Amazon walks back email requiring employees to remove Tik-Tok app from mobile devices
Amazon walks back email requiring employees to remove Tik-Tok app from mobile devices The popular app Tik-Tok has been banned (or at least heavily scrutinized) by many organizations, notably the US Government for privacy concerns related to data leakage back to China. The disclosure relates to the unauthorized usage of data placed on the clipboard […]
US Local Government Services Targeted by New Magecart Credit Card Skimming Attack
US Local Government Services Targeted by New Magecart Credit Card Skimming Attack Trend Micro reveals a credit card skimming attack on municipality websites that use Click2Gov and had MageCart vulnerabilities for their credit card payment systems. Organizations must be vigilant with vulnerability and patch management. These attacks are expected to continue. Link to story: US […]
MULTIPLE VULNERABILITIES IN NETGEAR PRODUCTS COULD ALLOW FOR REMOTE CODE EXECUTION
MULTIPLE VULNERABILITIES IN NETGEAR PRODUCTS COULD ALLOW FOR REMOTE CODE EXECUTION Summary: Netgear has published several vulnerabilities in their firmware that allow for remote code execution. Successful exploitation can result in the attacker gaining full control of the system. Failed attempts to exploit may cause Denial of Service. Customers are advised to upgrade immediately. We […]
A VULNERABILITY IN PALO ALTO PAN-OS COULD ALLOW FOR AUTHENTICATION BYPASS
A VULNERABILITY IN PALO ALTO PAN-OS COULD ALLOW FOR AUTHENTICATION BYPASS Summary: CVE-2020-2021 has been published regarding a vulnerability in PAN-OS that allows for authentication bypass. This issue is applicable only where SAML authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled (unchecked) in the SAML Identity Provider Server Profile. This vulnerability […]