Aggregator

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part of the component JET Database Engine. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2020-0988. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Office 365 ProPlus/2010 SP2/2013 RT SP1/2013 SP1/2016. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2020-0991. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

He’s the latest Democrat who sits on an appropriations panel to sharply criticize CISA personnel reductions and proposed funding cuts.

The post Sen. Murphy: Trump administration has ‘illegally gutted funding for cybersecurity’ appeared first on CyberScoop.

Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. [...]

Criminals Extort School Employees After Vendor Paid for Data-Deletion Promise
Students, gather round for the sad story of how PowerSchool got schooled not once, but twice. Surprise: attackers who received a ransom payment in return for a promise to delete data they stole from PowerSchool pertaining to students and teachers didn't actually delete the data.

Not Just Ransomware But Verbal Disclosure of Personal Data Common, Watchdog Finds
Two decades after California Senate Bill 1386 introduced the world to data breach notifications, organizations have collectively battened down their cybersecurity hatches and fixed the problem once and for all. Of course, I'm joking, with the results of recent data breach root cause report in hand.

Exposes Details of Victims, 'Aggressive' Negotiations, Cryptocurrency Addresses
One year to the day after an international law enforcement operation unmasked and indicted the leader of the notorious LockBit ransomware group, a hacker has sent the group another love letter.

Also: Mango Markets Hacker Sentenced in CSAM Case
This week, Trump's crypto wealth, Mango Markets hacker sentenced for CSAM, Solana's zero-day fix, French police rescued a crypto millionaire's father from kidnappers, stolen bitcoin frozen, US FTC sued IML and Kraken spotted a North Korean job applicant.

Top Cyber Official Says CISA Wants to Eliminate Duplication and Increase Efficiency
The acting director of the Cybersecurity and Infrastructure Security Agency told a House appropriations subcommittee Thursday the nation's cyber defense agency was continuing to improve its ability to respond to growing threats from China despite budget cuts and looming workforce reductions.

A vulnerability, which was classified as critical, was found in Oracle Rapid Planning 12.1/12.2. This affects an unknown part of the component Installation. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2019-0227. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical has been found in Oracle Agile PLM 9.3.4/9.3.5. Affected is an unknown function of the component EM Integration. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2016-3556. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Oracle Agile PLM 9.3.4/9.3.5. Affected by this issue is some unknown functionality of the component PC/BOM/MCAD/Design. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2016-3554. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Agile PLM 9.3.4/9.3.5 and classified as critical. This issue affects some unknown processing of the component SDK. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2016-3561. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.