π΄ New Ransomware Variant Developed Entirely as Shellcode π΄
π Read
via "Dark Reading: ".
PwndLocker is harder to detect than other crypto-malware, Crypsis Group says.π Read
via "Dark Reading: ".
Darkreading
New Ransomware Variant Developed Entirely as Shellcode
PwndLocker is harder to detect than other crypto-malware, Crypsis Group says.
β IWD: biometrics, machine learning, privacy and being a woman in tech β Naked Security Podcast β
π Read
via "Naked Security".
To celebrate International Women's Day we invite you to this all-female splinter episode.π Read
via "Naked Security".
Naked Security
IWD: biometrics, machine learning, privacy and being a woman in tech β Naked Security Podcast
To celebrate International Womenβs Day we invite you to this all-female splinter episode.
ATENTIONβΌ New - CVE-2016-11021
π Read
via "National Vulnerability Database".
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.π Read
via "National Vulnerability Database".
β Monday review β the hot 29 stories of the week β
π Read
via "Naked Security".
From an ultrasonic attack on Siri and Google Assistant to the guy who hacked back at tech support scammers - and everything in between.π Read
via "Naked Security".
Naked Security
Monday review β the hot 29 stories of the week
From an ultrasonic attack on Siri and Google Assistant to the guy who hacked back at tech support scammers β and everything in between.
β 99% of compromised Microsoft enterprise accounts lack MFA β
π Read
via "Naked Security".
Cybercriminals compromise over a million Microsoft enterprise accounts each month as too few customers use multi-factor authentication.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Now you need a notarized document to get a .gov domain β
π Read
via "Naked Security".
The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites.π Read
via "Naked Security".
Naked Security
Now you need a notarized document to get a .gov domain
The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites.
β Microsoft: Turn off Memory Integrity if itβs causing problems β
π Read
via "Naked Security".
Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π How to install and use the NordPass password manager on Linux π
π Read
via "Security on TechRepublic".
The makers of NordVPN have come out with a new version of their NordPass password manager. Find out how to install and use it.π Read
via "Security on TechRepublic".
TechRepublic
How to install and use the NordPass password manager on Linux
The makers of NordVPN have come out with a new version of their NordPass password manager. Find out how to install and use it.
π΄ Threat Awareness: A Critical First Step in Detecting Adversaries π΄
π Read
via "Dark Reading: ".
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.π Read
via "Dark Reading: ".
Darkreading
Threat Awareness: A Critical First Step in Detecting Adversaries
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
β One billion Android smartphones racking up security flaws β
π Read
via "Naked Security".
How long do Android devices continue to receive security updates after theyβre purchased? The answer is: barely two years.π Read
via "Naked Security".
Naked Security
One billion Android smartphones racking up security flaws
How long do Android devices continue to receive security updates after theyβre purchased? The answer is: barely two years.
π Cyberattackers are delivering malware by using links from whitelisted sites π
π Read
via "Security on TechRepublic".
Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures.π Read
via "Security on TechRepublic".
TechRepublic
Cyberattackers are delivering malware by using links from whitelisted sites
Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures.
β AMD Downplays CPU Threat Opening Chips to Data Leak Attacks β
π Read
via "Threatpost".
New side-channel attacks have been disclosed in AMD CPUs, however AMD said that they are not new.π Read
via "Threatpost".
Threat Post
AMD Downplays CPU Threat Opening Chips to Data Leak Attacks
New speculative execution attacks have been disclosed in AMD CPUs, however AMD said that they are not new.
π΄ WatchGuard Buys Panda Security for Endpoint Security Tech π΄
π Read
via "Dark Reading: ".
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.π Read
via "Dark Reading: ".
Dark Reading
WatchGuard Buys Panda Security for Endpoint Security Tech
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.
ATENTIONβΌ New - CVE-2015-7968
π Read
via "National Vulnerability Database".
nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-7344
π Read
via "National Vulnerability Database".
HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-7343
π Read
via "National Vulnerability Database".
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.π Read
via "National Vulnerability Database".
π΄ Malware Campaign Feeds on Coronavirus Fears π΄
π Read
via "Dark Reading: ".
A new malware campaign that offers a "coronavirus map" delivers a well-known data-stealer.π Read
via "Dark Reading: ".
Dark Reading
Malware Campaign Feeds on Coronavirus Fears
A new malware campaign that offers a coronavirus map delivers a well-known data-stealer.
π Richsploit RichFaces Exploitation Toolkit π
π Go!
via "Security Tool Files β Packet Storm".
This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Richsploit RichFaces Exploitation Toolkit β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Microsoft Exchange Server Flaw Exploited in APT Attacks β
π Read
via "Threatpost".
A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.π Read
via "Threatpost".
Threat Post
Microsoft Exchange Server Flaw Exploited in APT Attacks
A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.
β Itβs not a breachβ¦ itβs just that someone else has your data β
π Read
via "Naked Security".
If you lose someone's data because of a configuration blunder that lets crooks in without any actual hacking... is that a "breach" or not?π Read
via "Naked Security".
Naked Security
Itβs not a breachβ¦ itβs just that someone else has your data
If you lose someoneβs data because of a configuration blunder that lets crooks in without any actual hackingβ¦ is that a βbreachβ or not?
ATENTIONβΌ New - CVE-2016-6918
π Read
via "National Vulnerability Database".
Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (π Read
via "National Vulnerability Database".