π΄ How Network Metadata Can Transform Compromise Assessment π΄
π Read
via "Dark Reading: ".
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secretπ Read
via "Dark Reading: ".
Darkreading
How Network Metadata Can Transform Compromise Assessment
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
ATENTIONβΌ New - CVE-2019-10065
π Read
via "National Vulnerability Database".
An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-18894
π Read
via "National Vulnerability Database".
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14502
π Read
via "National Vulnerability Database".
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.π Read
via "National Vulnerability Database".
π Intel's data center CPUs vulnerability could lead to "devastating" attacks π
π Read
via "Security on TechRepublic".
Security researchers found vulnerabilities that can affect multi-tenant environments such as public clouds or shared enterprise workloads.π Read
via "Security on TechRepublic".
TechRepublic
Intel's data center CPUs vulnerability could lead to "devastating" attacks
Security researchers found vulnerabilities that can affect multi-tenant environments such as public clouds or shared enterprise workloads.
π΄ What Should I Do About Vulnerabilities Without Fixes? π΄
π Read
via "Dark Reading: ".
With better tools that identify potential threats even before developers address them, a new problem has arisen.π Read
via "Dark Reading: ".
Dark Reading
What Should I Do About Vulnerabilities Without Fixes?
With better tools that identify potential threats even before developers address them, a new problem has arisen.
ATENTIONβΌ New - CVE-2017-10992
π Read
via "National Vulnerability Database".
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.π Read
via "National Vulnerability Database".
π HHS Finalizes New Health Data Rules To Improve Data Governance π
π Read
via "Subscriber Blog RSS Feed ".
The U.S. Department of Health and Human Services finalized two new rules designed to give patients better control over their data.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
HHS Finalizes New Health Data Rules To Improve Data Governance
The U.S. Department of Health and Human Services finalized two new rules designed to give patients better control over their data.
π΄ Paradise Ransomware Variant Hides in Office IQY Files π΄
π Read
via "Dark Reading: ".
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.π Read
via "Dark Reading: ".
Darkreading
Paradise Ransomware Variant Hides in Office IQY Files
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.
π΄ 3 Tips to Stay Secure When You Lose an Employee π΄
π Read
via "Dark Reading: ".
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.π Read
via "Dark Reading: ".
Dark Reading
3 Tips to Stay Secure When You Lose an Employee
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
β High-Severity Flaws Plague Intel Graphics Drivers β
π Read
via "Threatpost".
Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.π Read
via "Threatpost".
Threat Post
High-Severity Flaws Plague Intel Graphics Drivers
Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware and smart-sound technology.
β Firefox Bug Opens iPhone AirPods to Third-Party Snooping β
π Read
via "Threatpost".
Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.π Read
via "Threatpost".
Threat Post
Firefox Bug Opens iPhone AirPods to Third-Party Snooping
Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.
ATENTIONβΌ New - CVE-2012-1096
π Read
via "National Vulnerability Database".
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1094
π Read
via "National Vulnerability Database".
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.π Read
via "National Vulnerability Database".
π΄ Bitsight and Microsoft Disrupt Necurs Botnet π΄
π Read
via "Dark Reading: ".
But roughly 2 million infected systems remain in the wild, and infected systems could be reactivated at any time.π Read
via "Dark Reading: ".
Darkreading
Bitsight and Microsoft Disrupt Necurs Botnet
But roughly 2 million infected systems remain in the wild, and infected systems could be reactivated at any time.
π΄ Microsoft Patches Over 100 Vulnerabilities π΄
π Read
via "Dark Reading: ".
Patch Tuesday features several remote code execution flaws in Microsoft Word.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Popular ThemeREX WordPress Plugin Opens Websites to RCE β
π Read
via "Threatpost".
The bug has been under active attack as a zero-day.π Read
via "Threatpost".
Threat Post
Popular ThemeREX WordPress Plugin Opens Websites to RCE
The bug has been under active attack as a zero-day.
π΄ Researchers Develop New Side-Channel Attacks on Intel CPUs π΄
π Read
via "Dark Reading: ".
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.π Read
via "Dark Reading: ".
Dark Reading
Researchers Develop New Side-Channel Attacks on Intel CPUs
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.
π Zeek 3.1.1 π
π Go!
via "Security Tool Files β Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Zeek 3.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Microsoft Patches 26 Critical Bugs in Big March Update β
π Read
via "Threatpost".
March security updates include 115 CVEs patching everything from Windows, Office and Microsoftβs new Chromium-based Edge web browser.π Read
via "Threatpost".
Threat Post
Microsoft Patches 26 Critical Bugs in Big March Update
March security updates include 115 CVEs patching everything from Windows, Office and Microsoftβs new Chromium-based Edge web browser.
β Critical Bugs in Rockwell, Johnson Controls ICS Gear β
π Read
via "Threatpost".
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.π Read
via "Threatpost".
Threat Post
Critical Bugs in Rockwell, Johnson Controls ICS Gear
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.