Microsoft Tackles 123 Fixes for July Patch Tuesday
Threatpost - 14 July 2020, 9:32 pm
Eighteen critical bugs, impacting Windows Server, Office and Outlook, were fixed as part of the patch roundup.Read More
Critical DNS Bug Opens Windows Servers to Infrastructure Hijacking
Threatpost - 14 July 2020, 7:01 pm
Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.Read More
Adobe Discloses Critical Code-Execution Bugs in July Update
Threatpost - 14 July 2020, 5:02 pm
The software giant released patches for four critical vulnerabilities and five different platforms.Read More
DMARC Adoption Spikes, Higher Ed Remains Behind
Threatpost - 14 July 2020, 2:46 pm
As colleges and universities prepare for the fall semester, email protections against surging threats like BEC and phishing are lagging.Read More
RATicate malware gang goes commercial
Naked Security - 14 July 2020, 1:10 pm
O, what tangled code we weave, when first we practise to deceive!Read More
Most Companies Are Ignoring Your Most Vulnerable Endpoint…and It’s Not the Laptop
Threatpost - 14 July 2020, 1:00 pm
Cybercriminals know that mobile devices are less secure, so it’s no surprise that last year Verizon found that 4 in 10 companies were breached through a mobile device.Read More
Leaked Details of 142 Million MGM Hotel Guests Found for Sale on Dark Web
Threatpost - 14 July 2020, 12:13 pm
Last summer’s data leak at the hotel chain appears to be far more expansive than previously thought — or the credentials could come from a hack of DataViper.Read More
Critical SAP Bug Allows Full Enterprise System Takeover
Threatpost - 14 July 2020, 11:45 am
Exploitation of the bug can allow an attacker to lift sensitive information, delete files, execute code, carry out sabotage and more.Read More
TrickBot Sample Accidentally Warns Victims They’re Infected
Threatpost - 13 July 2020, 5:09 pm
A data-stealing module in a recent sandboxed sample triggers browser-based fraud alerts for Trickbot victims — and shows something of the inner working of the malware’s operators.Read More
Secret Service Creates Cyber Fraud Task Forces
Threatpost - 13 July 2020, 4:01 pm
Traditional financial crime and cyberattacks are converging, requiring new skills and approaches to the problem, officials said.Read More
Digicert revokes a raft of web security certificates
Naked Security - 13 July 2020, 2:36 pm
The good news is that this was a bureaucratic necessity rather than an actual cybersecurity attack.Read More
A ‘New Age’ of Sophisticated Business Email Compromise is Coming
Threatpost - 13 July 2020, 1:00 pm
A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.Read More
Monday review – the hot stories of the week
Naked Security - 13 July 2020, 10:22 am
Get yourself up to date with everything we've written in the last seven days – it's weekly roundup time.Read More
Mozilla turns off “Firefox Send” following malware abuse reports
Naked Security - 8 July 2020, 2:16 pm
Sadly, the easier and safer you make your file sharing service, the more attractive it becomes to the crooks.Read More
Kinda sorta weakened version of EARN IT Act creeps closer
Naked Security - 8 July 2020, 10:46 am
Critics say the amended bill that’s headed for a full Senate hearing still threatens encryption, albeit less blatantly.Read More
Company web names hijacked via outdated cloud DNS records
Naked Security - 7 July 2020, 2:09 pm
Why hack into a server when you can just send vistors to a fake alternative instead?Read More
Flashy Nigerian Instagram star extradited to US to face BEC charges
Naked Security - 7 July 2020, 9:27 am
It’s a short jump from a Rolls Royce ride to extradition from the UAE. Goodbye, Dubai, goodbye, Palazzo Versace, hello, Chicago jail cell.Read More
Boston bans government use of facial recognition
Naked Security - 6 July 2020, 10:33 am
To help end systemic racism, we’ll stay away from an error-prone technology that’s been shown to have racial bias, the city council said.Read More
Monday review – the hot 11 stories of the week
Naked Security - 6 July 2020, 9:32 am
Get yourself up to date with everything we've written in the last seven days – it's weekly roundup time.Read More
Facebook hoaxes back in the spotlight – what to tell your friends
Naked Security - 3 July 2020, 3:05 pm
At the risk of giving you a feeling of déjà vu all over again, it’s time to talk about Facebook hoaxes once more.Read More

DoD gets new top uniformed cyber adviser
Fifth Domain - 14 July 2020, 1:24 am
The Pentagon has named a new senior military adviser for cyber policy to the undersecretary of defense for policy as well as the deputy principal cyber adviser to the defense secretary.Read More
Why military agencies must establish cybersecurity readiness now through Comply-to-Connect
Fifth Domain - 13 July 2020, 11:00 am
Katherine Gronberg argues readiness means forces can instantaneously know whether and how malicious cyber activity may have deceived, or even destroyed, systemsRead More
Cyber Command’s measure of success? Outcomes
Fifth Domain - 10 July 2020, 9:12 pm
U.S. Cyber Command officials said that when they examine whether any given operation or even when a strategy has been successful, they’re not looking at metrics, but rather outcomes.Read More
A new company-level unit to support information warfare
Fifth Domain - 9 July 2020, 1:27 am
The Army plans to launch a new company-level unit in fiscal 2021 to support information warfare efforts, according to military officials, with a contract already awarded to its parent battalion.Read More
Cyber Command will get a new version of its training platform this fall
Fifth Domain - 7 July 2020, 9:24 pm
The Persistent Cyber Training Environment is slated to deliver its second version to the cyber mission force by this fall.Read More
Former airman pleads guilty in scheme to offer information to Russia
Fifth Domain - 7 July 2020, 3:59 am
A West Virginia woman who previously served in the Air Force planned to offer top-secret information from the National Security Agency to the Russian government, prosecutors said Monday in announcing…Read More
Understanding Russia’s quest to rid itself of foreign tech
Fifth Domain - 7 July 2020, 12:28 am
Will a Russian rule requiring pre-approved software to be installed on devices promote domestic innovation? Perhaps, argues Justin Sherman, but perhaps not in the way Russia expects.Read More
The Navy aims to install cyber baselines aboard 180 ships
Fifth Domain - 1 July 2020, 1:38 am
The efforts come as the Navy continues to work to improve its cybersecurity after an assessment last year found the service lacked effective cyber hygiene.Read More
Senate wants more details on Cyber Command’s tools
Fifth Domain - 1 July 2020, 1:37 am
The Senate has issues with the way Cyber Command is developing and procuring its capabilities and platforms.Read More
Senators seek to cut Army cyber program for greater joint investment
Fifth Domain - 1 July 2020, 1:36 am
The Senate Armed Services Committee wants to cut funds from the Army’s Cyber Situational Understanding program.Read More
India must actively protect its air defense systems’ OODA loop
Fifth Domain - 30 June 2020, 3:46 pm
One of the crucial elements of India’s defensive capability that remains vulnerable is the OODA loop — observe, orient, decide and act — which is responsible for decision-making during times of…Read More
Three strategies to help the digital Air Force achieve takeoff
Fifth Domain - 30 June 2020, 2:00 pm
The Air Force must ask the question, “What data values do we want to definitely monitor?” and then expose those data values to their monitoring protocols.Read More
The Senate has questions about DISA’s network security system
Fifth Domain - 29 June 2020, 9:49 pm
Language in the Senate NDAA would bar funds from being spent to deploy a DISA network security platform on DoD’s SIPRNet.Read More
This training tool could be the answer to stop mass cyberattacks
Fifth Domain - 25 June 2020, 8:48 pm
At air bases across Europe, networks are under attack. But cyber operators from around the world are on the case.Read More
‘Lightning in her veins’: How Katie Arrington is convincing defense contractors to love cybersecurity
Fifth Domain - 25 June 2020, 8:08 pm
Katie Arrington is leading the Pentagon’s overhaul of cybersecurity requirements for defense contractors. Now she has to convince 300,000 companies to follow them.Read More
Pandemic doesn’t slow cyber training for the Army
Fifth Domain - 25 June 2020, 5:47 pm
The Army’s Cyber School has been largely unaffected from the global pandemic by using virtual learning tools it already had.Read More
Senate wants more clarity on cyber ops
Fifth Domain - 24 June 2020, 8:21 pm
The Senate’s version of the NDAA requires a formal framework for Cyber Command’s so-called hunt forward operations.Read More
Senate wants better threat sharing between Pentagon and industry
Fifth Domain - 24 June 2020, 7:52 pm
The Senate’s version of the National Defense Authorization Act includes several provisions to improve cybersecurity of the defense industrial base.Read More
Four ways the House wants military IT to improve
Fifth Domain - 24 June 2020, 12:54 am
A House draft of the National Defense Authorization Act directs the Pentagon’s CIO to take action on IT asset management and cyber workforce issues.Read More
House bill charges Guard, Reserve forces with defending the nation in cyberspace
Fifth Domain - 22 June 2020, 6:45 pm
Among several cyber items in a House subcommittee version of the NDAA are markups calling for the strengthening and better understanding of the National Guard and Reserve cyber components.Read More
What Cyber Command’s ISIS operations means for the future of information warfare
Fifth Domain - 19 June 2020, 1:09 am
The new commander of one of the Marine Corps’ information warfare units reveals how he will apply lessons learned from Cyber Command operations against the Islamic State group.Read More
Military members are disproportionately affected by cybercrime: Here’s why and how to avoid it
Fifth Domain - 16 June 2020, 8:41 pm
Cybercriminals are targeting America’s military personnel and families, but steps can be made to avoid becoming a victim.Read More
For the first time, Cyber Command’s major exercise will use new training platform
Fifth Domain - 16 June 2020, 2:15 pm
U.S. Cyber Command’s annual training exercise will rely entirely on a new platform this year, a move that will allow most participants to compete remotely.Read More
Army releases $1B cyber training request
Fifth Domain - 12 June 2020, 7:45 pm
The Army released the request for proposals for the Cyber TRIDENT contract, which includes the Persistent Cyber Training Environment (PCTE).Read More
Senate committee wants more cyber pilot programs
Fifth Domain - 11 June 2020, 7:23 pm
The Senate Armed Services Committee also wants to add new responsibilities to the Pentagon’s Principal Cyber Advisor as part of a broader effort to ensure cyber forces can meet new challenges.Read More

Tag:

penetration testing

How To Exploit Server-Side Request Forgery Vulnerabilities & Hack Servers

By Sunny Hoi March 17, 2020

By Sunny Hoi

In this tutorial, we illustrate how a threat actor could leverage the capabilities of a web server to be the means in the attack itself.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
How To Bypass Cloudflare WAF Using Command Injection Attack

By 1337pwn Staff February 27, 2020

By 1337pwn Staff

In this tutorial, we illustrate how a hacker can easily bypass Cloudflare WAF using a Command Injection attack vector that was publicly released by a security engineer.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
How Hackers Can Easily Bypass XSS Filters In Web Applications

By 1337pwn Staff February 7, 2020

By 1337pwn Staff

In this tutorial, we will illustrate some of the techniques that hackers may utilize in their malicious code to easily bypass the XSS filters in web applications.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
Testing Vulnerable Web Applications For Local File Inclusion, Server Side Request Forgery, Open Redirect, & Path Traversal

By Sunny Hoi March 8, 2020

By Sunny Hoi

In this tutorial, we will illustrate how to test vulnerable web applications for security vulnerabilities such as Local File Inclusion (LFI), Server Side Request Forgery (SSRF), Open Redirect, and Path Traversal.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
How To Hack vBulletin v5.0.0-v5.5.4 Using Remote Code Execution Exploit

By 1337pwn Staff October 25, 2019

By 1337pwn Staff

In this tutorial, we illustrate how a hacker can exploit a Remote Code Execution (RCE) vulnerability to hack a vBulletin forum.

1 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
How To Phish Users Using HEX Encoded Links & Bypass Office 365 Advanced Threat Protection

By 1337pwn Staff October 18, 2019

By 1337pwn Staff

In this tutorial, we will analyze how potential victims are fooled by convincing phishing emails that state that servers errors are delaying message delivery. The HEX Encoding technique permits hackers to bypass Microsoft Office 365 Advanced Threat Protection.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
How To Use Percent-Encoding To Bypass Secure Email Gateways

By 1337pwn Staff October 14, 2019

By 1337pwn Staff

In this tutorial, we will examine how hackers, nation-state actors, and cybercriminals use percent-encoding to deceive and bypass secure email gateways implemented by companies.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
How To Hack Webmin <= 1.920 Using Metasploit & Remote Code Execution

By Sunny Hoi August 19, 2019

By Sunny Hoi

In this tutorial, we are going to show you how a hacker can replicate an unauthenticated remote code execution using this exploit. More significantly, we are going to analyze the exploit via the Metasploit module.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
How Paige Adele Thompson Hacked Capital One Using A SSRF Attack

By Sunny Hoi August 23, 2019

By Sunny Hoi

In this tutorial, we will illustrate how a hacker can replicate the hacking of Capital One, in the way that Thompson did.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email
Enabling WordPress File Editors & Installers In wp-config.php After Hacking A Website

By Sunny Hoi August 16, 2019

By Sunny Hoi

In this tutorial, we will show you how a hacker can enable WordPress file editors & installers in wp-config.php after hacking a website, ultimately bypassing the security hardening done by the site administrator.

0 Twitter Pinterest Linkedin Tumblr Reddit Stumbleupon Whatsapp Telegram LINE Email

Load More Posts

Maskprocessor - High-Performance Word Generator With A Per-Position Configureable Charset
KitPloit - PenTest & Hacking Tools - 14 July 2020, 9:30 pm
High-Performance word generator with a per-position configureable charsetMask attackTry all…Read More
X64Dbg - An Open-Source X64/X32 Debugger For Windows
KitPloit - PenTest & Hacking Tools - 14 July 2020, 12:30 pm
An open-source binary debugger for Windows, aimed at malware analysis…Read More
DroneSploit - Drone Pentesting Framework Console
KitPloit - PenTest & Hacking Tools - 13 July 2020, 9:30 pm
This CLI framework is based on sploitkit and is an…Read More
Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily
KitPloit - PenTest & Hacking Tools - 13 July 2020, 12:30 pm
CLI tool and library to execute padding oracle attacks easily,…Read More
Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private
KitPloit - PenTest & Hacking Tools - 12 July 2020, 10:00 pm
A free and portable tool for controlling Windows 10’s many…Read More
Santa - A Binary Whitelisting/Blacklisting System For macOS
KitPloit - PenTest & Hacking Tools - 12 July 2020, 1:00 pm
Santa is a binary whitelisting/blacklisting system for macOS. It consists…Read More
FinDOM-XSS - A Fast DOM Based XSS Vulnerability Scanner With Simplicity
KitPloit - PenTest & Hacking Tools - 11 July 2020, 10:00 pm
FinDOM-XSS is a tool that allows you to finding for…Read More
ParamSpider - Mining Parameters From Dark Corners Of Web Archives
KitPloit - PenTest & Hacking Tools - 11 July 2020, 1:00 pm
ParamSpider : Parameter miner for humans.Key Features : Finds parameters…Read More
OWASP Threat Dragon - Cross-Platform Threat Modeling Application
KitPloit - PenTest & Hacking Tools - 10 July 2020, 9:30 pm
Threat Dragon is a free, open-source, cross-platform threat modeling application…Read More
GIVINGSTORM - Infection Vector That Bypasses AV, IDS, And IPS
KitPloit - PenTest & Hacking Tools - 10 July 2020, 12:30 pm
The beginnings of a C2 framework. Currently without all the…Read More

CVE-2020-14501 July 15, 2020
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
CVE-2020-14503 July 15, 2020
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
CVE-2020-14499 July 15, 2020
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
CVE-2020-14497 July 15, 2020
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
CVE-2020-14505 July 15, 2020
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (â€œcommand injectionâ€�) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.