Cybersecurity, BugTraq maybe won’t close
The whole Infosec community moved on Internet and Social Network to testify the importance of the mailing list. Then, Accenture spreaded an encouraging note.
Cybercrime, WebLogic Servers vulnerability used to install Cobalt Strike
SANS cybersecurity experts: Campaign exploits a chain of Powershell obfuscated scripts to download the malware. Probably it’s the work of a ransomware gang.
Cybersecurity, new severe RCE vulnerability on WebLogic Server
The company: It is remotely exploitable without authentication, letting remote attacker to take control of an affected system. Patch the CVE-2020-14750 now!
Cybercrime, threat actors continue to exploit CVE-2020-1472 vulnerability
Microsoft cybersecurity experts: It allows an elevation of privilege in Netlogon protocol. Update the systems now!
WordPress: New plugin vulnerability. This time it’s up to Realia
Cybersecurity Help: The flaw (CWE-284) exists due to an IDOR issue. A threat actor could send a specially crafted request with the post ID to delete arbitrary posts.
Cybersecurity, Microsoft SharePoint server has a new vulnerability
UK NCSC experts: It’s the CVE-2020-16952. It can be exploited when a user uploads a specially crafted application package to an affected version of SharePoint.
Cyber security, new RCE flaw on Microsoft Exchange Server
The researcher Steven Seeley: It’s due to improper validation of cmdlet arguments. Exploitation requires an authenticated user in a certain role. Patches have been released.
Cyber Security, BootHole put Windows and Linux devices at risk
Eclypsium: It’s a vulnerability in the GRUB2 bootloader, that hit devices using Secure Boot. Attackers can install persistent and stealthy bootkits or malware.
Cyber security, huge vulnerability discovered in F5 BIG-IP technologies
Yoroi-Cybaze experts: The flaw, the CVE-2020-5902, is caused by gaps in the management of particular HTTP requests by the TMUI management interface.
Cyber Security, zero-day vulnerability in Cisco RV042 and RV042G routers
CyCognito experts: A Cross-Site Scripting (XSS) flaw gives cybercrime can take control of a router administrator’s web configuration utility. The issue has been fixed with a patch.