the-yellow-brick-road-to-risk-management/a/d-id/1339338?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16600">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:38">
16:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25702 ‼</strong><br><br><code>In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25702">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16601">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:39">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28942 ‼</strong><br><br><code>An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA&apos;s domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28942">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16602">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:41">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-25700 ‼</strong><br><br><code>In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25700">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16603">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:42">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-25699 ‼</strong><br><br><code>In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25699">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16604">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:43">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-25698 ‼</strong><br><br><code>Users&apos; enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25698">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16605">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:44">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28947 ‼</strong><br><br><code>In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28947">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16606">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:45">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-25703 ‼</strong><br><br><code>The participants table download in Moodle always included user emails, but should have only done so when users&apos; emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25703">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16607">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:46">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-12510 ‼</strong><br><br><code>The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12510">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16608">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:47">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-25701 ‼</strong><br><br><code>If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25701">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16609">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:48">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-6879 ‼</strong><br><br><code>Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request to the creation of a static routing rule configuration interface. The WEB service backend fails to effectively verify the abnormal input. As a result, the attacker can successfully use the vulnerability to tamper parameter values. This affects: ZXHN Z500 V1.0.0.2B1.1000 and ZXHN F670L V1.1.10P1N2E. This is fixed in ZXHN Z500 V1.0.1.1B1.1000 and ZXHN F670L V1.1.10P2N2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6879">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16610">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:49">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-22394 ‼</strong><br><br><code>In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16611">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:50">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-12496 ‼</strong><br><br><code>Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor. The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it&apos;s possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side. It was found that a user with low rights can get information from endpoints that should not be available to this user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16612">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:41:50">
16:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-12495 ‼</strong><br><br><code>Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic &quot;tokens&quot;. The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12495">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16613">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:47:43">
16:47
       </div>

       <div class="text">
<strong>❌ Tis’ the Season for Online Holiday Shopping; and Phishing ❌</strong><br><br><code>Watch out for these top phishing approaches this holiday season.</code><br><br><a href="https://threatpost.com/online-holiday-shopping-phishing/161412/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16614">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:53:47">
16:53
       </div>

       <div class="text">
<strong>🦿 How to use the built-in GPG feature for Thunderbird 🦿</strong><br><br><code>As of release 78, Thunderbird no longer requires a third-party extension to work with encryption. Learn how this new feature works.</code><br><br><a href="https://www.techrepublic.com/article/how-to-use-the-built-in-gpg-feature-for-thunderbird/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16615">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:53:48">
16:53
       </div>

       <div class="text">
<strong>🦿 Thunderbird: How to use the built-in GPG feature 🦿</strong><br><br><code>As of release 78, Thunderbird no longer requires a third-party extension to work with encryption. Learn how this new feature works.</code><br><br><a href="https://www.techrepublic.com/videos/thunderbird-how-to-use-the-built-in-gpg-feature/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16616">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 16:53:49">
16:53
       </div>

       <div class="text">
<strong>🦿 How to use Mozilla&apos;s VPN service across mobile and desktop platforms 🦿</strong><br><br><code>Mozilla now offers a VPN service that protects Windows and mobile devices, and soon your Linux and macOS desktops. Jack Wallen shows you how to use the new offering.</code><br><br><a href="https://www.techrepublic.com/videos/how-to-use-mozillas-vpn-service-across-mobile-and-desktop-platforms/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16617">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 17:15:57">
17:15
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ GO SMS Pro Android App Exposes Private Photos, Videos and Messages ❌</strong><br><br><code>The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content.</code><br><br><a href="https://threatpost.com/go-sms-pro-android-app-exposes-private-photos/161407/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16618">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 17:29:29">
17:29
       </div>

       <div class="text">
<strong>🔏 FIN7 Hacker Pleads Guilty 🔏</strong><br><br><code>Another hacker associated with FIN7 – a group responsible for hacking more than 100 US companies and stealing 15 million credit card details – plead guilty this week.</code><br><br><a href="https://digitalguardian.com/blog/fin7-hacker-pleads-guilty">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16619">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:22:35">
18:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Go SMS Pro Messaging App Exposed Users&apos; Private Media Files 🕴</strong><br><br><code>The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/go-sms-pro-messaging-app-exposed-users-private-media-files/d/d-id/1339492?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16620">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:25:11">
18:25
       </div>

       <div class="text">
<strong>🦿 Brave Rewards: How to disable the feature 🦿</strong><br><br><code>Brave is a browser that should be on your radar. However, it does include the Brave Rewards feature that some users might want to disable. Learn how to turn off this option.</code><br><br><a href="https://www.techrepublic.com/videos/brave-rewards-how-to-disable-the-feature/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16621">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:41:45">
18:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28949 ‼</strong><br><br><code>Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28949">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16622">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:41:46">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28948 ‼</strong><br><br><code>Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28948">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16623">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:41:46">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28941 ‼</strong><br><br><code>An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28941">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16624">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:41:48">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28924 ‼</strong><br><br><code>An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16625">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:41:49">
18:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28951 ‼</strong><br><br><code>libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28951">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16626">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 18:45:59">
18:45
       </div>

       <div class="text">
<strong>❌ German COVID-19 Contact-Tracing Vulnerability Allowed RCE ❌</strong><br><br><code>Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.</code><br><br><a href="https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16627">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 19:16:02">
19:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack ❌</strong><br><br><code>Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.</code><br><br><a href="https://threatpost.com/robot-vacuums-audio-lidarphone-hack/161421/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16628">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 19:53:52">
19:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How phishing attacks are exploiting Google&apos;s own tools and services 🦿</strong><br><br><code>Cybercriminals are taking advantage of Google&apos;s open and accessible online tools to skirt past the usual security filters, says Armorblox.</code><br><br><a href="https://www.techrepublic.com/article/how-phishing-attacks-are-exploiting-googles-own-tools-and-services/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16629">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:22:39">
20:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cybercriminals Get Creative With Google Services 🕴</strong><br><br><code>Attacks take advantage of popular services, including Google Forms and Google Docs.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cybercriminals-get-creative-with-google-services/d/d-id/1339496?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16630">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:50">
20:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7566 ‼</strong><br><br><code>A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7566">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16631">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:52">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-7551 ‼</strong><br><br><code>A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16632">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:53">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-7554 ‼</strong><br><br><code>A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7554">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16633">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:53">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-7571 ‼</strong><br><br><code>A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7571">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16634">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:54">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-7567 ‼</strong><br><br><code>A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7567">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16635">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:55">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-28210 ‼</strong><br><br><code>A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user&apos;s browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28210">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16636">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:56">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-7557 ‼</strong><br><br><code>A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7557">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16637">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:57">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-7570 ‼</strong><br><br><code>A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7570">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16638">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:58">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-7568 ‼</strong><br><br><code>A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7568">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16639">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:41:59">
20:41
       </div>

       <div class="text">
<strong>‼ CVE-2020-25989 ‼</strong><br><br><code>Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25989">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16640">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:00">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-28213 ‼</strong><br><br><code>A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28213">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16641">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:01">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7561 ‼</strong><br><br><code>A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7561">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16642">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:02">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7555 ‼</strong><br><br><code>A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7555">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16643">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:03">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7550 ‼</strong><br><br><code>A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16644">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:04">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-28953 ‼</strong><br><br><code>In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28953">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16645">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:05">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-28350 ‼</strong><br><br><code>A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28350">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16646">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:06">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7573 ‼</strong><br><br><code>A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7573">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16647">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:07">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7565 ‼</strong><br><br><code>A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7565">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16648">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:08">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7544 ‼</strong><br><br><code>A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7544">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16649">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:42:08">
20:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7556 ‼</strong><br><br><code>A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7556">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16650">

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 20:52:40">
20:52
       </div>

       <div class="text">
<strong>🕴 ISP Security: Do We Expect Too Much? 🕴</strong><br><br><code>With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. The question becomes, is the security provided by ISPs good enough to be the only security SMBs and remote employees need?</code><br><br><a href="https://www.darkreading.com/edge/theedge/isp-security-do-we-expect-too-much/b/d-id/1339493?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16651">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="19.11.2020 21:22:42">
21:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Telos Goes Public 🕴</strong><br><br><code>Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.</code><br><br><a href="https://www.darkreading.com/cloud/telos-goes-public/d/d-id/1339498?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-685">

      <div class="body details">
20 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16652">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 03:42:12">
03:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-5668 ‼</strong><br><br><code>Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version &apos;19&apos; and earlier, R04/08/16/32/120 (EN) CPU firmware version &apos;51&apos; and earlier, R08/16/32/120SFCPU firmware version &apos;22&apos; and earlier, R08/16/32/120PCPU all versions, R08/16/32/120PSFCPU all versions, RJ71EN71 firmware version &apos;47&apos; and earlier, RJ71GF11-T2 firmware version &apos;47&apos; and earlier, RJ72GF15-T2 firmware version &apos;07&apos; and earlier, RJ71GP21-SX firmware version &apos;47&apos; and earlier, RJ71GP21S-SX firmware version &apos;47&apos; and earlier, RJ71C24 (-R2/R4) all versions, and RJ71GN11-T2 all versions) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the module by a specially crafted SLMP packet</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5668">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16653">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 03:42:13">
03:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-4788 ‼</strong><br><br><code>IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4788">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16654">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 12:23:04">
12:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Cyberattacks Work 🕴</strong><br><br><code>Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.</code><br><br><a href="https://www.darkreading.com/how-cyberattacks-work-/a/d-id/1339300?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16655">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 12:25:13">
12:25
       </div>

       <div class="text">
<strong>🦿 It&apos;s time for banks to rethink how they secure customer information 🦿</strong><br><br><code>Jack Wallen thinks banks and credit card companies need to start considering radical ideas to increase their security. In fact, he goes so far as to share such an idea.</code><br><br><a href="https://www.techrepublic.com/article/its-time-for-banks-to-rethink-how-they-secure-customer-information/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16656">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 12:42:43">
12:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4937 ‼</strong><br><br><code>IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 191814.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16657">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 12:42:44">
12:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-4739 ‼</strong><br><br><code>IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4739">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16658">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 12:56:42">
12:56
       </div>

       <div class="text">
<strong>⚠ S3 Ep7: When ransomware crooks get a big fat zero! [Podcast] ⚠</strong><br><br><code>Here&apos;s the latest podcast - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/19/s3-ep7-when-ransomware-crooks-get-a-big-fat-zero-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16659">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 13:00:09">
13:00
       </div>

       <div class="text">
<strong>🛠 GRAudit Grep Auditing Tool 2.8 🛠</strong><br><br><code>Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It&apos;s comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.</code><br><br><a href="https://packetstormsecurity.com/files/160148/graudit-2.8.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16660">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 13:56:43">
13:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Facebook patches Messenger audio snooping bug – update now! ⚠</strong><br><br><code>Do you ever make, ahem, &quot;pointed remarks&quot; just before answering calls from people you would rather avoid?</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/20/facebook-patches-messenger-audio-snooping-bug-update-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16661">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 13:59:59">
13:59
       </div>

       <div class="text">
<strong>🔏 Friday Five 11/20 🔏</strong><br><br><code>IoT legislation, automation in cybersecurity, and privacy rights - catch up on all of the week&apos;s infosec news with the Friday Five!</code><br><br><a href="https://digitalguardian.com/blog/friday-five-11/20">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16662">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 14:42:49">
14:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13671 ‼</strong><br><br><code>Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13671">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16663">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 14:42:51">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-19667 ‼</strong><br><br><code>Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19667">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16664">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 14:42:52">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-7842 ‼</strong><br><br><code>Improper Input validation vulnerability exists in Netis Korea D&apos;live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D&apos;live set-top box AP(WF2429TB) v1.1.10.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7842">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16665">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 14:42:53">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-28877 ‼</strong><br><br><code>Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16666">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 14:42:54">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-19668 ‼</strong><br><br><code>Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-19668">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16667">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 14:42:54">
14:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-25839 ‼</strong><br><br><code>NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25839">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16668">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 14:46:36">
14:46
       </div>

       <div class="text">
<strong>❌ New Grelos Skimmer Variants Siphon Credit Card Data ❌</strong><br><br><code>Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.</code><br><br><a href="https://threatpost.com/grelos-skimmer-variants-credit-card/161439/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16669">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 16:42:56">
16:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28974 ‼</strong><br><br><code>A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28974">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16670">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 16:42:57">
16:42
       </div>

       <div class="text">
<strong>‼ CVE-2020-26236 ‼</strong><br><br><code>In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else&apos;s account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26236">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16671">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 17:23:14">
17:23
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Industrial IoT Security Can Catch Up With OT/IT Convergence 🕴</strong><br><br><code>Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?</code><br><br><a href="https://www.darkreading.com/edge/theedge/how-industrial-iot-security-can-catch-up-with-ot-it-convergence/b/d-id/1339502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16672">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 17:23:15">
17:23
       </div>

       <div class="text">
<strong>🕴 Facebook Messenger Flaw Enabled Spying on Android Callees 🕴</strong><br><br><code>A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim&apos;s knowledge.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/facebook-messenger-flaw-enabled-spying-on-android-callees/d/d-id/1339509?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16673">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 17:23:17">
17:23
       </div>

       <div class="text">
<strong>🕴 Security Pros Push for More Pervasive Threat Modeling 🕴</strong><br><br><code>With the release of the &quot;Threat Modeling Manifesto,&quot; a group of 16 security professionals hope to prompt more companies to consider the threats to software.</code><br><br><a href="https://www.darkreading.com/application-security/security-pros-push-for-more-pervasive-threat-modeling/d/d-id/1339506?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16674">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 17:23:18">
17:23
       </div>

       <div class="text">
<strong>🦿 Study finds 31% of third-party vendors could cause significant damage to organizations if breached 🦿</strong><br><br><code>Risk professionals relying on questionnaire-based assessments could be in for a rude awakening, according to Mastercard&apos;s RiskRecon and the Cyentia Institute.</code><br><br><a href="https://www.techrepublic.com/article/study-finds-31-of-third-party-vendors-could-cause-significant-damage-to-organizations-if-breached/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16675">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 17:46:42">
17:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ VMware Fixes Critical Flaw in ESXi Hypervisor ❌</strong><br><br><code>The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge.</code><br><br><a href="https://threatpost.com/vmware-critical-flaw-esxi-hypervisor/161457/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16676">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 17:46:43">
17:46
       </div>

       <div class="text">
<strong>❌ Good Heavens! 10M Impacted in Pray.com</strong> <strong>Data Exposure ❌</strong><br><br><code>The information exposed in a public cloud bucket included PII, church-donation information, photos and users&apos; contact lists.</code><br><br><a href="https://threatpost.com/10m-impacted-pray-com-data-exposure/161459/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16677">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 18:16:43">
18:16
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns ❌</strong><br><br><code>Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.</code><br><br><a href="https://threatpost.com/google-services-weaponized-to-bypass-security-in-phishing-bec-campaigns/161467/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16678">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 18:42:59">
18:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4004 ‼</strong><br><br><code>VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine&apos;s VMX process running on the host.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4004">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16679">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 18:43:01">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-28845 ‼</strong><br><br><code>A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin&apos;s portal thus leads to compromise admin&apos;s system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28845">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16680">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 18:43:02">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-20739 ‼</strong><br><br><code>im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20739">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16681">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 18:43:03">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-4005 ‼</strong><br><br><code>VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4005">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16682">

      <div class="body">

       <div class="pull_right date details" title="20.11.2020 18:43:04">
18:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-20740 ‼</strong><br><br><code>PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20740">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-686">

      <div class="body details">
21 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16683">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="21.11.2020 08:43:38">
08:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-5797 ‼</strong><br><br><code>UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5797">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16684">

      <div class="body">

       <div class="pull_right date details" title="21.11.2020 08:43:39">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-25185 ‼</strong><br><br><code>The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25185">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16685">

      <div class="body">

       <div class="pull_right date details" title="21.11.2020 08:43:39">
08:43
       </div>

       <div class="text">
<strong>‼ CVE-2020-25725 ‼</strong><br><br><code>In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-&gt;cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn&apos;t correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25725">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-687">

      <div class="body details">
23 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16686">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 09:55:18">
09:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 10 Undergraduate Security Degree Programs to Explore 🕴</strong><br><br><code>Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.</code><br><br><a href="https://www.darkreading.com/careers-and-people/10-undergraduate-security-degree-programs-to-explore/d/d-id/1339473?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16687">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 11:25:17">
11:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 How Retailers Can Fight Fraud and Abuse This Holiday Season 🕴</strong><br><br><code>Online shopping will be more popular than ever with consumers... and with malicious actors too.</code><br><br><a href="https://www.darkreading.com/cloud/how-retailers-can-fight-fraud-and-abuse-this-holiday-season/a/d-id/1339470?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16688">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 11:28:21">
11:28
       </div>

       <div class="text">
<strong>⚠ Facebook patches Messenger audio snooping bug – update now! ⚠</strong><br><br><code>Do you ever make, ahem, &quot;pointed remarks&quot; just before answering calls from people you would rather avoid?</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/20/facebook-patches-messenger-audio-snooping-bug-update-now/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16689">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 11:28:22">
11:28
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – Beat the Threat! ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Live video - how to beat the crooks! Watch now...</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/23/naked-security-live-beat-the-threat/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16690">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 12:25:03">
12:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 3 Steps CISOs Can Take to Convey Strategy for Budget Presentations 🕴</strong><br><br><code>Answering these questions will help CISOs define a plan and take the organization in a positive direction.</code><br><br><a href="https://www.darkreading.com/operations/3-steps-cisos-can-take-to-convey-strategy-for-budget-presentations-/a/d-id/1339337?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16691">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 12:45:43">
12:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28053 ‼</strong><br><br><code>HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16692">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 12:45:44">
12:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-27985 ‼</strong><br><br><code>Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows local users to obtain root access by editing and executing /home/&lt;user&gt;/SecurityOnion/setup/so-setup.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27985">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16693">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 13:03:37">
13:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 TestSSL 3.0.4 🛠</strong><br><br><code>testssl.sh is a free command line tool which checks a server&apos;s service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.</code><br><br><a href="https://packetstormsecurity.com/files/160184/testssl.sh-3.0.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16694">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 13:03:38">
13:03
       </div>

       <div class="text">
<strong>🛠 AIEngine 2.0.1 🛠</strong><br><br><code>AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.</code><br><br><a href="https://packetstormsecurity.com/files/160183/aiengine-2.0.1.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16695">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:19:01">
14:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Manchester United: IT Systems Disrupted in Cyberattack ❌</strong><br><br><code>The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.</code><br><br><a href="https://threatpost.com/manchester-united-disrupted-cyberattack/161488/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16696">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:49">
14:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7777 ‼</strong><br><br><code>This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7777">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16697">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:50">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-28421 ‼</strong><br><br><code>CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28421">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16698">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:51">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2018-20804 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20804">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16699">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:52">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2018-20802 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20802">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16700">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:52">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-7926 ‼</strong><br><br><code>A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem. This issue affects: MongoDB Server version 4.4 prior to 4.4.1. Versions before 4.4 are not affected.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16701">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:53">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2019-2393 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2393">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16702">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:54">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2019-20923 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine&apos;s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20923">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16703">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:55">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-7925 ‼</strong><br><br><code>Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.0-rc12; v4.2 versions prior to 4.2.9.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7925">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16704">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:57">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-1778 ‼</strong><br><br><code>When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1778">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16705">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:57">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2019-20924 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20924">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16706">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:45:58">
14:45
       </div>

       <div class="text">
<strong>‼ CVE-2019-14553 ‼</strong><br><br><code>Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14553">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16707">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:46:00">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2019-2392 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-2392">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16708">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:46:01">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2018-20805 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10. This issue affects: MongoDB Inc. MongoDB Server 3.6 versions prior to 3.6.10; 4.0 versions prior to 4.0.5.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20805">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16709">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:46:02">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2019-14562 ‼</strong><br><br><code>Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14562">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16710">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 14:46:04">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2019-14559 ‼</strong><br><br><code>Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14559">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16711">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:18:59">
16:18
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Spotify Users Hit with Rash of Account Takeovers ❌</strong><br><br><code>Users of the music streaming service were targeted by attackers using credential-stuffing approaches.</code><br><br><a href="https://threatpost.com/spotify-account-takeovers/161495/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16712">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:45:53">
16:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-0569 ‼</strong><br><br><code>Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0569">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16713">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:45:54">
16:45
       </div>

       <div class="text">
<strong>‼ CVE-2019-14587 ‼</strong><br><br><code>Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16714">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:45:55">
16:45
       </div>

       <div class="text">
<strong>‼ CVE-2019-14586 ‼</strong><br><br><code>Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16715">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:45:56">
16:45
       </div>

       <div class="text">
<strong>‼ CVE-2019-14563 ‼</strong><br><br><code>Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14563">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16716">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:45:57">
16:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-4783 ‼</strong><br><br><code>IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189214.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4783">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16717">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:01">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-12352 ‼</strong><br><br><code>Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12352">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16718">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:02">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-12351 ‼</strong><br><br><code>Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16719">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:03">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-6939 ‼</strong><br><br><code>Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16720">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:04">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2019-14575 ‼</strong><br><br><code>Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16721">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:06">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-7928 ‼</strong><br><br><code>A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries. This issue affects: MongoDB Inc. MongoDB Server v4.5 versions prior to 4.5.1; v4.4 versions prior to 4.4.1; v4.2 versions prior to 4.2.9; v4.0 versions prior to 4.0.20; v3.6 versions prior to 3.6.20.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16722">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:07">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4854 ‼</strong><br><br><code>IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4854">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16723">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:08">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4771 ‼</strong><br><br><code>IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4771">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16724">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 16:46:09">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2018-20803 ‼</strong><br><br><code>A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.5; v3.6 versions prior to 3.6.10; v3.4 versions prior to 3.4.19.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20803">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16725">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 17:25:12">
17:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Chinese APT Group Returns to Target Catholic Church &amp; Diplomatic Groups 🕴</strong><br><br><code>APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/chinese-apt-group-returns-to-target-catholic-church-and-diplomatic-groups/d/d-id/1339515?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16726">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 17:49:02">
17:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ TA416 APT Rebounds With New PlugX Malware Variant ❌</strong><br><br><code>The TA416 APT has returned in spear phishing attacks against a range of victims - from the Vatican to diplomats in Africa - with a new Golang version of its PlugX malware loader.</code><br><br><a href="https://threatpost.com/ta416-apt-plugx-malware-variant/161505/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16727">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 17:55:30">
17:55
       </div>

       <div class="text">
<strong>🕴 Manchester United Suffers Cyberattack 🕴</strong><br><br><code>Premier League soccer club says the attack didn&apos;t affect its website and app, and it doesn&apos;t appears to have exposed any fan or customer data either.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/manchester-united-suffers-cyberattack/d/d-id/1339517?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16728">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:19:03">
18:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ GoDaddy Employees Tricked into Compromising Cryptocurrency Sites ❌</strong><br><br><code>‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.</code><br><br><a href="https://threatpost.com/godaddy-employees-tricked-compromise-cryptocurrency/161520/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16729">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:45:58">
18:45
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28927 ‼</strong><br><br><code>There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16730">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:45:59">
18:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-15248 ‼</strong><br><br><code>October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default &quot;Publisher&quot; system role have access to create &amp; manage users where they can choose which role the new user has. This means that a user with &quot;Publisher&quot; access has the ability to escalate their access to &quot;Developer&quot; access. Issue has been patched in Build 470 (v1.0.470) &amp; v1.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15248">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16731">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:45:59">
18:45
       </div>

       <div class="text">
<strong>‼ CVE-2020-28864 ‼</strong><br><br><code>Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28864">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16732">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:46:01">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-15247 ‼</strong><br><br><code>October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write &amp; manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write &amp; execute arbitrary PHP. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15247">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16733">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:46:02">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-26239 ‼</strong><br><br><code>Scratch Addons is a WebExtension that supports both Chrome and Firefox. Scratch Addons before version 1.3.2 is vulnerable to DOM-based XSS. If the victim visited a specific website, the More Links addon of the Scratch Addons extension used incorrect regular expression which caused the HTML-escaped values to be unescaped, leading to XSS. Scratch Addons version 1.3.2 fixes the bug. The extension will be automatically updated by the browser. More Links addon can be disabled via the option of the extension.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26239">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16734">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:46:03">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-15249 ‼</strong><br><br><code>October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the uploaded files. Since SVG files support being parsed as HTML by browsers, this means that they could theoretically upload Javascript that would be executed on a path under the website&apos;s domain (i.e. /storage/app/media/evil.svg), but they would have to convince their target to visit that location directly in the target&apos;s browser as the backend does not display SVGs inline anywhere, SVGs are only displayed as image resources in the backend and are thus unable to be executed. Issue has been patched in Build 469 (v1.0.469) &amp; v1.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15249">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16735">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:46:04">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-7927 ‼</strong><br><br><code>Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7927">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16736">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:46:05">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-15246 ‼</strong><br><br><code>October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16737">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:46:06">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28896 ‼</strong><br><br><code>Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server&apos;s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28896">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16738">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:48:59">
18:48
       </div>

       <div class="text">
<strong>❌ Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending ❌</strong><br><br><code>VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.</code><br><br><a href="https://threatpost.com/vmware-zero-day-patch-pending/161523/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16739">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 18:55:36">
18:55
       </div>

       <div class="text">
<strong>🦿 Malicious Google Play apps caught masquerading as Minecraft mods 🦿</strong><br><br><code>The Android apps promised Minecraft modifications but instead delivered intrusive ads aimed at kids and teenagers, says Kaspersky.</code><br><br><a href="https://www.techrepublic.com/article/malicious-google-play-apps-caught-masquerading-as-minecraft-mods/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16740">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 19:25:11">
19:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Evidence-Based Trust Gets Black Hat Europe Spotlight 🕴</strong><br><br><code>An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.</code><br><br><a href="https://www.darkreading.com/endpoint/evidence-based-trust-gets-black-hat-europe-spotlight/d/d-id/1339518?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16741">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 19:55:34">
19:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Ransomware Grows Easier to Spread, Harder to Block 🕴</strong><br><br><code>Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/ransomware-grows-easier-to-spread-harder-to-block/d/d-id/1339522?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16742">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:25:03">
20:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 As &apos;Anywhere Work&apos; Evolves, Security Will Be Key Challenge 🕴</strong><br><br><code>Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.</code><br><br><a href="https://www.darkreading.com/endpoint/as-anywhere-work-evolves-security-will-be-key-challenge/d/d-id/1339520?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16743">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:25:04">
20:25
       </div>

       <div class="text">
<strong>🕴 Security Researchers Sound Alarm on Smart Doorbells 🕴</strong><br><br><code>A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.</code><br><br><a href="https://www.darkreading.com/iot/security-researchers-sound-alarm-on-smart-doorbells/d/d-id/1339523?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16744">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:01">
20:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2018-16722 ‼</strong><br><br><code>In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16722">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16745">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:02">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-15436 ‼</strong><br><br><code>Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15436">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16746">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:03">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2018-16721 ‼</strong><br><br><code>In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16721">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16747">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:04">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-15437 ‼</strong><br><br><code>The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p-&gt;serial_in pointer which uninitialized.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15437">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16748">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:05">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-26227 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16749">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:06">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2018-16719 ‼</strong><br><br><code>In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16719">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16750">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:07">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25696 ‼</strong><br><br><code>A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25696">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16751">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:08">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-26229 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26229">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16752">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:09">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25688 ‼</strong><br><br><code>A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a cluster, they could use the private key to decode API requests that should be protected by TLS sessions, potentially obtaining information they would not otherwise be able to. These certificates are not used for service authentication, so no opportunity for impersonation or active MITM attacks were made possible.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25688">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16753">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:10">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25660 ‼</strong><br><br><code>A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25660">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16754">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:14">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28984 ‼</strong><br><br><code>prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16755">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:15">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-26228 ‼</strong><br><br><code>TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26228">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16756">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:16">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2018-16723 ‼</strong><br><br><code>In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16723">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16757">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:17">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-24227 ‼</strong><br><br><code>Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24227">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16758">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:18">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-26231 ‼</strong><br><br><code>October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape the Twig sandbox and execute arbitrary PHP. This is not a problem for anyone that trusts their users with those permissions to normally write &amp; manage PHP within the CMS by not having cms.enableSafeMode enabled, but would be a problem for anyone relying on cms.enableSafeMode to ensure that users with those permissions in production do not have access to write &amp; execute arbitrary PHP. Issue has been patched in Build 470 (v1.0.470) and v1.1.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26231">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16759">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:19">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2018-16720 ‼</strong><br><br><code>In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16720">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16760">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:20">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28360 ‼</strong><br><br><code>Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28360">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16761">

      <div class="body">

       <div class="pull_right date details" title="23.11.2020 20:46:21">
20:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4006 ‼</strong><br><br><code>VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4006">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-688">

      <div class="body details">
24 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16762">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 03:46:20">
03:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28991 ‼</strong><br><br><code>Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28991">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16763">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 03:46:21">
03:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-15928 ‼</strong><br><br><code>In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16764">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 03:46:22">
03:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28348 ‼</strong><br><br><code>HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28348">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16765">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 03:46:23">
03:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-15929 ‼</strong><br><br><code>In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application&apos;s context) containing attacker-defined CFML tags, leading to Remote Code Execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15929">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16766">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 03:46:24">
03:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-26890 ‼</strong><br><br><code>Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room&apos;s state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26890">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16767">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 10:46:37">
10:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2019-20925 ‼</strong><br><br><code>An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15; v3.4 versions prior to 3.4.24.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20925">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16768">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 13:04:38">
13:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 Sifter 11-R2 🛠</strong><br><br><code>Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.</code><br><br><a href="https://packetstormsecurity.com/files/160213/sifter-11-r2.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16769">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 13:04:39">
13:04
       </div>

       <div class="text">
<strong>🛠 GNU Privacy Guard 2.2.25 🛠</strong><br><br><code>GnuPG (the GNU Privacy Guard or GPG) is GNU&apos;s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.</code><br><br><a href="https://packetstormsecurity.com/files/160215/gnupg-2.2.25.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16770">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 13:04:41">
13:04
       </div>

       <div class="text">
<strong>🛠 nfstream 6.2.4 🛠</strong><br><br><code>nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.</code><br><br><a href="https://packetstormsecurity.com/files/160214/nfstream-6.2.4.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16771">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 13:19:43">
13:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Blackrota Golang Backdoor Packs Heavy Obfuscation Punch ❌</strong><br><br><code>Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.</code><br><br><a href="https://threatpost.com/blackrota-golang-backdoor-obfuscation/161544/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16772">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 13:26:10">
13:26
       </div>

       <div class="text">
<strong>🕴 Printers&apos; Cybersecurity Threats Too Often Ignored 🕴</strong><br><br><code>Remote workforce heightens the need to protect printing systems against intrusion and compromise.</code><br><br><a href="https://www.darkreading.com/endpoint/printers-cybersecurity-threats-too-often-ignored/a/d-id/1339362?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16773">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:26:21">
14:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Baidu Android apps caught leaking sensitive data from devices 🦿</strong><br><br><code>Capturing the phone&apos;s IMSI number and MAC address, the leaked data could have made users trackable, potentially over their lifetimes, says Palo Alto Networks.</code><br><br><a href="https://www.techrepublic.com/article/baidu-android-apps-caught-leaking-sensitive-data-from-devices/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16774">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:29:22">
14:29
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – Beat the Threat! ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Live video - how to beat the crooks! Watch now...</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/23/naked-security-live-beat-the-threat/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16775">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:47">
14:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4002 ‼</strong><br><br><code>The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4002">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16776">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:48">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4003 ‼</strong><br><br><code>VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure. An authenticated SD-WAN Orchestrator user may inject code into SQL queries which may lead to information disclosure.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4003">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16777">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:49">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-29006 ‼</strong><br><br><code>MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29006">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16778">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:50">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25472 ‼</strong><br><br><code>SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25472">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16779">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:51">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-3985 ‼</strong><br><br><code>The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3985">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16780">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:55">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25473 ‼</strong><br><br><code>SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25473">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16781">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:56">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25474 ‼</strong><br><br><code>SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25474">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16782">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:57">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4000 ‼</strong><br><br><code>The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4000">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16783">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:58">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25475 ‼</strong><br><br><code>SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25475">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16784">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:58">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-3984 ‼</strong><br><br><code>The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection. An authenticated SD-WAN Orchestrator user may exploit a vulnerable API call using specially crafted SQL queries which may lead to unauthorized data access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3984">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16785">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:46:59">
14:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-4001 ‼</strong><br><br><code>The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack. SD-WAN Orchestrator ships with default passwords for predefined accounts which may lead to to a Pass-the-Hash attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4001">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16786">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:49:49">
14:49
       </div>

       <div class="text">
<strong>❌ Baidu Apps in Google Play Leak Sensitive Data ❌</strong><br><br><code>Cyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls.</code><br><br><a href="https://threatpost.com/baidu-apps-google-play-data/161556/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16787">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 14:49:50">
14:49
       </div>

       <div class="text">
<strong>❌ Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues ❌</strong><br><br><code>Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.</code><br><br><a href="https://threatpost.com/smart-doorbells-on-amazon-ebay-harbor-serious-security-issues/161510/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16788">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 15:28:20">
15:28
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Gift card hack exposed – you pay, they play ⚠</strong><br><br><code>These crooks hacked into a network hoping to get everyone in the company to buy them gift cards.</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/24/gift-card-hack-exposed-you-pay-they-play/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16789">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:03:52">
16:03
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 FBI Warns of Spoofed FBI Websites 🔏</strong><br><br><code>The FBI is urging the American public to ensure they&apos;re getting &quot;reliable and verified FBI information.&quot;</code><br><br><a href="https://digitalguardian.com/blog/fbi-warns-spoofed-fbi-websites">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16790">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:26:16">
16:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 US Treasury&apos;s OFAC Ransomware Advisory: Navigating the Gray Areas 🕴</strong><br><br><code>Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.</code><br><br><a href="https://www.darkreading.com/risk/us-treasurys-ofac-ransomware-advisory-navigating-the-gray-areas/a/d-id/1339394?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16791">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:26:17">
16:26
       </div>

       <div class="text">
<strong>🕴 What&apos;s in Store for Privacy in 2021 🕴</strong><br><br><code>Changes are coming to the privacy landscape, including more regulations and technologies.</code><br><br><a href="https://www.darkreading.com/endpoint/whats-in-store-for-privacy-in-2021/d/d-id/1339529?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16792">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:46:53">
16:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13620 ‼</strong><br><br><code>Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker&apos;s ability to perform administrative actions such as modifying the configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13620">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16793">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:46:54">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28994 ‼</strong><br><br><code>A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28994">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16794">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:46:55">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-7378 ‼</strong><br><br><code>CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7378">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16795">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:46:56">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-29040 ‼</strong><br><br><code>An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29040">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16796">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:46:57">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-13942 ‼</strong><br><br><code>It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13942">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16797">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:46:58">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-24815 ‼</strong><br><br><code>A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document. NOTE: 10.4., no fix will be released as version will reach end-of-life on 31/12/2020.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24815">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16798">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:46:59">
16:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-28331 ‼</strong><br><br><code>Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W device has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web interface does not provide a visible capability to alter this configuration file variable. However, a malicious actor can include this variable in a POST such that the SSH daemon will be started when the device boots.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28331">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16799">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:47:00">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-28928 ‼</strong><br><br><code>In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28928">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16800">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:47:01">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-10762 ‼</strong><br><br><code>An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations. This includes recording passwords to the cmd_history.log file which is world-readable. This flaw allows local users to obtain sensitive information by reading the log file. The highest threat from this vulnerability is to data confidentiality.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16801">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:47:02">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-28726 ‼</strong><br><br><code>Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28726">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16802">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:47:03">
16:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-10763 ‼</strong><br><br><code>An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. This flaw allows an attacker with local access to the Heketi server to read potentially sensitive information such as gluster-block passwords.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10763">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16803">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 16:56:21">
16:56
       </div>

       <div class="text">
<strong>🕴 Cloud Security Startup Lightspin Emerges From Stealth 🕴</strong><br><br><code>The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.</code><br><br><a href="https://www.darkreading.com/cloud/cloud-security-startup-lightspin-emerges-from-stealth/d/d-id/1339531?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16804">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 17:19:51">
17:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ‘Minecraft Mods’ Attack More Than 1 Million Android Devices ❌</strong><br><br><code>Fake Minecraft Modpacks on Google Play deliver millions of abusive ads and make normal phone use impossible.</code><br><br><a href="https://threatpost.com/minecraft-mods-attack-android-devices/161567/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16805">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:19:53">
18:19
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to use the Google One VPN on Android 🦿</strong><br><br><code>If you&apos;re looking for the best Android VPN, Jack Wallen thinks Google&apos;s take on the service might be the perfect fit for those wanting both performance and security.</code><br><br><a href="https://www.techrepublic.com/article/how-to-use-the-google-one-vpn-on-android/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16806">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:19:54">
18:19
       </div>

       <div class="text">
<strong>❌ Post-Breach, Peatix Data Reportedly Found on Instagram, Telegram ❌</strong><br><br><code>Events application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram.</code><br><br><a href="https://threatpost.com/breach-peatix-data-instagram-telegram/161560/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16807">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:26:20">
18:26
       </div>

       <div class="text">
<strong>🕴 Alexa, Disarm the Victim&apos;s Home Security System 🕴</strong><br><br><code>Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.</code><br><br><a href="https://www.darkreading.com/risk/alexa-disarm-the-victims-home-security-system-/d/d-id/1339532?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16808">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:46:58">
18:46
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28329 ‼</strong><br><br><code>Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28329">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16809">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:46:59">
18:46
       </div>

       <div class="text">
<strong>‼ CVE-2020-25640 ‼</strong><br><br><code>A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25640">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16810">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:47:00">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-25654 ‼</strong><br><br><code>An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25654">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16811">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:47:01">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29053 ‼</strong><br><br><code>HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29053">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16812">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:47:02">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-28333 ‼</strong><br><br><code>Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a &quot;SEID&quot; token that is appended to the end of URLs in GET requests. Thus the &quot;SEID&quot; would be exposed in web proxy logs and browser history. An attacker that is able to capture the &quot;SEID&quot; and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28333">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16813">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:47:06">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-28334 ‼</strong><br><br><code>Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28334">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16814">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:47:07">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-28330 ‼</strong><br><br><code>Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2.5.1.8. An attacker armed with hardcoded API credentials (retrieved by exploiting CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp of a Barco wePresent WiPG-1600W device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28330">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16815">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:47:08">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-28332 ‼</strong><br><br><code>Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28332">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16816">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 18:47:08">
18:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-25159 ‼</strong><br><br><code>499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25159">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16817">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 19:25:14">
19:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 CISA Warns of Holiday Online Shopping Scams 🕴</strong><br><br><code>The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cisa-warns-of-holiday-online-shopping-scams/d/d-id/1339534?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16818">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 19:26:22">
19:26
       </div>

       <div class="text">
<strong>🕴 How Ransomware Defense is Evolving With Ransomware Attacks 🕴</strong><br><br><code>As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic &quot;keep good backups&quot; advice.</code><br><br><a href="https://www.darkreading.com/theedge/how-ransomware-defense-is-evolving-with-ransomware-attacks/b/d-id/1339533?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16819">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 19:26:23">
19:26
       </div>

       <div class="text">
<strong>🕴 Baidu Apps Leaked Location Data, Machine Learning Reveals 🕴</strong><br><br><code>Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone&apos;s hardware and location without the user&apos;s knowledge, research finds.</code><br><br><a href="https://www.darkreading.com/mobile/baidu-apps-leaked-location-data-machine-learning-reveals/d/d-id/1339536?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16820">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 19:56:23">
19:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Latest Version of TrickBot Employs Clever New Obfuscation Trick 🕴</strong><br><br><code>The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/latest-version-of-trickbot-employs-clever-new-obfuscation-trick/d/d-id/1339537?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16821">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:26:28">
20:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Graylog: How to add clients to the system log manager 🦿</strong><br><br><code>Graylog makes it easy to send syslog information from clients to the hosting server. Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/videos/graylog-how-to-add-clients-to-the-system-log-manager/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16822">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:03">
20:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29058 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29058">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16823">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:05">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29057 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a &quot;shawarma&quot; attack.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29057">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16824">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:06">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2015-9550 ‼</strong><br><br><code>An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9550">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16825">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:07">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-26232 ‼</strong><br><br><code>Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26232">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16826">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:08">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29062 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29062">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16827">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:09">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2015-9551 ‼</strong><br><br><code>An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9551">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16828">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:10">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29060 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29060">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16829">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:11">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29059 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29059">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16830">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:12">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29054 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use &quot;show system infor&quot; to discover cleartext TELNET credentials.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29054">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16831">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:13">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29063 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&amp;^#@$a2s0i3g value.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29063">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16832">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:14">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29055 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn&apos;t support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29055">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16833">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:16">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-26235 ‼</strong><br><br><code>In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires the user to set any environment variable in a different thread than the affected functions. The affected functions are time::UtcOffset::local_offset_at, time::UtcOffset::try_local_offset_at, time::UtcOffset::current_local_offset, time::UtcOffset::try_current_local_offset, time::OffsetDateTime::now_local and time::OffsetDateTime::try_now_local. Non-Unix targets are unaffected. This includes Windows and wasm. The issue was introduced in version 0.2.7 and fixed in version 0.2.23.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26235">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16834">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:17">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29056 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29056">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16835">

      <div class="body">

       <div class="pull_right date details" title="24.11.2020 20:47:18">
20:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29061 ‼</strong><br><br><code>An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29061">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-689">

      <div class="body details">
25 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16836">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 03:47:23">
03:47
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26241 ‼</strong><br><br><code>Go Ethereum, or &quot;Geth&quot;, is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth&apos;s pre-compiled dataCopy (at 0x00...04) contract did a shallow copy on invocation. An attacker could deploy a contract that writes X to an EVM memory region R, then calls 0x00..04 with R as an argument, then overwrites R to Y, and finally invokes the RETURNDATACOPY opcode. When this contract is invoked, a consensus-compliant node would push X on the EVM stack, whereas Geth would push Y. This is fixed in version 1.9.17.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26241">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16837">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 03:47:24">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29071 ‼</strong><br><br><code>An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving sensitive information about encrypted e-mails, depending on the permissions of the target user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29071">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16838">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 03:47:25">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-29072 ‼</strong><br><br><code>A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29072">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16839">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 03:47:26">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-26242 ‼</strong><br><br><code>Go Ethereum, or &quot;Geth&quot;, is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26242">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16840">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 03:47:26">
03:47
       </div>

       <div class="text">
<strong>‼ CVE-2020-26240 ‼</strong><br><br><code>Go Ethereum, or &quot;Geth&quot;, is the official Golang implementation of the Ethereum protocol. An ethash mining DAG generation flaw in Geth before version 1.9.24 could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. This issue is fixed as of 1.9.24</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16841">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 11:27:40">
11:27
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ S3 Ep8: A conversation with Katie Moussouris ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Podcast - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/25/s3-ep8-a-conversation-with-katie-moussouris/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16842">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 11:50:29">
11:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Light-Based Attacks Expand in the Digital Home ❌</strong><br><br><code>The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.</code><br><br><a href="https://threatpost.com/light-based-attacks-digital-home/161583/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16843">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 12:26:56">
12:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Why Security Awareness Training Should Be Backed by Security by Design 🕴</strong><br><br><code>Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/why-security-awareness-training-should-be-backed-by-security-by-design/d/d-id/1339538?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16844">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 12:26:56">
12:26
       </div>

       <div class="text">
<strong>🕴 Prevention Is Better Than the Cure When Securing Cloud-Native Deployments 🕴</strong><br><br><code>The &quot;OODA loop&quot; shows us how to secure cloud-native deployments and prevent breaches before they occur.</code><br><br><a href="https://www.darkreading.com/cloud/prevention-is-better-than-the-cure-when-securing-cloud-native-deployments-/a/d-id/1339361?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16845">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 12:50:43">
12:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ How to Update Your Remote Access Policy – And Why You Should Now ❌</strong><br><br><code>Reducing the risks of remote work starts with updating the access policies of yesterday.</code><br><br><a href="https://threatpost.com/how-to-update-remote-access-policy/161589/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16846">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 12:56:44">
12:56
       </div>

       <div class="text">
<strong>🦿 Banks looking to confidential computing for solutions to money laundering, theft, and fraud 🦿</strong><br><br><code>Tech companies are offering this emerging technology to help financial institutions secure data while it is being processed.</code><br><br><a href="https://www.techrepublic.com/article/banks-looking-to-confidential-computing-for-solutions-to-money-laundering-theft-and-fraud/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16847">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 13:04:37">
13:04
       </div>

       <div class="text">
<strong>🔏 What is a Security Operations Center (SOC)? 🔏</strong><br><br><code>Learn about how security operations centers work and why many organizations rely on SOCs as a valuable resource for security incident detection.</code><br><br><a href="https://digitalguardian.com/blog/what-security-operations-center-soc">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16848">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 14:21:02">
14:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Major BEC Phishing Ring Cracked Open with 3 Arrests ❌</strong><br><br><code>Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.</code><br><br><a href="https://threatpost.com/bec-phishing-ring-3-arrests/161616/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16849">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 14:21:03">
14:21
       </div>

       <div class="text">
<strong>❌ Critical MobileIron RCE Flaw Under Active Attack ❌</strong><br><br><code>Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others.</code><br><br><a href="https://threatpost.com/critical-mobileiron-rce-flaw-attack/161600/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16850">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 14:26:45">
14:26
       </div>

       <div class="text">
<strong>🦿 Top 5 business sectors targeted by ransomware 🦿</strong><br><br><code>Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.</code><br><br><a href="https://www.techrepublic.com/article/top-5-business-sectors-targeted-by-ransomware/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16851">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 14:26:46">
14:26
       </div>

       <div class="text">
<strong>🦿 5 business sectors ransomware targets 🦿</strong><br><br><code>Any business is subject to ransomware attacks, but some are more hit more than others. Tom Merritt lists five business sectors that are targeted by ransomware.</code><br><br><a href="https://www.techrepublic.com/videos/5-business-sectors-ransomware-targets/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16852">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 14:48:10">
14:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25650 ‼</strong><br><br><code>A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25650">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16853">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 15:31:15">
15:31
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Look Beyond the &apos;Big 5&apos; in Cyberattacks 🕴</strong><br><br><code>Don&apos;t ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren&apos;t among the usual suspects.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/look-beyond-the-big-5-in-cyberattacks/d/d-id/1339543?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16854">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 16:06:05">
16:06
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Do You Know Who&apos;s Lurking in Your Cloud Environment? 🕴</strong><br><br><code>A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.</code><br><br><a href="https://www.darkreading.com/cloud/do-you-know-whos-lurking-in-your-cloud-environment/d/d-id/1339544?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16855">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 16:48:06">
16:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26212 ‼</strong><br><br><code>GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. Steps to reproduce the behavior: 1. Create a new planning with &apos;eduardo.mozart&apos; user (from &apos;IT&apos; group that belongs to &apos;Super-admin&apos;) into it&apos;s personal planning at &apos;Assistance&apos; &gt; &apos;Planning&apos;. 2. Copy the CalDAV url and use a CalDAV client (e.g. Thunderbird) to sync the planning with the provided URL. 3. Inform the username and password from any valid user (e.g. &apos;camila&apos; from &apos;Proativa&apos; group). 4. &apos;Camila&apos; has read-only access to &apos;eduardo.mozart&apos; personal planning. The same behavior happens to any group. E.g. &apos;Camila&apos; has access to &apos;IT&apos; group planning, even if she doesn&apos;t belong to this group and has a &apos;Self-service&apos; profile permission). This issue is fixed in version 9.5.3. As a workaround, one can remove the `caldav.php` file to block access to CalDAV server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26212">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16856">

      <div class="body">

       <div class="pull_right date details" title="25.11.2020 16:48:08">
16:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-26243 ‼</strong><br><br><code>Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26243">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-690">

      <div class="body details">
26 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16857">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 03:48:24">
03:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27253 ‼</strong><br><br><code>A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27253">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16858">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 03:48:25">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-27251 ‼</strong><br><br><code>A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27251">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16859">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 03:48:25">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-25652 ‼</strong><br><br><code>A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25652">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16860">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 03:48:26">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-25653 ‼</strong><br><br><code>A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25653">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16861">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 03:48:27">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-25651 ‼</strong><br><br><code>A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25651">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16862">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 03:48:31">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-29128 ‼</strong><br><br><code>petl before 1.68, in some configurations, allows resolution of entities in an XML document.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16863">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 03:48:32">
03:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-27255 ‼</strong><br><br><code>A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27255">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16864">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 10:48:41">
10:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7778 ‼</strong><br><br><code>This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7778">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16865">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 10:48:42">
10:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-7779 ‼</strong><br><br><code>All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7779">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16866">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 11:21:14">
11:21
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Federated Learning: A Therapeutic for what Ails Digital Health ❌</strong><br><br><code>Researchers show the promise of Federated Learning to protect patient privacy and improve healthcare outcomes across the world.</code><br><br><a href="https://threatpost.com/federated-learning-a-ails-digital-health/161633/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16867">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 11:21:15">
11:21
       </div>

       <div class="text">
<strong>❌ Changing Employee Security Behavior Takes More Than Simple Awareness ❌</strong><br><br><code>Designing a behavioral change program requires an audit of existing security practices and where the sticking points are.</code><br><br><a href="https://threatpost.com/changing-employee-security-behavior-awareness/161607/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16868">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 14:59:08">
14:59
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Bzzzzzzt! How safe is that keenly priced digital doorbell? ⚠</strong><br><br><code>How on earth are you supposed to figure out whether that home gadget you just ordered is full of security holes or not?</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/26/bzzzzzzt-how-safe-is-that-keenly-priced-digital-doorbell/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16869">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 16:48:58">
16:48
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27662 ‼</strong><br><br><code>In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27662">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16870">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 16:48:58">
16:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-29043 ‼</strong><br><br><code>An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29043">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16871">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 16:48:59">
16:48
       </div>

       <div class="text">
<strong>‼ CVE-2020-27663 ‼</strong><br><br><code>In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27663">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16872">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 16:49:00">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-29065 ‼</strong><br><br><code>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29065">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16873">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 16:49:01">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-13886 ‼</strong><br><br><code>Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13886">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16874">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 16:49:05">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-27207 ‼</strong><br><br><code>Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27207">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16875">

      <div class="body">

       <div class="pull_right date details" title="26.11.2020 16:49:06">
16:49
       </div>

       <div class="text">
<strong>‼ CVE-2020-29042 ‼</strong><br><br><code>An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29042">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-691">

      <div class="body details">
27 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16876">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 08:49:40">
08:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-25738 ‼</strong><br><br><code>CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25738">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16877">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 10:34:20">
10:34
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Failing Toward Zero: Why Your Security Needs to Fail to Get Better 🕴</strong><br><br><code>Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/failing-toward-zero-why-your-security-needs-to-fail-to-get-better/a/d-id/1339403?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16878">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 11:22:08">
11:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ ThreatList: Cyber Monday Looms – But Shoppers Oblivious to Top Retail Threats ❌</strong><br><br><code>Online shoppers are blissfully unaware of credit card skimming threats and malicious shopping apps as they head into this year&apos;s Black Friday and Cyber Monday holiday shopping events.</code><br><br><a href="https://threatpost.com/threatlist-cyber-monday-looms-retail-threats/161563/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16879">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 11:22:09">
11:22
       </div>

       <div class="text">
<strong>❌ Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes ❌</strong><br><br><code>While 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense.</code><br><br><a href="https://threatpost.com/cybersecurity-predictions-2021-robot-overlords-connected-car/161594/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16880">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 11:34:21">
11:34
       </div>

       <div class="text">
<strong>🕴 5 Signs Someone Might be Taking Advantage of Your Security Goodness 🕴</strong><br><br><code>Not everyone in a security department is acting in good faith, and they&apos;ll do what they can to bypass those who do. Here&apos;s how to spot them.</code><br><br><a href="https://www.darkreading.com/edge/theedge/5-signs-someone-might-be-taking-advantage-of-your-security-goodness/b/d-id/1339542?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16881">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 14:52:57">
14:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ TurkeyBombing Puts New Twist on Zoom Abuse ❌</strong><br><br><code>Threat actors already stole nearly 4,000 credentials before the holiday was even over, according to report.</code><br><br><a href="https://threatpost.com/turkeybombing-zoom-abuse/161646/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16882">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:04:32">
16:04
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Test 🕴</strong><br><br><code>A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.</code><br><br><a href="https://www.darkreading.com/cloud/test/d/d-id/1339545?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16883">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:49:59">
16:49
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28921 ‼</strong><br><br><code>An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28921">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16884">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:00">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-19873 ‼</strong><br><br><code>An issue was discovered in B&amp;R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19873">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16885">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:00">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-19874 ‼</strong><br><br><code>An issue was discovered in B&amp;R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19874">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16886">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:01">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-27746 ‼</strong><br><br><code>Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27746">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16887">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:02">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2017-15685 ‼</strong><br><br><code>Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15685">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16888">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:06">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-27745 ‼</strong><br><br><code>Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27745">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16889">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:07">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2017-15684 ‼</strong><br><br><code>Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15684">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16890">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:08">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-7780 ‼</strong><br><br><code>This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7780">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16891">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:09">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2017-15680 ‼</strong><br><br><code>In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16892">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:10">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2017-15686 ‼</strong><br><br><code>Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15686">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16893">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:14">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-19877 ‼</strong><br><br><code>An issue was discovered in B&amp;R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19877">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16894">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:14">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-19875 ‼</strong><br><br><code>An issue was discovered in B&amp;R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19875">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16895">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:15">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2017-15681 ‼</strong><br><br><code>In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15681">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16896">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:16">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-28922 ‼</strong><br><br><code>An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28922">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16897">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:17">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-25014 ‼</strong><br><br><code>A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25014">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16898">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:18">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2017-15682 ‼</strong><br><br><code>In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15682">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16899">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:19">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2017-15683 ‼</strong><br><br><code>In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15683">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16900">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:20">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-19876 ‼</strong><br><br><code>An issue was discovered in B&amp;R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19876">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16901">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:21">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-10772 ‼</strong><br><br><code>An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10772">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16902">

      <div class="body">

       <div class="pull_right date details" title="27.11.2020 16:50:21">
16:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-25708 ‼</strong><br><br><code>A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25708">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-692">

      <div class="body details">
28 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16903">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 03:50:28">
03:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27218 ‼</strong><br><br><code>In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27218">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16904">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:43">
08:50
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29374 ‼</strong><br><br><code>An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29374">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16905">

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:44">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29369 ‼</strong><br><br><code>An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29369">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16906">

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:45">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29371 ‼</strong><br><br><code>An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29371">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16907">

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:45">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2019-20934 ‼</strong><br><br><code>An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20934">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16908">

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:46">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29370 ‼</strong><br><br><code>An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29370">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16909">

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:50">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29372 ‼</strong><br><br><code>An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29372">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16910">

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:51">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29373 ‼</strong><br><br><code>An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29373">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16911">

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 08:50:52">
08:50
       </div>

       <div class="text">
<strong>‼ CVE-2020-29368 ‼</strong><br><br><code>An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29368">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16912">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 12:22:55">
12:22
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ 2021 Healthcare Cybersecurity Priorities: Experts Weigh In ❌</strong><br><br><code>Hackers are putting a bullseye on healthcare. Experts explore why hospitals are being singled out and what any company can do to better protect themselves.</code><br><br><a href="https://threatpost.com/2021-healthcare-cybersecurity-priorities/161596/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16913">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 13:58:18">
13:58
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 7 big data goals for 2021: AI, DevOps, hybrid cloud, and more 🦿</strong><br><br><code>As you plan your big data strategy for next year, keep these seven goals in mind.</code><br><br><a href="https://www.techrepublic.com/article/7-big-data-goals-for-2021-ai-devops-hybrid-cloud-and-more/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16914">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="28.11.2020 15:08:57">
15:08
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 nfstream 6.2.5 🛠</strong><br><br><code>nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.</code><br><br><a href="https://packetstormsecurity.com/files/160259/nfstream-6.2.5.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-693">

      <div class="body details">
29 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16915">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:30">
03:51
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29376 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29376">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16916">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:31">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29381 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in &quot;upload tftp syslog&quot; and &quot;upload tftp configuration&quot; in the CLI via a crafted filename.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29381">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16917">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:32">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29380 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29380">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16918">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:33">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29383 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29383">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16919">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:33">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29382 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29382">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16920">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:37">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29375 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29375">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16921">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:38">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29379 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29379">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16922">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:39">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29377 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29377">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16923">

      <div class="body">

       <div class="pull_right date details" title="29.11.2020 03:51:40">
03:51
       </div>

       <div class="text">
<strong>‼ CVE-2020-29378 ‼</strong><br><br><code>An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29378">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-694">

      <div class="body details">
30 November 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16924">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 06:30:33">
06:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Home Wi-Fi security tips – 5 things to check ⚠</strong><br><br><code>5 checks to make sure your home Wi-Fi is secure</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/30/home-wi-fi-security-tips-5-things-to-check/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16925">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 08:52:47">
08:52
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-27660 ‼</strong><br><br><code>SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27660">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16926">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 08:52:48">
08:52
       </div>

       <div class="text">
<strong>‼ CVE-2020-25624 ‼</strong><br><br><code>hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25624">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16927">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 08:52:49">
08:52
       </div>

       <div class="text">
<strong>‼ CVE-2020-29127 ‼</strong><br><br><code>An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&amp;csppage=cgi_PgOverview&amp;csplang=en is visited from a different web browser.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16928">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 08:52:50">
08:52
       </div>

       <div class="text">
<strong>‼ CVE-2020-27659 ‼</strong><br><br><code>Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27659">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16929">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 10:30:38">
10:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>⚠ Naked Security Live – The Gift Card hackers ⚠</strong><br><br><code>Here&apos;s the latest Naked Security Live video - please watch and share with your friends...</code><br><br><a href="https://nakedsecurity.sophos.com/2020/11/30/naked-security-live-the-gift-card-hackers/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16930">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 14:53:42">
14:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ MacOS Users Targeted By OceanLotus Backdoor ❌</strong><br><br><code>The new backdoor comes with multiple payloads and new detection evasion tactics.</code><br><br><a href="https://threatpost.com/macos-users-targeted-oceanlotus-backdoor/161655/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16931">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 14:53:43">
14:53
       </div>

       <div class="text">
<strong>❌ Pandemic, A Driving Force in 2021 Financial Crime ❌</strong><br><br><code>Ransomware gangs with zero-days and more players overall will characterize financially motivated cyberattacks next year.</code><br><br><a href="https://threatpost.com/2021-financial-crime-covid-19/161665/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16932">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:29:12">
16:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Cybersecurity report: Average household hit with 104 threats each month 🦿</strong><br><br><code>The most vulnerable devices include laptops, computers, smartphones and tablets, networked cameras and storage devices, and streaming video devices, a new report found.</code><br><br><a href="https://www.techrepublic.com/article/cybersecurity-report-average-household-hit-with-104-threats-each-month/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16933">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:29:13">
16:29
       </div>

       <div class="text">
<strong>🦿 How to get Linux to see the FEITIAN fingerprint reader for FIDO2 security 🦿</strong><br><br><code>If you&apos;ve purchased a FEITIAN FIDO2 device and can&apos;t seem to get it working with Linux, Jack Wallen shows you how.</code><br><br><a href="https://www.techrepublic.com/article/how-to-get-linux-to-see-the-feitian-fingerprint-reader-for-fido2-security/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16934">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:53:14">
16:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29364 ‼</strong><br><br><code>In NetArt News Lister 1.0.0, news headlines are vulnerable to stored XSS.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29364">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16935">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:53:15">
16:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-25537 ‼</strong><br><br><code>File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25537">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16936">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:53:16">
16:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-29392 ‼</strong><br><br><code>The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29392">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16937">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:53:17">
16:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-28926 ‼</strong><br><br><code>ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28926">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16938">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:53:18">
16:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-29390 ‼</strong><br><br><code>Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29390">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16939">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 16:53:48">
16:53
       </div>

       <div class="text">
<strong>❌ Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign ❌</strong><br><br><code>A strain of the 13-year old backdoor Bandook trojan has been spotted in an espionage campaign.</code><br><br><a href="https://threatpost.com/digitally-signed-bandook-trojan-spy-campaign/161676/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16940">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:24:42">
18:24
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand ❌</strong><br><br><code>The ransomware group has leaked stolen data to add pressure on the company to pay up.</code><br><br><a href="https://threatpost.com/conti-iot-chip-advantech-ransom-demand/161691/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16941">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:29:15">
18:29
       </div>

       <div class="text">
<strong>🦿 Safari for iOS 14 and macOS 11: How to prevent websites from tracking your moves online 🦿</strong><br><br><code>Apple has deployed a privacy feature in iOS 14 and macOS 11 Safari that disables trackers from learning about which websites you visit. Learn all about this new feature and how to use it.</code><br><br><a href="https://www.techrepublic.com/article/safari-for-ios-14-and-macos-11-how-to-prevent-websites-from-tracking-your-moves-online/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16942">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:19">
18:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29394 ‼</strong><br><br><code>A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29394">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16943">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:20">
18:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-6317 ‼</strong><br><br><code>In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6317">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16944">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:21">
18:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-29395 ‼</strong><br><br><code>The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29395">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16945">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:22">
18:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-8351 ‼</strong><br><br><code>A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8351">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16946">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:23">
18:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-27586 ‼</strong><br><br><code>Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27586">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16947">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:24">
18:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-27587 ‼</strong><br><br><code>Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27587">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16948">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:25">
18:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-17901 ‼</strong><br><br><code>Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17901">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16949">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:53:26">
18:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-27585 ‼</strong><br><br><code>Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27585">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16950">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 18:56:21">
18:56
       </div>

       <div class="text">
<strong>❌ Post-Cyberattack, UVM Health Network Still Picking Up Pieces ❌</strong><br><br><code>More than a month after the cyberattack first hit, the UVM health network is still grappling with delayed payment processing and other issues.</code><br><br><a href="https://threatpost.com/cyberattack-uvm-health-picking-up-pieces/161681/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16951">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:11:00">
20:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Baltimore County Public Schools Closed Due to Ransomware Attack 🕴</strong><br><br><code>The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/baltimore-county-public-schools-closed-due-to-ransomware-attack/d/d-id/1339555?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16952">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:41:01">
20:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Driven by Ransomware, Cyber Claims Rise in Number &amp; Value 🕴</strong><br><br><code>Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.</code><br><br><a href="https://www.darkreading.com/risk/driven-by-ransomware-cyber-claims-rise-in-number-and-value/d/d-id/1339557?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16953">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:24">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-11867 ‼</strong><br><br><code>Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11867">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16954">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:25">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-29438 ‼</strong><br><br><code>Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29438">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16955">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:26">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-29440 ‼</strong><br><br><code>Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29440">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16956">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:26">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-16850 ‼</strong><br><br><code>Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16850">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16957">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:27">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-4127 ‼</strong><br><br><code>HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user&apos;s system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4127">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16958">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:28">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-29441 ‼</strong><br><br><code>An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29441">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16959">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:29">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-29439 ‼</strong><br><br><code>Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29439">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16960">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 20:53:30">
20:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-16849 ‼</strong><br><br><code>An issue was discovered on Canon MF237w 06.07 devices. An &quot;Improper Handling of Length Parameter Inconsistency&quot; issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16849">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16961">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 22:53:30">
22:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-4129 ‼</strong><br><br><code>HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4129">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16962">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 22:53:31">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-9115 ‼</strong><br><br><code>ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9115">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16963">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 22:53:32">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-4126 ‼</strong><br><br><code>HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4126">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16964">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 22:53:33">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-14193 ‼</strong><br><br><code>Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes &amp; &lt;jira-installation&gt;/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14193">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16965">

      <div class="body">

       <div class="pull_right date details" title="30.11.2020 22:53:33">
22:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-9116 ‼</strong><br><br><code>Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9116">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-695">

      <div class="body details">
1 December 2020
      </div>

     </div>

     <div class="message default clearfix" id="message16966">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 03:53:39">
03:53
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-9114 ‼</strong><br><br><code>FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9114">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16967">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 03:53:40">
03:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-9117 ‼</strong><br><br><code>HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9117">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16968">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 03:53:41">
03:53
       </div>

       <div class="text">
<strong>‼ CVE-2020-15257 ‼</strong><br><br><code>containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the &quot;host&quot; network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container&apos;s privilege, regardless of what container runtime is used for running that container.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15257">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16969">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 10:11:34">
10:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 2020 Cybersecurity Holiday Gift Guide for Kids 🕴</strong><br><br><code>Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.</code><br><br><a href="https://www.darkreading.com/careers-and-people/2020-cybersecurity-holiday-gift-guide-for-kids/d/d-id/1339547?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16970">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 10:25:05">
10:25
       </div>

       <div class="text">
<strong>❌ Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout ❌</strong><br><br><code>New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.</code><br><br><a href="https://threatpost.com/magecart-hijacks-paypal-transactions/161697/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16971">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 12:13:44">
12:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Former NSS Labs CEO Launches New Security Testing Organization 🕴</strong><br><br><code>Member-based CyberRatings.org to offer free to tiered paid access to tested security product and services ratings.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/former-nss-labs-ceo-launches-new-security-testing-organization%20/d/d-id/1339559?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16972">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 12:13:46">
12:13
       </div>

       <div class="text">
<strong>🕴 Can&apos;t Afford a Full-time CISO? Try the Virtual Version 🕴</strong><br><br><code>A vCISO can align a company&apos;s information security program to business strategy and budgeting guidance to senior management.</code><br><br><a href="https://www.darkreading.com/operations/cant-afford-a-full-time-ciso-try-the-virtual-version/a/d-id/1339386?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16973">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 12:54:00">
12:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Delivery scams surge to ring in the holiday season 🦿</strong><br><br><code>November saw a spike in phishing emails spoofing shipping companies such as DHL, Amazon, and FedEx, says Check Point Research.</code><br><br><a href="https://www.techrepublic.com/article/delivery-scams-surge-to-ring-in-the-holiday-season/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16974">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 12:54:01">
12:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-4128 ‼</strong><br><br><code>HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4128">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16975">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 13:25:06">
13:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World 🕴</strong><br><br><code>SPONSORED: As most of the world shifted to remote work in 2020, cybercriminals upped their game, devising ways to use the fears and anxieties of organizations and end users against them. Sophos Principal Research Scientist Chester Wisniewski discusses the fast-changing attacker behaviors outlined in the Sophos 2021 Threat Report, and how IT professionals need to update their approach to protect against more sophisticated threats.</code><br><br><a href="https://www.darkreading.com/attacks-breaches/sophos-2021-threat-report-navigating-cybersecurity-in-an-uncertain-world/d/d-id/1339561?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16976">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:11:36">
14:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🛠 THC-IPv6 Attack Tool 3.8 🛠</strong><br><br><code>THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.</code><br><br><a href="https://packetstormsecurity.com/files/160298/thc-ipv6-3.8.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16977">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:11:37">
14:11
       </div>

       <div class="text">
<strong>🛠 SQLMAP - Automatic SQL Injection Tool 1.4.12 🛠</strong><br><br><code>sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user&apos;s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.</code><br><br><a href="https://packetstormsecurity.com/files/160297/sqlmap-1.4.12.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16978">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:11:38">
14:11
       </div>

       <div class="text">
<strong>🛠 Mandos Encrypted File System Unattended Reboot Utility 1.8.13 🛠</strong><br><br><code>The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.</code><br><br><a href="https://packetstormsecurity.com/files/160296/mandos_1.8.13.orig.tar.gz">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16979">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:11:39">
14:11
       </div>

       <div class="text">
<strong>🕴 Ivanti Acquires MobileIron &amp; Pulse Secure 🕴</strong><br><br><code>The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.</code><br><br><a href="https://www.darkreading.com/endpoint/ivanti-acquires-mobileiron-and-pulse-secure/d/d-id/1339562?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16980">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:25:12">
14:25
       </div>

       <div class="text">
<strong>❌ Zoom Impersonation Attacks Aim to Steal Credentials ❌</strong><br><br><code>The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.</code><br><br><a href="https://threatpost.com/zoom-impersonation-attacks-credentials/161718/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16981">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:25:13">
14:25
       </div>

       <div class="text">
<strong>❌ Electronic Medical Records Cracked Open by OpenClinic Bugs ❌</strong><br><br><code>Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.</code><br><br><a href="https://threatpost.com/electronic-medical-records-openclinic-bugs/161722/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16982">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:04">
14:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-7548 ‼</strong><br><br><code>A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7548">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16983">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:05">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28971 ‼</strong><br><br><code>An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28971">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16984">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:06">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28970 ‼</strong><br><br><code>An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.)</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28970">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16985">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:07">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28993 ‼</strong><br><br><code>A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28993">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16986">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:08">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28940 ‼</strong><br><br><code>On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28940">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16987">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:10">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-26762 ‼</strong><br><br><code>A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26762">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16988">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:11">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-25181 ‼</strong><br><br><code>WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25181">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16989">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:12">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-7545 ‼</strong><br><br><code>A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7545">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16990">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:13">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-7546 ‼</strong><br><br><code>A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7546">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16991">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:14">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-25177 ‼</strong><br><br><code>WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25177">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16992">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:14">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-7533 ‼</strong><br><br><code>A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7533">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16993">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:15">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-7547 ‼</strong><br><br><code>A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7547">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16994">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 14:54:16">
14:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-6880 ‼</strong><br><br><code>A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6880">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16995">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 15:41:46">
15:41
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Call Fraud Operator Ordered to Pay $9M to Victims 🕴</strong><br><br><code>Indian national will serve 20 years in prison for running a large call center fraud operation.</code><br><br><a href="https://www.darkreading.com/cloud/call-fraud-operator-ordered-to-pay-%249m-to-victims/d/d-id/1339567?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16996">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 16:11:46">
16:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 The Cybersecurity Skills Gap: It Doesn&apos;t Have to Be This Way 🕴</strong><br><br><code>Once it becomes clear that off-the-shelf experts aren&apos;t realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.</code><br><br><a href="https://www.darkreading.com/careers-and-people/the-cybersecurity-skills-gap-it-doesnt-have-to-be-this-way/a/d-id/1339437?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16997">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 16:38:58">
16:38
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🔏 FBI Warns of BEC Scammers Using Email Forwarding 🔏</strong><br><br><code>The FBI says scammers are increasingly abusing forwarding rules on web-based email clients to hide their activity, opening the door for a Business Email Compromise (BEC) attack.</code><br><br><a href="https://digitalguardian.com/blog/fbi-warns-bec-scammers-using-email-forwarding">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message16998">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 16:54:09">
16:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29315 ‼</strong><br><br><code>ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29315">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message16999">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 16:54:10">
16:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-8539 ‼</strong><br><br><code>Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8539">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17000">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 16:54:11">
16:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-11990 ‼</strong><br><br><code>We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11990">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17001">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 16:54:11">
16:54
       </div>

       <div class="text">
<strong>‼ CVE-2019-16958 ‼</strong><br><br><code>Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16958">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17002">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 16:57:11">
16:57
       </div>

       <div class="text">
<strong>❌ Cayman Islands Bank Records Exposed in Open Azure Blob ❌</strong><br><br><code>An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.</code><br><br><a href="https://threatpost.com/cayman-islands-bank-records-exposed-azure-blob/161729/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17003">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:54:14">
18:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28583 ‼</strong><br><br><code>An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28583">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17004">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:54:15">
18:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28582 ‼</strong><br><br><code>An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28582">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17005">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:54:16">
18:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28575 ‼</strong><br><br><code>A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28575">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17006">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:54:17">
18:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28573 ‼</strong><br><br><code>An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28573">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17007">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:54:18">
18:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28576 ‼</strong><br><br><code>An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28576">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17008">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:54:20">
18:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-28577 ‼</strong><br><br><code>An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28577">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17009">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:57:15">
18:57
       </div>

       <div class="text">
<strong>❌ Android Messenger App Still Leaking Photos, Videos ❌</strong><br><br><code>The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.</code><br><br><a href="https://threatpost.com/android-messenger-app-leaking-photos-videos/161741/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17010">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 18:57:16">
18:57
       </div>

       <div class="text">
<strong>❌ Misconfigured Docker Servers Under Attack by Xanthe Malware ❌</strong><br><br><code>The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.</code><br><br><a href="https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17011">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 19:11:50">
19:11
       </div>

       <div class="text">
<strong>🕴 SASE 101: Why All the Buzz? 🕴</strong><br><br><code>Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises&apos; remote employees -- and these days that means billions of workers.</code><br><br><a href="https://www.darkreading.com/edge/theedge/sase-101-why-all-the-buzz/b/d-id/1339570?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17012">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 19:29:41">
19:29
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 How to protect your personal data from being sold on the Dark Web 🦿</strong><br><br><code>Cybercriminals can use stolen information for extortion, scams and phishing schemes, and the direct theft of money, says Kaspersky.</code><br><br><a href="https://www.techrepublic.com/article/how-to-protect-your-personal-data-from-being-sold-on-the-dark-web/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17013">

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 19:41:51">
19:41
       </div>

       <div class="text">
<strong>🕴 Malicious or Vulnerable Docker Images Widespread, Firm Says 🕴</strong><br><br><br><br><a href="https://www.darkreading.com/threat-intelligence/malicious-or-vulnerable-docker-images-widespread-firm-says/d/d-id/1339576?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17014">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 20:11:53">
20:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Inside North Korea&apos;s Rapid Evolution to Cyber Superpower 🕴</strong><br><br><code>Researchers examine North Korea&apos;s rapid evolution from destructive campaigns to complex and efficient cyber operations.</code><br><br><a href="https://www.darkreading.com/threat-intelligence/inside-north-koreas-rapid-evolution-to-cyber-superpower/d/d-id/1339574?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17015">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 20:54:42">
20:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26250 ‼</strong><br><br><code>OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed. Provider-based restrictions, including deprecated values such as `GitHubOAuthenticator.org_whitelist` are **not** affected. All users of OAuthenticator 0.12.0 and 0.12.1 with JupyterHub 1.2 (JupyterHub Helm chart 0.10.0-0.10.5) who use the `admin.whitelist.users` configuration in the jupyterhub helm chart or the `c.Authenticator.whitelist` configuration directly. Users of other deprecated configuration, e.g. `c.GitHubOAuthenticator.team_whitelist` are **not** affected. If you see a log line like this and expect a specific list of allowed usernames: &quot;[I 2020-11-27 16:51:54.528 JupyterHub app:1717] Not using allowed_users. Any authenticated user will be allowed.&quot; you are likely affected. Updating oauthenticator to 0.12.2 is recommended. A workaround is to replace the deprecated `c.Authenticator.whitelist = ...` with `c.Authenticator.allowed_users = ...`. If any users have been authorized during this time who should not have been, they must be deleted via the API or admin interface, per the referenced documentation.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26250">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17016">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="01.12.2020 22:11:57">
22:11
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Unmanaged Devices Heighten Risks for School Networks 🕴</strong><br><br><code>Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K-12 school networks.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/unmanaged-devices-heighten-risks-for-school-networks/d/d-id/1339578?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-696">

      <div class="body details">
2 December 2020
      </div>

     </div>

     <div class="message default clearfix" id="message17017">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 08:54:48">
08:54
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-29458 ‼</strong><br><br><code>Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29458">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17018">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 08:54:49">
08:54
       </div>

       <div class="text">
<strong>‼ CVE-2020-29456 ‼</strong><br><br><code>Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document&apos;s filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29456">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17019">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 11:12:21">
11:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Free Mobile App Measures Your Personal Cyber Risk 🕴</strong><br><br><code>New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.</code><br><br><a href="https://www.darkreading.com/endpoint/free-mobile-app-measures-your-personal-cyber-risk/d/d-id/1339577?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17020">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 11:25:14">
11:25
       </div>

       <div class="text">
<strong>❌ DNS Filtering: A Top Battle Front Against Malware and Phishing ❌</strong><br><br><code>Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware.</code><br><br><a href="https://threatpost.com/dns-filtering-a-top-battle-front-against-malware-and-phishing/161708/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17021">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 12:05:45">
12:05
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
‎<br>⚫️🔴⚫️🔴⚫️🔴⚫️🔴⚫️🔴⚫️<br>🔴<br>⚫️ 🤪 <strong>Incredible pack of books from €1 in Humble Bundle!</strong> 🤭<br>🔴<br>⚫️🔴⚫️🔴⚫️🔴⚫️🔴⚫️🔴⚫️<br>‎<br><br>▪️ Hacking: The Art of Exploitation.<br>▪️ The Car Hacker&apos;s Handbook: A Guide for the Penetration Tester.<br>▪️ Metasploit: A Penetration Tester&apos;s Guide.<br>▪️ Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software.<br>▪️ Penetration Testing: A Hands-On Introduction to Hacking.<br>▪️ Attacking Network Protocols: A Hacker&apos;s Guide to Capture, Analysis, and Exploitation.<br>▪️ Practical Packet Analysis, 3rd Edition: Using Wireshark to Solve Real-World Network Problems.<br>▪️ Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly.<br>▪️ Malware Data Science: Attack Detection and Attribution.<br>▪️ Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali.<br>▪️ The Linux Command Line, 2nd Edition: A Complete Introduction.<br>▪️ Serious Cryptography: A Practical Introduction to Modern Encryption.<br>▪️ Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats.<br>▪️ Black Hat Go: Go Programming For Hackers and Pentesters.<br>▪️ The Hardware Hacker: Adventures in Making and Breaking Hardware.<br>▪️ Web Security for Developers: Real Threats, Practical Defense.<br>▪️ Foundations of Information Security: A Straightforward Introduction.<br><br><br>🔻🔻🔻🔻
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17022">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 12:05:46">
12:05
       </div>

       <div class="text">
‎<br><br><strong>🔴 PACK OF BOOKS FROM €1 IN HUMBLE BUNDLE ‼️<br><br></strong>---------<br><em>▪️ Hacking: The Art of Exploitation.<br>▪️ The Car Hacker&apos;s Handbook: A Guide for the Penetration Tester.<br>▪️ Metasploit: A Penetration Tester&apos;s Guide.<br>▪️ Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software.<br>▪️ Penetration Testing: A Hands-On Introduction to Hacking.<br>▪️ Attacking Network Protocols: A Hacker&apos;s Guide to Capture, Analysis, and Exploitation.<br>▪️ Practical Packet Analysis, 3rd Edition: Using Wireshark to Solve Real-World Network Problems.<br>▪️ Etc., Etc., Etc.</em>
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17023">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 12:12:25">
12:12
       </div>

       <div class="text">
<strong>🕴 Why I&apos;d Take Good IT Hygiene Over Security&apos;s Latest Silver Bullet 🕴</strong><br><br><code>Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.</code><br><br><a href="https://www.darkreading.com/endpoint/why-id-take-good-it-hygiene-over-securitys-latest-silver-bullet/a/d-id/1339500?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17024">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 12:30:02">
12:30
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Productivity Score: Microsoft limits features of new tool following &apos;workplace surveillance&apos; concerns 🦿</strong><br><br><code>Productivity Score will no longer identify how individual users interact with Microsoft 365 apps.</code><br><br><a href="https://www.techrepublic.com/article/productivity-score-microsoft-limits-features-of-new-tool-following-workplace-surveillance-concerns/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17025">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 12:56:10">
12:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash ❌</strong><br><br><code>The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.</code><br><br><a href="https://threatpost.com/microsoft-m365-privacy-backlash/161760/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17026">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:00:09">
14:00
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🦿 Sales of CEO email accounts may give cyber criminals access to the &quot;crown jewels&quot; of a company 🦿</strong><br><br><code>Multiple security professionals said stolen credentials on Exploit.in were part of a tidal wave of business email compromise attacks.</code><br><br><a href="https://www.techrepublic.com/article/sales-of-ceo-email-accounts-may-give-cyber-criminals-access-to-the-crown-jewels-of-a-company/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17027">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:26:13">
14:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data ❌</strong><br><br><code>The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year.</code><br><br><a href="https://threatpost.com/healthcare-2021-cyberattacks-covid-19-patient-data/161776/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17028">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:31:54">
14:31
       </div>

       <div class="text">
<strong>⚠ How to steal photos off someone’s iPhone from across the street ⚠</strong><br><br><code>The bug at the heart of this is already patched - but there&apos;s a lot to learn from this story anyway.</code><br><br><a href="https://nakedsecurity.sophos.com/2020/12/02/how-to-steal-photos-off-someones-iphone-from-across-the-street/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17029">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:55:04">
14:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-28273 ‼</strong><br><br><code>Prototype pollution vulnerability in &apos;set-in&apos; versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28273">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17030">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:55:05">
14:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-25638 ‼</strong><br><br><code>A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17031">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:55:06">
14:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-28272 ‼</strong><br><br><code>Prototype pollution vulnerability in &apos;keyget&apos; versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28272">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17032">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:55:07">
14:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-14369 ‼</strong><br><br><code>This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14369">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17033">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 14:55:08">
14:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-12524 ‼</strong><br><br><code>Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12524">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17034">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 15:26:16">
15:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks ❌</strong><br><br><code>In a recent cyberattack against an E.U. country&apos;s Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.</code><br><br><a href="https://threatpost.com/turla-backdoor-dropbox-espionage-attacks/161777/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17035">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 15:39:41">
15:39
       </div>

       <div class="text">
<strong>🔏 FINRA Warns of Yet Another Phishing Attack Targeting Finance Industry 🔏</strong><br><br><code>Emails from an ongoing campaign are not connected to FINRA and should be deleted, the organization warns.</code><br><br><a href="https://digitalguardian.com/blog/finra-warns-yet-another-phishing-attack-targeting-finance-industry">📖 Read</a><br><br>via &quot;<em>Digital Guardian</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17036">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 15:42:42">
15:42
       </div>

       <div class="text">
<strong>🕴 Security Slipup Exposes Health Records &amp; Lab Results 🕴</strong><br><br><code>NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.</code><br><br><a href="https://www.darkreading.com/cloud/security-slipup-exposes-health-records-and-lab-results/d/d-id/1339591?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17037">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 15:42:43">
15:42
       </div>

       <div class="text">
<strong>🛠 I2P 0.9.48 🛠</strong><br><br><code>I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.</code><br><br><a href="https://packetstormsecurity.com/files/160334/i2psource_0.9.48.tar.bz2">📖 Read</a><br><br>via &quot;<em>Packet Storm Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17038">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:12:33">
16:12
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Automated Pen Testing: Can It Replace Humans? 🕴</strong><br><br><code>These tools have come a long way, but are they far enough along to make human pen testers obsolete?</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/automated-pen-testing-can-it-replace-humans/a/d-id/1339513?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17039">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:09">
16:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-13494 ‼</strong><br><br><code>A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13494">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17040">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:10">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-25266 ‼</strong><br><br><code>AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25266">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17041">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:11">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2017-14451 ‼</strong><br><br><code>An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14451">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17042">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:12">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-13496 ‼</strong><br><br><code>An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13496">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17043">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:13">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-13493 ‼</strong><br><br><code>A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13493">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17044">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:14">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29389 ‼</strong><br><br><code>The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29389">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17045">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:15">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-13497 ‼</strong><br><br><code>An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13497">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17046">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:16">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-13956 ‼</strong><br><br><code>Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13956">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17047">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:17">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29239 ‼</strong><br><br><code>Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29239">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17048">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:18">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-13498 ‼</strong><br><br><code>An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13498">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17049">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:19">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29240 ‼</strong><br><br><code>Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29240">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17050">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:20">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-25265 ‼</strong><br><br><code>AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25265">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17051">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 16:55:21">
16:55
       </div>

       <div class="text">
<strong>‼ CVE-2017-2910 ‼</strong><br><br><code>An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2910">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17052">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 17:26:19">
17:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Xerox DocuShare Bugs Allowed Data Leaks ❌</strong><br><br><code>CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.</code><br><br><a href="https://threatpost.com/xerox-docushare-bugs/161791/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17053">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 18:26:21">
18:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Think-Tanks Under Attack by APTs, CISA Warns ❌</strong><br><br><code>The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.</code><br><br><a href="https://threatpost.com/think-tanks-attack-apts-cisa/161807/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17054">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 18:42:36">
18:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Loyal Employee ... or Cybercriminal Accomplice? 🕴</strong><br><br><code>Can the bad guys&apos; insider recruitment methods be reverse-engineered to reveal potential insider threats? Let&apos;s take a look.</code><br><br><a href="https://www.darkreading.com/edge/theedge/loyal-employee--or-cybercriminal-accomplice-/b/d-id/1339594?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17055">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 18:42:37">
18:42
       </div>

       <div class="text">
<strong>🕴 FBI: BEC Scammers Could Abuse Email Auto-Forwarding 🕴</strong><br><br><code>Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.</code><br><br><a href="https://www.darkreading.com/application-security/fbi-bec-scammers-could-abuse-email-auto-forwarding/d/d-id/1339596?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17056">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 18:55:14">
18:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-26244 ‼</strong><br><br><code>Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26244">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17057">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 18:55:15">
18:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-28206 ‼</strong><br><br><code>An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An &quot;User enumeration and Improper Restriction of Excessive Authentication Attempts&quot; vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28206">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17058">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 18:58:15">
18:58
       </div>

       <div class="text">
<strong>❌ Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks ❌</strong><br><br><code>Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.</code><br><br><a href="https://threatpost.com/spotify-wrapped-2020-rollout-pop-star-hacks/161811/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17059">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:42:41">
20:42
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Cybersecurity in the Biden Administration: Experts Weigh In 🕴</strong><br><br><code>Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a &quot;return to normal.&quot;</code><br><br><a href="https://www.darkreading.com/threat-intelligence/cybersecurity-in-the-biden-administration-experts-weigh-in/d/d-id/1339598?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17060">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:42:42">
20:42
       </div>

       <div class="text">
<strong>🕴 Open Source Flaws Take Years to Find But Are Quick to Fix 🕴</strong><br><br><code>Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.</code><br><br><a href="https://www.darkreading.com/application-security/open-source-flaws-take-years-to-find-but-are-quick-to-fix/d/d-id/1339597?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17061">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:19">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29280 ‼</strong><br><br><code>The Victor CMS v1.0 application is vulnerable to SQL injection via the &apos;search&apos; parameter on the search.php page.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29280">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17062">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:20">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29287 ‼</strong><br><br><code>An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29287">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17063">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:21">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29282 ‼</strong><br><br><code>SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29282">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17064">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:22">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29284 ‼</strong><br><br><code>The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29284">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17065">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:23">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29285 ‼</strong><br><br><code>SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29285">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17066">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:24">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29283 ‼</strong><br><br><code>An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29283">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17067">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:25">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29288 ‼</strong><br><br><code>An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter &apos;id&apos; is vulnerable.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29288">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17068">

      <div class="body">

       <div class="pull_right date details" title="02.12.2020 20:55:26">
20:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-29279 ‼</strong><br><br><code>PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29279">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message service" id="message-697">

      <div class="body details">
3 December 2020
      </div>

     </div>

     <div class="message default clearfix" id="message17069">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 03:55:39">
03:55
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-26246 ‼</strong><br><br><code>Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify &amp; create website settings without having the appropriate permissions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26246">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17070">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 08:26:48">
08:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Google Play Apps Remain Vulnerable to High-Severity Flaw ❌</strong><br><br><code>Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge.</code><br><br><a href="https://threatpost.com/google-play-apps-remain-vulnerable-to-high-severity-flaw/161785/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17071">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 10:43:09">
10:43
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 Google Security Researcher Develops &apos;Zero-Click&apos; Exploit for iOS Flaw 🕴</strong><br><br><code>A new patched memory corruption vulnerability in Apple&apos;s AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.</code><br><br><a href="https://www.darkreading.com/mobile/google-security-researcher-develops-zero-click-exploit-for-ios-flaw/d/d-id/1339599?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17072">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 10:55:58">
10:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-5676 ‼</strong><br><br><code>GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5676">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17073">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 10:55:59">
10:55
       </div>

       <div class="text">
<strong>‼ CVE-2020-5677 ‼</strong><br><br><code>Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5677">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17074">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 10:56:00">
10:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-5638 ‼</strong><br><br><code>Cross-site scripting vulnerability in desknet&apos;s NEO (desknet&apos;s NEO Small License V5.5 R1.5 and earlier, and desknet&apos;s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5638">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17075">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 10:56:01">
10:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-5678 ‼</strong><br><br><code>Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5678">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17076">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 10:56:02">
10:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-5680 ‼</strong><br><br><code>Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5680">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17077">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 10:56:03">
10:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-5679 ‼</strong><br><br><code>Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5679">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17078">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 11:26:54">
11:26
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Code42 Incydr Series: Honing in on High-Risk Users with Code42 Incydr ❌</strong><br><br><code>Incydr lets you monitor your high-risk users without impeding their ongoing work.</code><br><br><a href="https://threatpost.com/code42-incydr-series-honing-in-on-high-risk-users-with-code42-incydr/161626/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17079">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 11:56:56">
11:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>❌ Clop Gang Makes Off with 2M Credit Cards from E-Land ❌</strong><br><br><code>The ransomware group pilfered payment-card data and credentials for over a year, before ending with an attack last month that shut down many of the South Korean retailer’s stores.</code><br><br><a href="https://threatpost.com/clop-gang-2m-credit-cards-eland/161833/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17080">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 12:13:09">
12:13
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>🕴 From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now 🕴</strong><br><br><code>CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.</code><br><br><a href="https://www.darkreading.com/vulnerabilities---threats/from-fud-to-fix-why-the-ciso-vendor-partnership-needs-to-change-now/a/d-id/1339565?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple">📖 Read</a><br><br>via &quot;<em>Dark Reading</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17081">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 12:26:56">
12:26
       </div>

       <div class="text">
<strong>❌ As Modern Mobile Enables Remote Work, It Also Demands Security ❌</strong><br><br><code>Smartphones, tablets, collaboration apps and other modern framework tools are critical to maintaining productivity remotely, but they also demand an integrated security strategy purpose-built for mobile devices. The coronavirus pandemic has completely upended the way we work, educate and socialize. Soon after the rapid onset of the virus, organizations were forced to fully adopt work-from-home […]</code><br><br><a href="https://threatpost.com/mobile-remote-work-security/161842/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17082">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 12:32:27">
12:32
       </div>

       <div class="text">
<strong>⚠ S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast] ⚠</strong><br><br><code>Latest episode - listen now!</code><br><br><a href="https://nakedsecurity.sophos.com/2020/12/03/s3-ep9-gift-card-hacks-dubious-doorbells-and-wi-fi-tips-podcast/">📖 Read</a><br><br>via &quot;<em>Naked Security</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17083">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 12:56:06">
12:56
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-6017 ‼</strong><br><br><code>Valve&apos;s Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6017">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17084">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 12:56:07">
12:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-6021 ‼</strong><br><br><code>Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6021">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17085">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 12:56:08">
12:56
       </div>

       <div class="text">
<strong>‼ CVE-2020-6111 ‼</strong><br><br><code>An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6111">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17086">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 12:56:09">
12:56
       </div>

       <div class="text">
<strong>❌ Cyberattacks Target COVID-19 Vaccine ‘Cold-Chain’ Orgs ❌</strong><br><br><code>Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.</code><br><br><a href="https://threatpost.com/attacks-covid-cold-chain-orgs/161838/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17087">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 13:02:10">
13:02
       </div>

       <div class="text">
<strong>🦿 Popular Android apps still vulnerable to patched security flaw 🦿</strong><br><br><code>Cybercriminals can exploit the at-risk apps to steal login credentials, passwords, financial details, and text messages, says Check Point.</code><br><br><a href="https://www.techrepublic.com/article/popular-android-apps-still-vulnerable-to-patched-security-flaw/#ftag=RSS56d97e7">📖 Read</a><br><br>via &quot;<em>Tech Republic</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix" id="message17088">

      <div class="pull_left userpic_wrap">

       <div class="userpic userpic4" style="width: 42px; height: 42px">

        <div class="initials" style="line-height: 42px">
?
        </div>

       </div>

      </div>

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:13">
14:25
       </div>

       <div class="from_name">
🛡 Cybersecurity &amp; Privacy news 🛡 
       </div>

       <div class="text">
<strong>‼ CVE-2020-2320 ‼</strong><br><br><code>Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2320">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17089">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:14">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-28937 ‼</strong><br><br><code>OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient&apos;s medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28937">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17090">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:15">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-2324 ‼</strong><br><br><code>Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2324">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17091">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:17">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-2322 ‼</strong><br><br><code>Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2322">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17092">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:18">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-28939 ‼</strong><br><br><code>OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28939">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17093">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:19">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-14318 ‼</strong><br><br><code>A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14318">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17094">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:21">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-2321 ‼</strong><br><br><code>A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2321">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17095">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:22">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-2323 ‼</strong><br><br><code>Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-2323">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17096">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:25:23">
14:25
       </div>

       <div class="text">
<strong>‼ CVE-2020-28938 ‼</strong><br><br><code>OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users.</code><br><br><a href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28938">📖 Read</a><br><br>via &quot;<em>National Vulnerability Database</em>&quot;.
       </div>

      </div>

     </div>

     <div class="message default clearfix joined" id="message17097">

      <div class="body">

       <div class="pull_right date details" title="03.12.2020 14:26:11">
14:26
       </div>

       <div class="text">
<strong>❌ Reverse Engineering Tools: Evaluating the True Cost ❌</strong><br><br><code>Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.</code><br><br><a href="https://threatpost.com/hex-rays-reverse-engineering-tools-evaluating-the-true-cost/161767/">📖 Read</a><br><br>via &quot;<em>Threat Post</em>&quot;.
       </div>

      </div>

     </div>

     <a class="pagination block_link" href="messages18.html">
Next messages
     </a>

    </div>

   </div>

  </div>

 </body>

</html>