On May 20, 2020, the National Vulnerability Database (NVD) published a new CVE—CVE-2020-9484. The vulnerability associated with CVE-2020-9484 allows any anonymous attacker with internet access to submit a malicious request to a Tomcat Server that has PersistentManager enabled using FileStore. This is not the default setup, but it can be configured by administrators in this way. Red Timmy Security wrote in detail about the vulnerability and exploit.
—–BEGIN PGP SIGNED MESSAGE—–
Ubuntu Security Notice USN-4382-1
June 04, 2020
Written by Shannon Vavra
Hackers linked with China and Iran have been sending malicious spearphishing emails to staff on Joe Biden and President Donald Trump’s campaigns respectively, according to a researcher with Google’s Threat Analysis Group.
Written by Shannon Vavra
BlackBerry and KPMG’s UK Cyber Response Services uncovered a new ransomware strain that uses an obscure file format to avoid detection, according to new research published Thursday.
The director of Identity and Access Management (IAM) is fundamentally responsible for ensuring controls are in place to protect access to sensitive assets within the organization. This includes all aspects of identity, access and authentication for the entire workforce and also applies to Privileged Access Management (PAM) – which is what we’ll be focusing on in this blog. Specific accountabilities within this role typically include setting strategy, defining a PAM-based risk framework, designing and implementing appropriate access controls and providing monitoring, reporting and mitigation strategies around overall risk.
Is it legal to buy stolen data from criminals? In most countries the answer would be no. But will it lead to a penalty or a fine? That is a different question and I’m afraid some companies and organizations will be inclined to seriously consider the last question even when they know the answer to the first one. Maybe we can at least agree that it is not ethical or recommended.
Snapchat is the latest social media company to take on the president, Fitbit gets approval for its emergency ventilator and we review the new Sonos soundbar.
The popularity of email as a collaboration tool shows no sign of abating. In fact, research group Radicati predicts that in 2020 the number of emails sent and received per day will exceed 306 billion. Also, with so many employees now working from home, organizations have never been so reliant on email to keep communication and productivity flowing.
Security researchers have discovered a new kind of ransomware that uses a little-known Java file format to make it more difficult to detect before it detonates its file-encrypting payload.
Games consoles and handhelds have always been an interesting battleground for hacking activities. The homebrew scene for using hardware in interesting ways has a long and varied history, especially where porting games to run on different platforms is concerned.
By Michael A. Greenberg, Product Marketing Manager, Security Platforms
Circa 2007, during a penetration test, I encountered an online shopping cart that exposed a variable containing a product’s price and it allowed for manipulation to lower the cart’s total. In early 2008, research was conducted to answer the question – just how many carts are vulnerable to such a trivial hack? At the time, PayPal had a Solutions Directory that listed online shopping carts that integrated with them for payment. Since this was an easy way to identify a large number of carts, a list of 136 carts was made and research began.
It’s time for June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.