CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. Read More
CVE-2020-10728
A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user...
CVE-2020-10710
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with...
“Evil PLC Attack” weaponizes PLCs to infect engineering workstations
Most attack scenarios against industrial installations, whether in manufacturing or in critical infrastructure, focus on compromising programmable logic controllers (PLCs) to tamper with the physical...
When Efforts to Contain a Data Breach Backfire
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on...
Two Additional Malicious Python Libraries Found on PyPI Repository
The new packages were masquerading as one of the most popular open-source packages on PyPI Read More
Healthcare Provider Issues Warning After Tracking Pixels Leak Patient Data
The leak was caused by incorrect configurations of an online tracking tool from Meta Read More
New Attack Weaponizes PLCs to Hack Enterprise and OT Networks
The research resulted in proof-of-concept exploits against seven market-leading automation firms Read More
#DEFCON: Electrovolt Exploits Against Electron Desktop Apps Exposed
Electron-based desktop application including Discord, Microsoft Teams and VScode were at risk from a series of vulnerabilities Read More
#DEFCON: How US Teen RickRolled His High School District
American teenager explains how he was able to hack his local high school district Read More