Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)
Vendor: Pulse Secure
Vendor URL: https://www.pulsesecure.net/
Versions affected: Pulse Connect Secure (PCS) 9.1Rx or below, Pulse Policy Secure (PPS) 9.1Rx or below
Systems Affected: Pulse Connect Secure (PCS) Appliances
Authors: Richard Warren -...
Facebook Debuts Bug-Bounty ‘Loyalty Program’
Facebook bounty hunters will be placed into tiers by analyzing their score, signal and number of submitted bug reports — which will dictate new bonus percentages.
Facebook...
Fitbit Spyware Steals Personal Data via Watch Face
Immersive Labs Researcher takes advantage of lax Fitbit privacy controls to build a malicious spyware watch face.
A wide-open app-building API would allow an attacker to build a malicious...
Hunting for exploits by looking for the author’s fingerprints
Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints
Research by: Itay Cohen, Eyal Itkin
In the past months, our Vulnerability and Malware Research teams joined efforts...
Exploit for Firefox 68 on Android Local Area Network SSDP Screencast
Firefox for Android LAN-Based Intent Triggering
Exploit research and development by Chris Moberly (Twitter: @init_string)
Overview
The SSDP engine in Firefox for Android (68.11.0 and below) can be tricked into triggering Android...
Magento Based Stores See Biggest Attack Due to 0day flaw
Well-known cybersecurity expert and founder of Sanguine Security (SanSec) Willem de Groot (Willem de Groot) warned of the largest ever campaign aimed at compromising online stores based on the e-commerce platform...
Zero Day Survival Guide | Everything You Need to Know Before Day One
by SentinelOne
Zero day. Perhaps the most frightening words for any IT leader to hear. For security researchers, zero days are one of the more fascinating topics, the crown jewel of...
Over 61% of Exchange servers vulnerable to CVE-2020-0688 attacks
By Pierluigi Paganini
More than 247,000 Microsoft Exchange servers are still vulnerable to attacks exploiting the CVE-2020-0688 RCE issue impacting Exchange Server.
The CVE-2020-0688 vulnerability resides in the Exchange Control Panel (ECP) component, the root...
Critical TeamViewer Vulnerability Can Leads To Password Exfiltration
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.
About TeamViewer
TeamViewer is an application developed by...
Windows Vulnerability Allows Malware To Run With Admin Rights
Security researchers have discovered a workaround for a Microsoft Print Services vulnerability patch ( CVE-2020-1048 ) that allows attackers to execute malicious code with elevated privileges.
The vulnerability was discovered by experts Peleg Hadar and Tomer...