RSS Trending Cyber News

RSS Vulnerabilities

  • [Bug 1867261] EPEL7 nginx package contains CVEs and it's two major versions behind.
    EPEL7 currently includes nginx 1.16.1, which is vulnerable to multiple CVS including CVE-2019-20372 and which will not be patched upstream due to being EOL. Version 1.18.0 is the stable version available that has CVEs patched. Version-Release number of selected component (if applicable): nginx.x86_64 1:1.
  • SBA Inspector General Management Alert And FinCEN Advisory Highlight Banks’ Role In Combating COVID-19 Loan Fraud | Vinson & Elkins LLP | #coronavirus | #scams | #covid19
    The SBA’s EIDL Program. An Overview of the EIDL Program. The EIDL program provides low-interest loans directly from the SBA to small businesses, small agricultural cooperatives, and most private nonprofit organizations that suffer “substantial economic injury” in a declared “disaster area.
  • Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
    The faulty Qualcomm component is the mobile chip giant’s Snapdragon SoC and the Hexagon architecture. Hexagon a brand name for Qualcomm’s digital signal processor (DSP), part of the SoC’s microarchitecture. DSP controls the processing of real-time request between the Android user environment and the....
  • CVE-2017-3881 (ios, ios_xe)
    Current Description. A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
  • CVE-2020-15113 (etcd)
    Current Description. In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll.
  • 4 Points in Understanding China’s Goal for Meddling in US Elections
    Chinese President Xi Jinping looks on as Chinese soldiers carry the Chinese flag during a medal presentation ceremony in the Great Hall of the People in Beijing on June 8, 2018. (Photo: Greg Baker/AFP/Getty Images) FBI Director Christopher Wray reportedly provided a detailed classified briefing to....
  • Low CVE-2020-7298: Mcafee Total protection
    https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103062 ....
  • Medium CVE-2020-15132: SULU SULU
    Description: In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user […]
  • 400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
    . Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones. Security researchers have discovered more than 400 pieces of vulnerable code inside the Qualcomm Snapdragon digital signal processor (DSP) chip that powers millions of....
  • Уязвимость в чипах Qualcomm и MediaTek, позволяющая перехватить часть трафика WPA2
    Исследователи из компании Eset выявили новый вариант (CVE-2020-3702) уязвимости Kr00k , применимый к беспроводным чипам Qualcomm и MediaTek. Как и первый вариант , которому были подвержены чипы Cypress и Broadcom, новая уязвимость позволяет дешифровать перехваченный Wi-Fi трафик, защищённый с использованием протокола WPA2.

RSS Threats and Incidents

  • [Bug 1867261] EPEL7 nginx package contains CVEs and it's two major versions behind.
    EPEL7 currently includes nginx 1.16.1, which is vulnerable to multiple CVS including CVE-2019-20372 and which will not be patched upstream due to being EOL. Version 1.18.0 is the stable version available that has CVEs patched. Version-Release number of selected component (if applicable): nginx.x86_64 1:1.
  • SBA Inspector General Management Alert And FinCEN Advisory Highlight Banks’ Role In Combating COVID-19 Loan Fraud | Vinson & Elkins LLP | #coronavirus | #scams | #covid19
    The SBA’s EIDL Program. An Overview of the EIDL Program. The EIDL program provides low-interest loans directly from the SBA to small businesses, small agricultural cooperatives, and most private nonprofit organizations that suffer “substantial economic injury” in a declared “disaster area.
  • Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
    The faulty Qualcomm component is the mobile chip giant’s Snapdragon SoC and the Hexagon architecture. Hexagon a brand name for Qualcomm’s digital signal processor (DSP), part of the SoC’s microarchitecture. DSP controls the processing of real-time request between the Android user environment and the....
  • CVE-2017-3881 (ios, ios_xe)
    Current Description. A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
  • CVE-2020-15113 (etcd)
    Current Description. In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll.
  • 4 Points in Understanding China’s Goal for Meddling in US Elections
    Chinese President Xi Jinping looks on as Chinese soldiers carry the Chinese flag during a medal presentation ceremony in the Great Hall of the People in Beijing on June 8, 2018. (Photo: Greg Baker/AFP/Getty Images) FBI Director Christopher Wray reportedly provided a detailed classified briefing to....
  • Low CVE-2020-7298: Mcafee Total protection
    https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS103062 ....
  • Medium CVE-2020-15132: SULU SULU
    Description: In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that this user […]
  • 400+ Qualcomm Chip Vulnerabilities Threaten Millions of Android Phones
    . Security researchers found hundreds of pieces of vulnerable code in the Qualcomm Snapdragon chips powering Android phones. Security researchers have discovered more than 400 pieces of vulnerable code inside the Qualcomm Snapdragon digital signal processor (DSP) chip that powers millions of....
  • Уязвимость в чипах Qualcomm и MediaTek, позволяющая перехватить часть трафика WPA2
    Исследователи из компании Eset выявили новый вариант (CVE-2020-3702) уязвимости Kr00k , применимый к беспроводным чипам Qualcomm и MediaTek. Как и первый вариант , которому были подвержены чипы Cypress и Broadcom, новая уязвимость позволяет дешифровать перехваченный Wi-Fi трафик, защищённый с использованием протокола WPA2.