Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks

More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report...

SAS, sweet SAS

As you may already know from our social network posts, we have rescheduled the SAS 2020 conference for November 18-21 due to the COVID-19 pandemic and to ensure your safety. Though we still think that Barcelona is a great place to meet and it will not be a "real" SAS if we cannot hug, shake hands...

Joomla! access control error vulnerability (CNVD-2020-25678)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in Joomla! versions 3.8.8 through 3.9.16, which can be exploited by an attacker to make unauthorized...

Joomla! access control error vulnerability (CNVD-2020-25676)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An Access Control Error vulnerability exists in Joomla! versions prior to 3.9.17 that stems from an incorrect ACL check and can be exploited by an...

Who’s Behind the “Reopen” Domain Surge?

The past few weeks have seen a large number of new domain registrations beginning with the word "reopen" and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to "liberate" themselves fro...

CVE-2020-11704

An issue was discovered in ProVide formerly zFTPServer through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected via POST data. SetUserInfo is Stored via the general parameter...

COVID-19 Exploited by Malicious Cyber Actors

Summary This is a joint alert from the United States Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA and the United Kingdom’s National Cyber Security Centre NCSC. This alert provides information on exploitation by cybercriminal and advanced persistent...

Serious Exchange Flaw Still Plagues 350K Servers

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...

FIN6 and TrickBot Combine Forces in 'Anchor' Attacks

Researchers say, two cybercriminal groups, FIN6 and the operators of the TrickBot malware, have paired up together to target several organizations with TrickBot’s malware framework called “Anchor.” The two threat groups joining forces is a “new and dangerous twist” in an existing trend of...

A Brisk Private Trade in Zero-Days Widens Their Use

There were more zero-days exploited in 2019 than any of the previous three years, according to telemetry from FireEye Mandiant. The firm said that’s likely due to more zero-days coming up for sale by cyber-weapons dealers like NSO Group; a growing commercial market has made such tools much more...

openssl: side-channel weak encryption vulnerability

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...

LimeSurvey 4.1.11 Cross Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

LimeSurvey 4.1.11 - (Survey Groups) Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE :...

LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

LimeSurvey Cross-Site Scripting Vulnerability (CNVD-2020-35515)

LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program from the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection. The application/views/admin/surveysgroups/surveySettings.php and...

Unspecified Vulnerability in Apple iOS and iPadOS Messages Composition Component

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple iPadOS is an operating system for iPad tablets. messages Composition is one of the message editing components. A security vulnerability exists in the Messages Compositio...

CVE-2020-3890

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion...

Arbitrary file deletion

The issue was addressed with improved deletion. This issue is fixed in iOS 13.4 and iPadOS 13.4. Deleted messages groups may still be suggested as an autocompletion...

CVE-2020-11456

LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php aka survey groups...

PT-2020-12622 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue concerns stored XSS in certain files, specifically in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php, which is related to...