ATENTIONβΌ New - CVE-2019-12115
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12114
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12113
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12112
π Read
via "National Vulnerability Database".
An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.π Read
via "National Vulnerability Database".
π΄ TrickBot Module Takes Aim at Remote Desktops π΄
π Read
via "Dark Reading: ".
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.π Read
via "Dark Reading: ".
Darkreading
TrickBot Module Takes Aim at Remote Desktops
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.
π΄ Process Injection Tops Attacker Techniques for 2019 π΄
π Read
via "Dark Reading: ".
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.π Read
via "Dark Reading: ".
Darkreading
Process Injection Tops Attacker Techniques for 2019
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
β Azure Red Flag: Microsoft Accidentally Fixes Cloud Config βBugβ β
π Read
via "Threatpost".
Researchers detail a misconfiguration in Microsoftβs Azure cloud platform that could have given hackers carte blanche access to a targeted company's cloud services.π Read
via "Threatpost".
Threat Post
Azure Red Flag: Microsoft Accidentally Fixes Cloud Config βBugβ
Researchers detail a misconfiguration in Microsoftβs Azure cloud platform that could of given hackers carte blanche access to a targeted company's cloud services.
β WordPress, Apache Struts Attract the Most Bug Exploits β
π Read
via "Threatpost".
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.π Read
via "Threatpost".
Threat Post
WordPress, Apache Struts Attract the Most Bug Exploits
An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.
π΄ Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month π΄
π Read
via "Dark Reading: ".
Blender maker is the latest victim of Magecart.π Read
via "Dark Reading: ".
Darkreading
Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month
Blender maker is the latest victim of Magecart.
π Libya-based hackers using coronavirus pandemic to spread mobile surveillance malware π
π Read
via "Security on TechRepublic".
The drastic spread of coronavirus across the world has not stopped cybercriminals from exploiting fear to hack into devices.π Read
via "Security on TechRepublic".
TechRepublic
Libya-based hackers using coronavirus pandemic to spread mobile surveillance malware
The drastic spread of coronavirus across the world has not stopped cybercriminals from exploiting fear to hack into devices.
β Android malware uses coronavirus for sextortion and ransomware combo β
π Read
via "Naked Security".
The app says it will notify you of coronavirus cases... but in fact it locks up your phone and sextorts you for money at the same timeπ Read
via "Naked Security".
Naked Security
Android malware uses coronavirus for sextortion and ransomware combo
The app says it will notify you of coronavirus cases⦠but in fact it locks up your phone and sextorts you for money at the same time
β Facebook accidentally blocks genuine COVID-19 news β
π Read
via "Naked Security".
Facebook is denying that a recent content moderation glitch has anything to do with workforce issues, but blames automatic systems.π Read
via "Naked Security".
Naked Security
Facebook accidentally blocks genuine COVID-19 news
Facebook is denying that a recent content moderation glitch has anything to do with workforce issues, but blames automatic systems.
β Delayed Adobe patches fix long list of critical flaws β
π Read
via "Naked Security".
This week the company made amends, issuing fixes for an unusually high CVE-level 41 vulnerabilities, 21 of which are rated critical.π Read
via "Naked Security".
Naked Security
Delayed Adobe patches fix long list of critical flaws
This week the company made amends, issuing fixes for an unusually high CVE-level 41 vulnerabilities, 21 of which are rated critical.
π΄ Quantifying Cyber Risk: Why You Must & Where to Start π΄
π Read
via "Dark Reading: ".
Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.π Read
via "Dark Reading: ".
Dark Reading
Quantifying Cyber Risk: Why You Must & Where to Start
Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.
β Cryptojacking is almost conquered β crushed along with coinhive.com β
π Read
via "Naked Security".
Cryptojacking may not be entirely gone following the shutdown of notorious cryptomining service Coinhive - but it's drastically diminished.π Read
via "Naked Security".
Naked Security
Cryptojacking is almost conquered β crushed along with Coinhive
Cryptojacking may not be entirely gone following the shutdown of notorious cryptomining service Coinhive β but itβs drastically diminished.
π IT security report finds 97% have suspicious network activity π
π Read
via "Security on TechRepublic".
The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.π Read
via "Security on TechRepublic".
TechRepublic
IT security report finds 97% have suspicious network activity
The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.
β What is the Best Defense Against Phishing Attacks? β
π Read
via "Threatpost".
While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and is still the number one cause of data breaches.π Read
via "Threatpost".
Threatpost
What is the Best Defense Against Phishing Attacks?
While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and is still the number one cause of data breaches.
π΄ Achieving DevSecOps Requires Cutting Through the Jargon π΄
π Read
via "Dark Reading: ".
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.π Read
via "Dark Reading: ".
Dark Reading
Achieving DevSecOps Requires Cutting Through the Jargon
Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
π΄ Cyber Resilience Benchmarks 2020 π΄
π Read
via "Dark Reading: ".
Here are four things that separate the leaders from the laggards when fighting cyber threats.π Read
via "Dark Reading: ".
Darkreading
Cyber Resilience Benchmarks 2020
Here are four things that separate the leaders from the laggards when fighting cyber threats.
π΄ TA505 Targets HR Departments with Poisoned CVs π΄
π Read
via "Dark Reading: ".
Infamous cybercrime organization spotted in attacks that employ legitimate software -- and Google Drive.π Read
via "Dark Reading: ".
Darkreading
TA505 Targets HR Departments with Poisoned CVs
Infamous cybercrime organization spotted in attacks that employ legitimate software -- and Google Drive.
π Healthcare devices at higher cybersecurity risk now due to COVID-19 π
π Read
via "Security on TechRepublic".
Much of the US healthcare system is running on outdated software and unsupported operating systems, such as Windows 7, leaving devices vulnerable to hackers who are actively exploiting the coronavirus.π Read
via "Security on TechRepublic".
TechRepublic
Healthcare devices at higher cybersecurity risk now due to coronavirus
Much of the US healthcare system is running on outdated software and unsupported operating systems, such as Windows 7, leaving devices vulnerable to hackers actively exploiting the coronavirus.