π΄ What Should I Do About Vulnerabilities Without Fixes? π΄
π Read
via "Dark Reading: ".
With better tools that identify potential threats even before developers address them, a new problem has arisen.π Read
via "Dark Reading: ".
Dark Reading
What Should I Do About Vulnerabilities Without Fixes?
With better tools that identify potential threats even before developers address them, a new problem has arisen.
ATENTIONβΌ New - CVE-2017-10992
π Read
via "National Vulnerability Database".
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.π Read
via "National Vulnerability Database".
π HHS Finalizes New Health Data Rules To Improve Data Governance π
π Read
via "Subscriber Blog RSS Feed ".
The U.S. Department of Health and Human Services finalized two new rules designed to give patients better control over their data.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
HHS Finalizes New Health Data Rules To Improve Data Governance
The U.S. Department of Health and Human Services finalized two new rules designed to give patients better control over their data.
π΄ Paradise Ransomware Variant Hides in Office IQY Files π΄
π Read
via "Dark Reading: ".
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.π Read
via "Dark Reading: ".
Darkreading
Paradise Ransomware Variant Hides in Office IQY Files
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.
π΄ 3 Tips to Stay Secure When You Lose an Employee π΄
π Read
via "Dark Reading: ".
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.π Read
via "Dark Reading: ".
Dark Reading
3 Tips to Stay Secure When You Lose an Employee
Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.
β High-Severity Flaws Plague Intel Graphics Drivers β
π Read
via "Threatpost".
Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.π Read
via "Threatpost".
Threat Post
High-Severity Flaws Plague Intel Graphics Drivers
Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware and smart-sound technology.
β Firefox Bug Opens iPhone AirPods to Third-Party Snooping β
π Read
via "Threatpost".
Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.π Read
via "Threatpost".
Threat Post
Firefox Bug Opens iPhone AirPods to Third-Party Snooping
Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.
ATENTIONβΌ New - CVE-2012-1096
π Read
via "National Vulnerability Database".
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1094
π Read
via "National Vulnerability Database".
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.π Read
via "National Vulnerability Database".
π΄ Bitsight and Microsoft Disrupt Necurs Botnet π΄
π Read
via "Dark Reading: ".
But roughly 2 million infected systems remain in the wild, and infected systems could be reactivated at any time.π Read
via "Dark Reading: ".
Darkreading
Bitsight and Microsoft Disrupt Necurs Botnet
But roughly 2 million infected systems remain in the wild, and infected systems could be reactivated at any time.
π΄ Microsoft Patches Over 100 Vulnerabilities π΄
π Read
via "Dark Reading: ".
Patch Tuesday features several remote code execution flaws in Microsoft Word.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Popular ThemeREX WordPress Plugin Opens Websites to RCE β
π Read
via "Threatpost".
The bug has been under active attack as a zero-day.π Read
via "Threatpost".
Threat Post
Popular ThemeREX WordPress Plugin Opens Websites to RCE
The bug has been under active attack as a zero-day.
π΄ Researchers Develop New Side-Channel Attacks on Intel CPUs π΄
π Read
via "Dark Reading: ".
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.π Read
via "Dark Reading: ".
Dark Reading
Researchers Develop New Side-Channel Attacks on Intel CPUs
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.
π Zeek 3.1.1 π
π Go!
via "Security Tool Files β Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Zeek 3.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Microsoft Patches 26 Critical Bugs in Big March Update β
π Read
via "Threatpost".
March security updates include 115 CVEs patching everything from Windows, Office and Microsoftβs new Chromium-based Edge web browser.π Read
via "Threatpost".
Threat Post
Microsoft Patches 26 Critical Bugs in Big March Update
March security updates include 115 CVEs patching everything from Windows, Office and Microsoftβs new Chromium-based Edge web browser.
β Critical Bugs in Rockwell, Johnson Controls ICS Gear β
π Read
via "Threatpost".
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.π Read
via "Threatpost".
Threat Post
Critical Bugs in Rockwell, Johnson Controls ICS Gear
Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.
π Two attendees at RSA tech conference in San Francisco stricken with COVID-19 π
π Read
via "Security on TechRepublic".
The organizers of the popular security conference, RSA, which drew over 36,000 people to San Francisco in February, confirmed that at least two people who attended have tested positive for COVID-19.π Read
via "Security on TechRepublic".
TechRepublic
Exabeam employees at RSA tech conference in San Francisco stricken with COVID-19
The two people who tested positive for COVID-19 may have been at the company's booth at RSA, which drew over 36,000 people to San Francisco in February.
π Closing the cybersecurity gender gap would boost the US economy by $30B π
π Read
via "Security on TechRepublic".
82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.π Read
via "Security on TechRepublic".
TechRepublic
Closing the cybersecurity gender gap would boost the US economy by $30B
82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.
β Brave browser to block web fingerprinting with randomisation β
π Read
via "Naked Security".
Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect.π Read
via "Naked Security".
Naked Security
Brave browser to block web fingerprinting with randomisation
Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect.
β Trial for accused CIA leaker ends in hung jury β
π Read
via "Naked Security".
The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIA's cyber arsenal.π Read
via "Naked Security".
Naked Security
Trial for accused CIA leaker ends in hung jury
The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIAβs cyber arsenal.
β FBI arrests alleged owner of Deer.io, top market for stolen accounts β
π Read
via "Naked Security".
Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.π Read
via "Naked Security".
Naked Security
FBI arrests alleged owner of Deer.io, top market for stolen accounts
Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.