🛡 Cybersecurity & Privacy 🛡 - News

Active Directory Attacks Hit the Mainstream

Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.

126 views18:41

ATENTION‼ New - CVE-2019-3945

Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length.

📖 Read

via "National Vulnerability Database".

123 views18:58

ATENTION‼ New - CVE-2019-3944

Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.

📖 Read

via "National Vulnerability Database".

124 views18:58

ATENTION‼ New - CVE-2019-3942

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

📖 Read

via "National Vulnerability Database".

126 views18:58

ATENTION‼ New - CVE-2018-11106

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

📖 Read

via "National Vulnerability Database".

126 views18:58

🔏 Zoom’s Privacy Problems Snowball as Two Zero Days Uncovered 🔏

Amid increased scrutiny from researchers and privacy activists, two new zero days in the teleconferencing app surfaced on Wednesday.

📖 Read

via "Subscriber Blog RSS Feed ".

132 views19:55

❌ Coronavirus ‘Financial Relief’ Phishing Attacks Spike ❌

A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.

📖 Read

via "Threatpost".

Coronavirus ‘Financial Relief’ Phishing Attacks Spike

A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.

121 views20:05

🕴 Why All Employees Are Responsible for Company Cybersecurity 🕴

It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.

📖 Read

via "Dark Reading: ".

Why All Employees Are Responsible for Company Cybersecurity

It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.

127 views20:11

🔐 COVID-19 pandemic impact pushing smart home voice control devices to predicted 30% growth 🔐

Global shipments of smart home speakers will increase this year due to fear of coronavirus germs, according to ABI Research.

📖 Read

via "Security on TechRepublic".

138 views20:14

❌ Wiper Malware Called “Coronavirus” Spreads Among Windows Victims ❌

Like NotPetya, it overwrites the master boot record to render computers "trashed."

📖 Read

via "Threatpost".

Wiper Malware Called “Coronavirus” Spreads Among Windows Victims

Like NotPetya, it overwrites the master boot record to render computers "trashed".

139 views21:35

ATENTION‼ New - CVE-2019-9163

The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.

📖 Read

via "National Vulnerability Database".

135 views22:28

ATENTION‼ New - CVE-2019-11254

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

📖 Read

via "National Vulnerability Database".

142 views22:28

🕴 Attackers Leverage Excel File Encryption to Deliver Malware 🕴

Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.

📖 Read

via "Dark Reading: ".

Attackers Leverage Excel File Encryption to Deliver Malware

Technique involves saving malicious Excel file as read-only and tricking users into opening it, Mimecast says.

155 views22:41

ATENTION‼ New - CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.

📖 Read

via "National Vulnerability Database".

166 views00:28

ATENTION‼ New - CVE-2018-11802

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).

📖 Read

via "National Vulnerability Database".

180 views00:28

COVID-19 forces browser makers to continue supporting TLS 1.0

⚠ COVID-19 forces browser makers to continue supporting TLS 1.0 ⚠

In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the aging and insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols.

📖 Read

via "Naked Security".

Naked Security

In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the aging and insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols.

176 views10:21

Phone carriers must authenticate calls to fight robocalls, says FCC

⚠ Phone carriers must authenticate calls to fight robocalls, says FCC ⚠

The FCC has given voice carriers until June 2021 to implement technology it says will stop the robocall plague that's driving us all insane.

📖 Read

via "Naked Security".

Naked Security

The FCC has given voice carriers until June 2021 to implement technology it says will stop the robocall plague that’s driving us all insane.

172 views11:51

🕴 Vulnerability Researchers Focus on Zoom App's Security 🕴

With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.

📖 Read

via "Dark Reading: ".

Vulnerability Researchers Focus on Zoom App's Security

With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.

160 views13:11

❌ Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs ❌

Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.

📖 Read

via "Threatpost".

Emerging MakeFrame Skimmer from Magecart Sets Sights on SMBs

Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.

146 views14:05

❌ 44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig ❌

Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.

📖 Read

via "Threatpost".

44M Digital Wallet Items Exposed in Key Ring Cloud Misconfig

Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.

135 views14:05