CISA Warns of Holiday Online Shopping Scams

Subscribe to Newsletters

Get Your Pass | Interop Digital December 3rd FREE Event
Interop Digital December 3rd FREE Event on Cloud & Networking

More Informa Tech Live Events

White Papers

Why Chatbots Are So Popular Right Now

Fact-Check Your Ransomware Assumptions

5 Key Steps for Assessing Your Security Effectiveness

Are Unprotected Cloud Databases Leaking Your Data?

How to Manage Third-Party Digital Risk

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

2021 Top Enterprise IT TrendsWe’ve identified the key trends that are poised to impact the IT landscape in 2021. Find out why they’re important and how they will affect you today!

Back Issues | Must Reads

Flash Poll

All Polls

The Malware Threat Landscape
Download this report to learn about the real makeup of online threats, as reported by the defenders who see them every day.

Download Now!

How Data Breaches Affect the Enterprise (2020)

0 comments

How IT Security Organizations are Attacking the Cybersecurity Problem

0 comments

Special Report: Understanding Your Cyber Attackers

0 comments

More Reports

Twitter Feed

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database
CVE-2020-25159
PUBLISHED: 2020-11-24

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

CVE-2020-25654
PUBLISHED: 2020-11-24

An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu…

CVE-2020-28329
PUBLISHED: 2020-11-24

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.

CVE-2020-29053
PUBLISHED: 2020-11-24

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

CVE-2020-25640
PUBLISHED: 2020-11-24

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

The post CISA Warns of Holiday Online Shopping Scams appeared first on Malware Devil.

https://malwaredevil.com/2020/11/24/cisa-warns-of-holiday-online-shopping-scams/?utm_source=rss&utm_medium=rss&utm_campaign=cisa-warns-of-holiday-online-shopping-scams