Difference between revisions of "Template:PSW652NewsPaulAsadoorian"

From Security Weekly Wiki
Jump to navigationJump to search
Line 19: Line 19:
 
#[https://nakedsecurity.sophos.com/2020/05/21/chrome-83-adds-dns-over-https-support-and-privacy-tweaks/ Chrome 83 adds DNS-over-HTTPS support and privacy tweaks]
 
#[https://nakedsecurity.sophos.com/2020/05/21/chrome-83-adds-dns-over-https-support-and-privacy-tweaks/ Chrome 83 adds DNS-over-HTTPS support and privacy tweaks]
 
#[https://www.helpnetsecurity.com/2020/05/21/signal-pins/ Signal fixes location-revealing flaw, introduces Signal PINs - Help Net Security]
 
#[https://www.helpnetsecurity.com/2020/05/21/signal-pins/ Signal fixes location-revealing flaw, introduces Signal PINs - Help Net Security]
#[https://www.securityweek.com/xss-open-redirect-vulnerabilities-patched-drupal XSS, Open Redirect Vulnerabilities Patched in Drupal | SecurityWeek.Com]
+
#[https://www.securityweek.com/xss-open-redirect-vulnerabilities-patched-drupal XSS, Open Redirect Vulnerabilities Patched in Drupal | SecurityWeek.Com] - This could be so much fun: ''a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.''
 
#[https://www.darkreading.com/risk/the-need-for-compliance-in-a-post-covid-19-world/a/d-id/1337840 The Need for Compliance in a Post-COVID-19 World]
 
#[https://www.darkreading.com/risk/the-need-for-compliance-in-a-post-covid-19-world/a/d-id/1337840 The Need for Compliance in a Post-COVID-19 World]
 
#[https://www.securityweek.com/zoom-provide-detailed-info-upcoming-end-end-encryption-feature Zoom to Provide Detailed Info on Upcoming End-to-End Encryption Feature | SecurityWeek.Com]
 
#[https://www.securityweek.com/zoom-provide-detailed-info-upcoming-end-end-encryption-feature Zoom to Provide Detailed Info on Upcoming End-to-End Encryption Feature | SecurityWeek.Com]

Revision as of 21:05, 21 May 2020

Articles

  1. vBulletin 5.6.1 - 'nodeId' SQL Injection - And it has been released! Please use it responsibly (and patch your systems).
  2. Online Healthcare Patient Record Management System 1.0 - Authentication Bypass - Wow, just wow: The login.php file allows a user to just supply ‘ or 1=1 – as a username and whatever password and bypass the authentication. Looks like this is a small project from an individual. We need to take the time to educate...
  3. Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit) - Interesting exploit, it does require authentication (but then allows for a root shell).
  4. SANS ISC - Malware Triage with FLOSS: API Calls Based Behavior | /dev/random - Really cool article, using FLAME to analyze potential malware samples.
  5. Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet
  6. Stored XSS in WP Product Review Lite plugin allows for automated takeovers
  7. 'Mandrake' Android Spyware Remained Undetected for 4 Years | SecurityWeek.Com
  8. The 3 Top Cybersecurity Myths & What You Should Know
  9. Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices | SecurityWeek.Com
  10. Enhanced Safe Browsing Protection now available in Chrome
  11. EasyJet data breach: 9 million customers affected - Help Net Security
  12. Vulnerability in Qmail mail transport agent allows RCE - Help Net Security
  13. Remote Code Execution Vulnerability Patched in VMware Cloud Director | SecurityWeek.Com
  14. Israel is suspected to be behind the cyberattack on Iranian port
  15. Vulnerabilities Exposed Hundreds of Thousands of QNAP NAS Devices to Attacks | SecurityWeek.Com
  16. ISC Releases Security Advisory for BIND | CISA
  17. Stealing Secrets from Developers using Websockets
  18. Chrome 83 adds DNS-over-HTTPS support and privacy tweaks
  19. Signal fixes location-revealing flaw, introduces Signal PINs - Help Net Security
  20. XSS, Open Redirect Vulnerabilities Patched in Drupal | SecurityWeek.Com - This could be so much fun: a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
  21. The Need for Compliance in a Post-COVID-19 World
  22. Zoom to Provide Detailed Info on Upcoming End-to-End Encryption Feature | SecurityWeek.Com
  23. Google Begins Encrypting Domain Name Lookups
  24. Microsoft: we were wrong about open source - How things change: Former Microsoft CEO Steve Ballmer famously branded Linux “a cancer that attaches itself in an intellectual property sense to everything it touches” back in 2001.
  25. Official reminds public to avoid touching other people's balls as crowd giggles