MacOS Bug Could Let Creeps Snoop On You
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab...
Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
Guardicore security researcher Amit Serper has...
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers...
Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
Flaws impacting millions of internet of things (IoT) devices running...
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
CloudLinux’ security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code...
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
A...
Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)
Current Vendor: Jitsi
Vendor URL: https://jitsi.org
Versions affected: 1.x.x
Systems Affected: Jitsi Meet Electron
Authors: Robert Wessen robertwessennccgroupcom
CVE Identifier: CVE-2020-27161
Risk: 5.3 (Medium) AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary & Impact
Jitsi Meet Electron includes apparent debugging code which ignores...
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked.
Microsoft was quick to respond...
Cyberattackers Exploiting Critical WordPress Plugin Bug
The security hole in the Plus Addons for Elementor plugin was used in active zero-day attacks prior to a patch being issued.
The Plus Addons for Elementor plugin for WordPress...
Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)
Vendor: containerd Project
Vendor URL: https://containerd.io/
Versions affected: 1.3.x, 1.2.x, 1.4.x, others likely
Systems Affected: Linux
Author: Jeff Dileo
CVE Identifier: CVE-2020-15257
Advisory URL: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
Risk: High (full root container escape for a common container configuration)
containerd...