Oracle Issues Out-of-Band Update for Remote-Access Vulnerability
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2020-26211PUBLISHED: 2020-11-03
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs...
Securing the 2020 Election: ‘We’re Not Out of the Woods Yet’
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.Election Day in the US followed an unprecedented season of...
Windows Zero-Day Used with Chrome Flaw in Targeted Attacks
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.Researchers with Google's Project Zero have disclosed a vulnerability in...
New Tools Make North Korea’s Kimsuky Group More Dangerous
Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.Kimsuky — a dangerous North Korean threat group that the Department of Homeland Security (DHS) last week warned...
Rising Ransomware Breaches Underscore Cybersecurity Failures
Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.Healthcare organizations are once...
Microsoft Warns of Ongoing Attacks Exploiting Zerologon
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.Microsoft today warned of continued attack activity exploiting Zerologon (CVE-2020-1472), a...
JavaScript Obfuscation Moves to Phishing Emails
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.JavaScript, the ubiquitous scripting language used across Web applications worldwide,...
Hackers Make Off With Millions From Wisconsin Republicans
Enterprise VulnerabilitiesFrom DHS/US-CERT's National Vulnerability Database
CVE-2020-27652PUBLISHED: 2020-10-29Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via...
McAfee Launches XDR, Browser Isolation, Cloud App Security Tools
New additions are built to help organizations better respond to threats and protect applications and data in the cloud. McAfee today released multiple new security products during its MPOWER...
6 Ways Passwords Fail Basic Security Tests
New data shows humans still struggle with password creation and management.1 of 7
Humans are good at some things, like eating too many potato chips or getting annoying songs stuck...