Day: July 3, 2020

Bolt CMS <= 3.7.0 Multiple Vulnerabilities – CSRF to RCE

By mootiny

Posted by Sivanesh Ashok on Jul 03##########################################################################
# Bolt CMS <= 3.7.0 Multiple Vulnerabilities #
##########################################################################

Author – Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2020-03-24
Vendor : https://bolt.cm/
Version : <= 3.7.0
CVE : CVE-2020-4040, CVE-2020-4041
Last Modified: 2020-07-03

–[ Table… …

[SYSS-2020-011] Apple iOS – Exposure of Resource to Wrong Sphere (CWE-668)

By mootiny

Posted by Philipp Buchegger on Jul 03Advisory ID: SYSS-2020-011
Product: Apple iOS
Manufacturer: Apple Inc.
Affected Version(s): 13.3.1, 13.5.1
Tested Version(s): 13.3.1, 13.5.1
Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2020-03-23
Solution Date: –
Public Disclosure: 2020-07-02
CVE Reference: Not yet assigned
Author of Advisory: Philipp Buchegger, SySS GmbH… …

[CVE-2020-11882] o2 Business for Android “canvasm.myo2.SplashActivity” <= 1.2.0 Open Redirect

By mootiny

Posted by Julien Ahrens (RCE Security) on Jul 03RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: o2 Business for Android
Vendor URL: https://play.google.com/store/apps/details?id=telefonica.de.o2business
Type: Open Redirect [CWE-601]
Date found: 2020-04-16
Date published: 2020-07-01
CVSSv3 Score: 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVE: CVE-2020-11882

2. CREDITS
==========
This… …

CVE-2019-19935 – DOM XSS in Froala WYSIWYG HTML Editor

By mootiny

Posted by Advisories on Jul 03#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Froala WYSIWYG HTML Editor
# Vendor: Froala
# CSNC ID: CSNC-2020-004
# CVE ID: CVE-2019-19935
# Subject: DOM XSS in Froala WYSIWYG HTML Editor
# Severity: Medium
# Effect: Remotely exploitable
# Author: Emanuel… …

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

By mootiny

In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized…

Fighting BEC and EAC: Why whack-a-mole won’t work

By mootiny

No organisation is immune: Nearly nine in ten experienced these attacks last year Sponsored  Business Email Compromise (BEC) and Email Account Compromise (EAC) are the most expensive cyber threats facing businesses around the globe. The FBI’s Internet Crime Complaint Center (IC3) reports that both scams have resulted in worldwide losses of $26 billion since 2016 – with $1.7 billion in the last year alone.… …