β New Mirai Variant βMukashiβ Targets Zyxel NAS Devices β
π Read
via "Threatpost".
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.π Read
via "Threatpost".
Threat Post
New Mirai Variant βMukashiβ Targets Zyxel NAS Devices
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
π΄ Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis π΄
π Read
via "Dark Reading: ".
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.π Read
via "Dark Reading: ".
Dark Reading
Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
β Covid-19 Spurs Facial Recognition Tracking, Privacy Fears β
π Read
via "Threatpost".
The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.π Read
via "Threatpost".
Threat Post
Covid-19 Spurs Facial Recognition Tracking, Privacy Fears
The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.
π Friday Five: 3/20 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 3/20 Edition
Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!
π΄ Security Ratings Are a Dangerous Fantasy π΄
π Read
via "Dark Reading: ".
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.π Read
via "Dark Reading: ".
Darkreading
Security Ratings Are a Dangerous Fantasy
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
β Exchange rate serviceβs customer details hacked via AWS β
π Read
via "Naked Security".
Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.π Read
via "Naked Security".
Naked Security
Exchange rate serviceβs customer details hacked via AWS
Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.
π TrickBot and Emotet strains make process injection most prevalent attack technique π
π Read
via "Security on TechRepublic".
A Red Canary study analyzed six million leads to determine threats and found that worms had the most significant impact in 2019.π Read
via "Security on TechRepublic".
TechRepublic
TrickBot and Emotet strains make process injection most prevalent attack technique
A Red Canary study analyzed six million leads to determine threats and found that worms had the most significant impact in 2019.
π Network address-based security: How to implement better controls π
π Read
via "Security on TechRepublic".
Traditional network address-based security controls aren't as effective for the cloud or internal networks. Here's what to do about these security issues.π Read
via "Security on TechRepublic".
TechRepublic
Network address-based security: How to implement better controls
Traditional network address-based security controls aren't as effective for the cloud or internal networks. Here's what to do about these security issues.
ATENTIONβΌ New - CVE-2019-10221
π Read
via "National Vulnerability Database".
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10179
π Read
via "National Vulnerability Database".
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.π Read
via "National Vulnerability Database".
π How to create a Kubernetes security policy π
π Read
via "Security on TechRepublic".
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.π Read
via "Security on TechRepublic".
TechRepublic
How to create a Kubernetes security policy
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.
π΄ Proof of Concept Released for kr00k Wi-Fi Vulnerability π΄
π Read
via "Dark Reading: ".
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.π Read
via "Dark Reading: ".
Darkreading
Proof of Concept Released for kr00k Wi-Fi Vulnerability
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.
β Trolls ZoomBomb work-from-home videocall with filth β
π Read
via "Naked Security".
Trolls have been joining videoconferencing calls to expose meeting participants to disturbing videos.π Read
via "Naked Security".
Naked Security
Trolls ZoomBomb work-from-home videocall with filth
Trolls have been joining videoconferencing calls to expose meeting participants to disturbing videos.
β S2 Ep31: Remote working, malwareless ransomware and EARN IT β Naked Security Podcast β
π Read
via "Naked Security".
Listen to the latest episode now!π Read
via "Naked Security".
Naked Security
S2 Ep31: Remote working, malwareless ransomware and EARN IT β Naked Security Podcast
Listen to the latest episode now!
π How to deal with network security and bandwidth issues during the coronavirus pandemic π
π Read
via "Security on TechRepublic".
Experts discuss what precautions companies need to be taking right now that a record number of people are working outside of offices.π Read
via "Security on TechRepublic".
TechRepublic
How to deal with network security and bandwidth issues during the coronavirus pandemic
Experts discuss what precautions companies need to be taking right now that a record number of people are working outside of offices.
β News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own β
π Read
via "Threatpost".
Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.π Read
via "Threatpost".
Threat Post
News Wrap, Coronavirus Edition: WFH Security Woes, Pwn2Own
Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.
π΄ Dark Reading Cybersecurity Crossword Puzzle π΄
π Read
via "Dark Reading: ".
Here's a little something to snuggle up with if you're on lockdown.π Read
via "Dark Reading: ".
Darkreading
Dark Reading Cybersecurity Crossword Puzzle
Here's a little something to snuggle up with if you're on lockdown.
β Defying Covid-19βs Pall: Pwn2Own Goes Virtual β
π Read
via "Threatpost".
Hacking contest goes virtual with participants remotely winning $295k in prizes for taking down Adobe Reader, Safari and Ubuntu.π Read
via "Threatpost".
Threat Post
Defying Covid-19βs Pall: Pwn2Own Goes Virtual
Hacking contest goes virtual with participants remotely winning $295k in prizes for taking down Adobe Reader, Safari and Ubuntu.
β Revamped HawkEye Keylogger Swoops in on Coronavirus Fears β
π Read
via "Threatpost".
Emails claiming to be directly from WHOβs Dr. Tedros Adhanom Ghebreyesus offer "drug advice" -- and malware infections.π Read
via "Threatpost".
Threat Post
Revamped HawkEye Keylogger Swoops in on Coronavirus Fears
Emails claiming to be directly from WHOβs Dr. Tedros Adhanom Ghebreyesus offer "drug advice" β and malware infections.
π΄ 200M Records of US Citizens Leaked in Unprotected Database π΄
π Read
via "Dark Reading: ".
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.π Read
via "Dark Reading: ".
Dark Reading
200M Records of US Citizens Leaked in Unprotected Database
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
ATENTIONβΌ New - CVE-2019-11574
π Read
via "National Vulnerability Database".
An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.π Read
via "National Vulnerability Database".