Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy
Google’s Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden’s presidential campaign.
Hackers sent Joe Biden’s presidential campaign staffers malicious...
Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
Microsoft has issued out-of-band patches for two “important” severity vulnerabilities, which if...
Critical Magento Holes Open Online Shops to Code Execution
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
Two critical flaws in Magento –...
TikTok Launches Bug Bounty Program Amid Security Snafus
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
TikTok has expanded its vulnerability disclosure policy to...
There’s A Hole In Your SoC: Glitching The MediaTek BootROM
This research was conducted by our intern Ilya Zhuravlev, who has returned to school but will be rejoining our team after graduation, and was advised by Jeremy Boone of...
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in.
A critical security bug in the SonicWall VPN portal can be used to crash the device...
Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.
Companies worldwide have continued to receive...
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes
Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.
Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which...
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
There were 11 critical bugs and six that were unpatched but publicly known in this month’s regularly scheduled Microsoft updates.
Microsoft has pushed out fixes for 87 security vulnerabilities in...
Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
Vendor: Lansweeper Software
Vendor URL: https://www.lansweeper.com/
Versions affected: 8.0.130.17 known affected versions, others likely
Systems Affected: Windows 10
Authors: Joshua Dow , Daniel King
Advisory URL / CVE Identifier: CVE-2020-13658
Risk: High
Summary:
Lansweeper is an...