π SerialTweaker 1.1 π
π Go!
via "Security Tool Files β Packet Storm".
SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
SerialTweaker 1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π nfstream 3.2.2 π
π Go!
via "Security Tool Files β Packet Storm".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
nfstream 3.2.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2019-17026
π Read
via "National Vulnerability Database".
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.π Read
via "National Vulnerability Database".
β Monday review β the hot 23 stories of the week β
π Read
via "Naked Security".
From Chrome's mystery zero-day to why the EC has switched to Signal, get yourself up to date with everything we've written in the last week.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π 5G and IoT security: Why cybersecurity experts are sounding an alarm π
π Read
via "Security on TechRepublic".
Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.π Read
via "Security on TechRepublic".
TechRepublic
5G and IoT security: Why cybersecurity experts are sounding an alarm
Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.
β Facebook sues data analytics firm OneAudience over malicious SDK β
π Read
via "Naked Security".
Facebook says OneAudience paid developers to install its social-media-profile-looting SDK into their apps to get marketing data for clients.π Read
via "Naked Security".
Naked Security
Facebook sues data analytics firm OneAudience over malicious SDK
Facebook says OneAudience paid developers to install its social-media-profile-looting SDK into their apps to get marketing data for clients.
β Fresh phish! Stripe scam baked and delivered in under an hour β
π Read
via "Naked Security".
Less than an hour after the crooks registered their scamming domain, the phishing attack was under way.π Read
via "Naked Security".
Naked Security
Fresh phish! Stripe scam baked and delivered in under an hour
Less than an hour after the crooks registered their scamming domain, the phishing attack was under way.
β Ironpie robot vacuum can suck up your privacy β
π Read
via "Naked Security".
You might want to unplug this not-so-smart robot: researchers found they can watch video streams piped out from its security camera.π Read
via "Naked Security".
Naked Security
Ironpie robot vacuum can suck up your privacy
You might want to unplug this not-so-smart robot: researchers found they can watch video streams piped out from its security camera.
β Letβs Encrypt issues one billionth free certificate β
π Read
via "Naked Security".
Thanks to this flood of free certificates, the web is a lot more encrypted than it was a few years ago.π Read
via "Naked Security".
Naked Security
Letβs Encrypt issues one billionth free certificate
Thanks to this flood of free certificates, the web is a lot more encrypted than it was a few years ago.
π΄ What Disney+ Can Teach Businesses About Customer Security π΄
π Read
via "Dark Reading: ".
Businesses must prioritize customer protection by taking on some of the responsibility to prevent credential stuffing attacks through multipronged authentication and identity management.π Read
via "Dark Reading: ".
Dark Reading
What Disney+ Can Teach Businesses About Customer Security - Dark Reading
Businesses must prioritize customer protection by taking on some of the responsibility to prevent credential stuffing attacks through multipronged authentication and identity management.
ATENTIONβΌ New - CVE-2018-17058
π Read
via "National Vulnerability Database".
An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication.π Read
via "National Vulnerability Database".
β Walgreens Mobile App Leaks Prescription Data β
π Read
via "Threatpost".
A security error in the Walgreens mobile app may have leaked customers' full names, prescriptions and shipping addresses.π Read
via "Threatpost".
Threat Post
Walgreens Mobile App Leaks Prescription Data
A security error in the Walgreens mobile app may have leaked customers' full names, prescriptions and shipping addresses.
π΄ Name That Toon: Holy Cow! π΄
π Read
via "Dark Reading: ".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading: ".
Dark Reading
Name That Toon: Holy Cow!
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
π Morphisec is using the Windows 10 transition to help companies boost security π
π Read
via "Security on TechRepublic".
Morphisec combines the anti-virus protection in the new Microsoft OS with its own defenses against malware.π Read
via "Security on TechRepublic".
TechRepublic
Morphisec is using the Windows 10 transition to help companies boost security
Morphisec combines the anti-virus protection in the new Microsoft OS with its own defenses against malware.
β TrickBot Adds ActiveX Control, Hides Dropper in Images β
π Read
via "Threatpost".
The tricky trojan has evolved again, to stay a step ahead of defenders.π Read
via "Threatpost".
Threat Post
TrickBot Adds ActiveX Control, Hides Dropper in Images
The tricky trojan has evolved again, to stay a step ahead of defenders.
π΄ Tesla, SpaceX Parts Manufacturer Suffers Data Breach π΄
π Read
via "Dark Reading: ".
Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.π Read
via "Dark Reading: ".
Darkreading
Tesla, SpaceX Parts Manufacturer Suffers Data Breach
Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.
ATENTIONβΌ New - CVE-2019-12183
π Read
via "National Vulnerability Database".
Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-12580
π Read
via "National Vulnerability Database".
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-1583
π Read
via "National Vulnerability Database".
Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.π Read
via "National Vulnerability Database".
β RSAC: Keeping Smart Cities Safe From Hacks β
π Read
via "Threatpost".
As cities grow more connected, municipal operators must deal with new risks like ransomware, IoT hacks and more.π Read
via "Threatpost".
Threat Post
Forrester: Keeping Smart Cities Safe From Hacks
As cities grow more connected, municipal operators must deal with new risks like ransomware, IoT hacks and more.