Tuesday, August 4, 2020
MSRC

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

Security researchers are a vital component of the cybersecurity ecosystem that safeguards every facet of digital life and commerce. The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective...
F5 Networks

PCRE vulnerability CVE-2020-14155

PCRE vulnerability CVE-2020-14155 Security Advisory Security Advisory Description libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (? C substring. (CVE-2020-14155)
Cisco

Cisco Small Business RV Series Routers Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on...
F5 Networks

jQuery vulnerability CVE-2020-11023

jQuery vulnerability CVE-2020-11023 Security Advisory Security Advisory Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements ...
F5 Networks

jQuery vulnerability CVE-2020-11022

jQuery vulnerability CVE-2020-11022 Security Advisory Security Advisory Description In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even ...
MSRC

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at...
F5 Networks

Multiple QEMU vulnerabilities CVE-2020-13791, CVE-2020-13800, CVE-2020-15469, CVE-2020-15859, and CVE-2020-15863

Multiple QEMU vulnerabilities CVE-2020-13791, CVE-2020-13800, CVE-2020-15469, CVE-2020-15859, and CVE-2020-15863 Security Advisory Security Advisory Description CVE-2020-13791 hw/pci/pci.c in QEMU ...

Vulnerability Summary for the Week of July 27, 2020

Original release date: August 3, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...

Chinese Malicious Cyber Activity

Original release date: August 3, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant—referred as TAIDOOR—used by the Chinese government. In addition, U.S. Cyber...

MAR-10292089-1.v1 – Chinese Remote Access Trojan: TAIDOOR

Original release date: August 3, 2020This product is provided subject to this Notification and this Privacy & Use policy.
Have I Been Pwned

Kreditplus – 768,890 breached accounts

In June 2020, the Indonesian credit service Kreditplus suffered a data breach which exposed 896k records containing 769k unique email addresses. The breach exposed extensive personal information including names, family makeup, information on spouses, income and expenses, religions and...
Have I Been Pwned

TrueFire – 599,667 breached accounts

In February 2020, the guitar tuition website TrueFire suffered a data breach which impacted 600k members. The breach exposed extensive personal information including names, email and physical addresses, account balances and unsalted MD5 password hashes. The data was provided...
Have I Been Pwned

집꾸미기 – 1,298,651 breached accounts

In March 2020, the Korean interior decoration website ???? (Decorating the House) suffered a data breach which impacted almost 1.3 million members. Served via the URL ggumim.co.kr, the exposed data included email addresses, names, usernames and phone numbers, all...
Have I Been Pwned

Vakinha – 4,775,203 breached accounts

In June 2020, the Brazilian fund raising service Vakinha suffered a data breach which impacted almost 4.8 million members. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as bcrypt hashes, all of which...
Cisco

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Trustpoint Configuration Defaults

Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software can be configured for certificate authentication in remote access VPN deployments. An external researcher has identified several misconfigured Cisco ASA and FTD Software remote access devices where...
Have I Been Pwned

Havenly – 1,369,180 breached accounts

In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all...
Have I Been Pwned

Swvl – 4,195,918 breached accounts

In June 2020, the Egyptian bus operator Swvl suffered a data breach which impacted over 4 million members of the service. The exposed data included names, email addresses, phone numbers, profile photos and passwords stored as bcrypt hashes, all...
Cisco

Cisco SD-WAN Solution Software Buffer Overflow Vulnerability

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to...
MSRC

Black Hat 2020: See you in the Cloud!

It hardly feels like summer without the annual trip to Las Vegas for Black Hat USA. With this year’s event being totally cloud based, we won’t have the chance to catch up with security researchers, industry partners, and customers...
F5 Networks

BIG-IP Edge Client for Windows vulnerability CVE-2020-5897

BIG-IP Edge Client for Windows vulnerability CVE-2020-5897 Security Advisory Security Advisory Description A use-after-free memory vulnerability exists in the BIG-IP Edge Client Windows ActiveX ...

6 Dangerous Defaults Attackers Love (and You Should Know)

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
SecurityWeek

GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue

GreyNoise Intelligence, a startup focused on helping security teams reduce alert fatigue, has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that...
SecurityWeek

Tampa Teenager Accused in Twitter Hack Pleads Not Guilty

A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud. read more
SecurityWeek

Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates

Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities. read more

EU launching deep probe into Google’s planned $2.1 billion Fitbit buy

Enlarge / Logo of Google is displayed on a smartphone by logo of Fitbit in Brussels, Belgium on August 4, 2020. (credit: Dursun Aydemir | Andalou Agency | Getty Images) Regulators in the European Union are launching...