Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards
Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective...
PCRE vulnerability CVE-2020-14155
PCRE vulnerability CVE-2020-14155 Security Advisory Security Advisory Description libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (? C substring. (CVE-2020-14155)
Cisco Small Business RV Series Routers Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on...
jQuery vulnerability CVE-2020-11023
jQuery vulnerability CVE-2020-11023 Security Advisory Security Advisory Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements ...
jQuery vulnerability CVE-2020-11022
jQuery vulnerability CVE-2020-11022 Security Advisory Security Advisory Description In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even ...
Microsoft Joins Open Source Security Foundation
Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at...
Multiple QEMU vulnerabilities CVE-2020-13791, CVE-2020-13800, CVE-2020-15469, CVE-2020-15859, and CVE-2020-15863
Multiple QEMU vulnerabilities CVE-2020-13791, CVE-2020-13800, CVE-2020-15469, CVE-2020-15859, and CVE-2020-15863 Security Advisory Security Advisory Description CVE-2020-13791 hw/pci/pci.c in QEMU ...
Vulnerability Summary for the Week of July 27, 2020
Original release date: August 3, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...
Chinese Malicious Cyber Activity
Original release date: August 3, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant—referred as TAIDOOR—used by the Chinese government. In addition, U.S. Cyber...
MAR-10292089-1.v1 – Chinese Remote Access Trojan: TAIDOOR
Original release date: August 3, 2020This product is provided subject to this Notification and this Privacy & Use policy.
Kreditplus – 768,890 breached accounts
In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and...
TrueFire – 599,667 breached accounts
In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and unsalted MD5 password hashes. The data was provided...
집꾸미기 – 1,298,651 breached accounts
In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr, the exposed data included email addresses, names, usernames and phone numbers, all...
Vakinha – 4,775,203 breached accounts
In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcrypt hashes, all of which...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Trustpoint Configuration Defaults
Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software can be configured for certificate authentication in remote access VPN deployments.
An external researcher has identified several misconfigured Cisco ASA and FTD Software remote access devices where...
Havenly – 1,369,180 breached accounts
In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all...
Swvl – 4,195,918 breached accounts
In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos and passwords stored as bcrypt hashes, all...
Cisco SD-WAN Solution Software Buffer Overflow Vulnerability
A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to...
Black Hat 2020: See you in the Cloud!
It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers...
BIG-IP Edge Client for Windows vulnerability CVE-2020-5897
BIG-IP Edge Client for Windows vulnerability CVE-2020-5897 Security Advisory Security Advisory Description A use-after-free memory vulnerability exists in the BIG-IP Edge Client Windows ActiveX ...
6 Dangerous Defaults Attackers Love (and You Should Know)
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue
GreyNoise Intelligence, a startup focused on helping security teams reduce alert fatigue, has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that...
Tampa Teenager Accused in Twitter Hack Pleads Not Guilty
A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud.
read more
Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates
Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities.
read more
EU launching deep probe into Google’s planned $2.1 billion Fitbit buy
Enlarge / Logo of Google is displayed on a smartphone by logo of Fitbit in Brussels, Belgium on August 4, 2020. (credit: Dursun Aydemir | Andalou Agency | Getty Images)
Regulators in the European Union are launching...
