ATENTIONβΌ New - CVE-2019-7244
π Read
via "National Vulnerability Database".
An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-7240
π Read
via "National Vulnerability Database".
An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-5105
π Read
via "National Vulnerability Database".
An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20633
π Read
via "National Vulnerability Database".
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.π Read
via "National Vulnerability Database".
π΅ Who is dominating the rising VPN market right now? Here are the numbers π΅
π Read
via "VPNpro".
π Read
via "VPNpro".
VPNpro
Who is dominating the rising VPN market in 2025?
Which company has the biggest VPN market share? Read our in-depth analysis of the 10 most popular VPNs to find out which provider rules the VPN market.
β Monday review β the hot 22 stories of the week β
π Read
via "Naked Security".
From the return of the Martinelli WhatsApp hoax to the takedown of hacker forum Deer.io - and everything in between. It's roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 22 stories of the week
From the return of the Martinelli WhatsApp hoax to the takedown of hacker forum Deer.io β and everything in between. Itβs roundup time.
β Google sent ~40K warnings to targets of state-backed attackers in 2019 β
π Read
via "Naked Security".
Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters.π Read
via "Naked Security".
Naked Security
Google sent ~40K warnings to targets of state-backed attackers in 2019
Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters.
β Should governments track your location to fight COVID-19? β
π Read
via "Naked Security".
Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.π Read
via "Naked Security".
Naked Security
Should governments track your location to fight COVID-19?
Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.
β Chrome may bring back βwwwβ with option to show full URLs β
π Read
via "Naked Security".
Google's doing so grudgingly: it still thinks that showing too much will confuse users trying to assess a site's security.π Read
via "Naked Security".
Naked Security
Chrome may bring back βwwwβ with option to show full URLs
Googleβs doing so grudgingly: it still thinks that showing too much will confuse users trying to assess a siteβs security.
β Appleβs iOS 13.4 hit by VPN bypass vulnerability β
π Read
via "Naked Security".
Itβs less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.π Read
via "Naked Security".
Naked Security
Appleβs iOS 13.4 hit by VPN bypass vulnerability
Itβs less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.
π΄ Securing Your Remote Workforce: A Coronavirus Guide for Businesses π΄
π Read
via "Dark Reading: ".
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.π Read
via "Dark Reading: ".
Darkreading
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
ATENTIONβΌ New - CVE-2020-10560
π Read
via "National Vulnerability Database".
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.π Read
via "National Vulnerability Database".
β How to stay on top of coronavirus scams β and all the others too β
π Read
via "Naked Security".
The bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, too...π Read
via "Naked Security".
Naked Security
How to stay on top of coronavirus scams β and all the others too
The bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, tooβ¦
π Recon Informer π
π Go!
via "Security Tool Files β Packet Storm".
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Recon Informer β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π How to protect your organization and remote workers against ransomware π
π Read
via "Security on TechRepublic".
Phishing emails and unsecure remote desktop protocol access are two common types of attack methods used to spread ransomware, says cyber breach firm Beazley Breach Response Services.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your organization and remote workers against ransomware
Phishing emails and unsecure remote desktop protocol access are two common types of attack methods used to spread ransomware, says cyber breach firm Beazley Breach Response Services.
π How to use an iPhone or Android device as the security key for your Google account π
π Read
via "Security on TechRepublic".
Your smartphone can act as your security key to authenticate your Google credentials on the web. Learn how to set that up on an Android device or an iPhone.π Read
via "Security on TechRepublic".
TechRepublic
How to use an iPhone or Android device as the security key for your Google account
Your smartphone can act as your security key to authenticate your Google credentials on the web. Learn how to set that up on an Android device or an iPhone.
β Zeus Sphinx Banking Trojan Arises Amid COVID-19 β
π Read
via "Threatpost".
The malware is back after three years, looking to cash in on interest in government relief efforts around coronavirus.π Read
via "Threatpost".
Threat Post
Zeus Sphinx Banking Trojan Arises Amid COVID-19
The malware is back after three years, looking to cash in on interest in government relief efforts around coronavirus.
π Top 5 remote access threats π
π Read
via "Security on TechRepublic".
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 remote access threats
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.
ATENTIONβΌ New - CVE-2019-7755
π Read
via "National Vulnerability Database".
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.π Read
via "National Vulnerability Database".
π Top 5 remote access threats π
π Read
via "Security on TechRepublic".
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 remote access threats
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.
π Security policies explain step-by-step solutions for strengthening IT defenses π
π Read
via "Security on TechRepublic".
These TechRepublic Premium resources offer a comprehensive solution from responding to a data breach to explaining company-wide security responsibilities.π Read
via "Security on TechRepublic".
TechRepublic
Security policies explain step-by-step solutions for strengthening IT defenses
These TechRepublic Premium resources offer a comprehensive solution from responding to a data breach to explaining company-wide security responsibilities.