π COVID-19 brings new security challenges and new allies, says HackerOne CEO π
π Read
via "Security on TechRepublic".
Commentary: Even as phishing and other attacks rise in the wake of COVID-19, white-hat hackers are readying their defenses.π Read
via "Security on TechRepublic".
TechRepublic
COVID-19 brings new security challenges and new allies, says HackerOne CEO
Commentary: Even as phishing and other attacks rise in the wake of COVID-19, white-hat hackers are readying their defenses.
ATENTIONβΌ New - CVE-2019-12119
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12118
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12117
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12116
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12115
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12114
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12113
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12112
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.π Read
via "National Vulnerability Database".
π΄ TrickBot Module Takes Aim at Remote Desktops π΄
π Read
via "Dark Reading: ".
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.π Read
via "Dark Reading: ".
Darkreading
TrickBot Module Takes Aim at Remote Desktops
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.
π΄ Process Injection Tops Attacker Techniques for 2019 π΄
π Read
via "Dark Reading: ".
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.π Read
via "Dark Reading: ".
Darkreading
Process Injection Tops Attacker Techniques for 2019
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
β Azure Red Flag: Microsoft Accidentally Fixes Cloud Config βBugβ β
π Read
via "Threatpost".
Researchers detail a misconfiguration in Microsoftβs Azure cloud platform that could have given hackers carte blanche access to a targeted company's cloud services.π Read
via "Threatpost".
Threat Post
Azure Red Flag: Microsoft Accidentally Fixes Cloud Config βBugβ
Researchers detail a misconfiguration in Microsoftβs Azure cloud platform that could of given hackers carte blanche access to a targeted company's cloud services.
β WordPress, Apache Struts Attract the Most Bug Exploits β
π Read
via "Threatpost".
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.π Read
via "Threatpost".
Threat Post
WordPress, Apache Struts Attract the Most Bug Exploits
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.
π΄ Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month π΄
π Read
via "Dark Reading: ".
Blender maker is the latest victim of Magecart.π Read
via "Dark Reading: ".
Darkreading
Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month
Blender maker is the latest victim of Magecart.
π Libya-based hackers using coronavirus pandemic to spread mobile surveillance malware π
π Read
via "Security on TechRepublic".
The drastic spread of coronavirus across the world has not stopped cybercriminals from exploiting fear to hack into devices.π Read
via "Security on TechRepublic".
TechRepublic
Libya-based hackers using coronavirus pandemic to spread mobile surveillance malware
The drastic spread of coronavirus across the world has not stopped cybercriminals from exploiting fear to hack into devices.
β Android malware uses coronavirus for sextortion and ransomware combo β
π Read
via "Naked Security".
The app says it will notify you of coronavirus cases... but in fact it locks up your phone and sextorts you for money at the same timeπ Read
via "Naked Security".
Naked Security
Android malware uses coronavirus for sextortion and ransomware combo
The app says it will notify you of coronavirus cases⦠but in fact it locks up your phone and sextorts you for money at the same time
β Facebook accidentally blocks genuine COVID-19 news β
π Read
via "Naked Security".
Facebook is denying that a recent content moderation glitch has anything to do with workforce issues, but blames automatic systems.π Read
via "Naked Security".
Naked Security
Facebook accidentally blocks genuine COVID-19 news
Facebook is denying that a recent content moderation glitch has anything to do with workforce issues, but blames automatic systems.
β Delayed Adobe patches fix long list of critical flaws β
π Read
via "Naked Security".
This week the company made amends, issuing fixes for an unusually high CVE-level 41 vulnerabilities, 21 of which are rated critical.π Read
via "Naked Security".
Naked Security
Delayed Adobe patches fix long list of critical flaws
This week the company made amends, issuing fixes for an unusually high CVE-level 41 vulnerabilities, 21 of which are rated critical.
π΄ Quantifying Cyber Risk: Why You Must & Where to Start π΄
π Read
via "Dark Reading: ".
Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.π Read
via "Dark Reading: ".
Dark Reading
Quantifying Cyber Risk: Why You Must & Where to Start
Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.
β Cryptojacking is almost conquered β crushed along with coinhive.com β
π Read
via "Naked Security".
Cryptojacking may not be entirely gone following the shutdown of notorious cryptomining service Coinhive - but it's drastically diminished.π Read
via "Naked Security".
Naked Security
Cryptojacking is almost conquered β crushed along with Coinhive
Cryptojacking may not be entirely gone following the shutdown of notorious cryptomining service Coinhive β but itβs drastically diminished.
π IT security report finds 97% have suspicious network activity π
π Read
via "Security on TechRepublic".
The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.π Read
via "Security on TechRepublic".
TechRepublic
IT security report finds 97% have suspicious network activity
The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.