ATENTIONβΌ New - CVE-2019-14880
π Read
via "National Vulnerability Database".
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10180
π Read
via "National Vulnerability Database".
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.π Read
via "National Vulnerability Database".
π΄ Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack π΄
π Read
via "Dark Reading: ".
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.π Read
via "Dark Reading: ".
Darkreading
Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
π Two Exabeam employees at RSA conference who tested positive for COVID-19 are recovering π
π Read
via "Security on TechRepublic".
Exabeam's employees are recovering from coronavirus. Both tested positive for coronavirus after attending RSA in San Francisco.π Read
via "Security on TechRepublic".
TechRepublic
Two Exabeam employees at RSA conference who tested positive for COVID-19 are recovering
Exabeam's employees are recovering from coronavirus. Both tested positive for COVID-19 after attending RSA in San Francisco.
π FBI warns about Zoom bombing as hijackers take over school and business video conferences π
π Read
via "Security on TechRepublic".
Teleconferences are being disrupted by internet trolls shouting profanity and racist remarks and posting pornographic and hate images.π Read
via "Security on TechRepublic".
TechRepublic
FBI warns about Zoom bombing as hijackers take over school and business video conferences
Teleconferences are being disrupted by internet trolls shouting profanity and racist remarks and posting pornographic and hate images.
π FBI Urges Vigiliance Around COVID-19 Scams, Malware π
π Read
via "Subscriber Blog RSS Feed ".
Itβs been difficult keeping track of all the scams leveraging the COVID-19 pandemic to steal your money or your personal information. Now, the FBI is warning of increased attacks that target the supply chain and the healthcare industry in addition to βZoom-bombingβ style attacks.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FBI Urges Vigiliance Around COVID-19 Scams, Malware
Itβs been difficult keeping track of all the scams leveraging the COVID-19 pandemic to steal your money or your personal information. Now, the FBI is warning of increased attacks that target the supply chain and the healthcare industry in addition to βZoomβ¦
ATENTIONβΌ New - CVE-2019-13495
π Read
via "National Vulnerability Database".
In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.π Read
via "National Vulnerability Database".
β Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy β
π Read
via "Threatpost".
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.π Read
via "Threatpost".
Threat Post
Watering-Holes Target Asian Ethnic Victims with Flash Update Decoy
About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.
π΄ Defense Evasion Dominated 2019 Attack Tactics π΄
π Read
via "Dark Reading: ".
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.π Read
via "Dark Reading: ".
Darkreading
Defense Evasion Dominated 2019 Attack Tactics
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
β Microsoftβs Edge browser to get breached credential alerts β
π Read
via "Naked Security".
Microsoft has announced a list of new security and privacy features it plans to add to forthcoming versions in an effort to take on its rivals.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Major Cloud, CDN Providers Join Secure Routing Initiative π΄
π Read
via "Dark Reading: ".
Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.π Read
via "Dark Reading: ".
Dark Reading
Major Cloud, CDN Providers Join Secure Routing Initiative
Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.
β QR code generator scam steals thousands in Bitcoin β
π Read
via "Naked Security".
Every once in a while an attack comes along that is so simple to set up, and yet so effective, that it makes your jaw drop. Here's one.π Read
via "Naked Security".
Naked Security
QR code generator scam steals thousands in Bitcoin
Every once in a while an attack comes along that is so simple to set up, and yet so effective, that it makes your jaw drop. Hereβs one.
β Bill Gatesβs YouTube βBitcoin giveawayβ is a big fat scam β
π Read
via "Naked Security".
And no, Microsoft said, none of our verified accounts have been hijacked, vehemently denying early reports.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Top Email Protections Fail in Latest COVID-19 Phishing Campaign β
π Read
via "Threatpost".
An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.π Read
via "Threatpost".
Threat Post
Top Email Protections Fail in Latest COVID-19 Phishing Campaign
An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.
π΄ The SOC Emergency Room Faces Malware Pandemic π΄
π Read
via "Dark Reading: ".
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.π Read
via "Dark Reading: ".
Dark Reading
The SOC Emergency Room Faces Malware Pandemic
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
π΄ COVID-19: Latest Security News & Commentary π΄
π Read
via "Dark Reading: ".
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.π Read
via "Dark Reading: ".
Dark Reading
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
β Two Zoom Zero-Day Flaws Uncovered β
π Read
via "Threatpost".
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victimsβ microphone and camera.π Read
via "Threatpost".
Threat Post
Two Zoom Zero-Day Flaws Uncovered
The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victimsβ microphone and camera.
π΄ Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls? π΄
π Read
via "Dark Reading: ".
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.π Read
via "Dark Reading: ".
Dark Reading
Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls?
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.
π Holy Water watering hole attack targets visitors of certain websites with malware π
π Read
via "Security on TechRepublic".
This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.π Read
via "Security on TechRepublic".
TechRepublic
Holy Water watering hole attack targets visitors of certain websites with malware
This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.
π΄ Microsoft Alerts Healthcare to Human-Operated Ransomware π΄
π Read
via "Dark Reading: ".
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2020-10231
π Read
via "National Vulnerability Database".
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.π Read
via "National Vulnerability Database".