π΄ Fake Microsoft Teams Emails Phish for Credentials π΄
π Read
via "Dark Reading: ".
Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says.π Read
via "Dark Reading: ".
Darkreading
Fake Microsoft Teams Emails Phish for Credentials
Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says.
β Upgraded Cerberus Spyware Spreads Rapidly via MDM β
π Read
via "Threatpost".
No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.π Read
via "Threatpost".
Threat Post
Upgraded Cerberus Spyware Spreads Rapidly via MDM
No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.
β Monday review β the hot 11 stories of the week β
π Read
via "Naked Security".
It's weekly roundup time!π Read
via "Naked Security".
Naked Security
Monday review β the hot 11 stories of the week
Itβs weekly roundup time!
β Uncle Sam to agencies: No encrypted DNS for you! β
π Read
via "Naked Security".
The US federal government has been protecting its users by blocking malicious destinations for years, but it wonβt let them take advantage of the latest protective measure in DNS β encryption β just yet.π Read
via "Naked Security".
Naked Security
Uncle Sam to agencies: No encrypted DNS for you!
The US federal government has been protecting its users by blocking malicious destinations for years, but it wonβt let them take advantage of the latest protective measure in DNS β encryption β jusβ¦
β Coronavirus pandemic coincides with spike in online puppy scams β
π Read
via "Naked Security".
Got plenty of quaran-time to teach something to roll over? Be careful! Puppy lust is leading to broken hearts and emptied wallets.π Read
via "Naked Security".
Naked Security
Coronavirus pandemic coincides with spike in online puppy scams
Got plenty of quaran-time to teach something to roll over? Be careful! Puppy lust is leading to broken hearts and emptied wallets.
β S2 Ep37: Microsoft fixes, airgap fun and free games for 2FA β Naked Security Podcast β
π Read
via "Naked Security".
Get the latest cybersecurity news, opinion and advice from Sophos.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 7 Tips for Security Pros Patching in a Pandemic π΄
π Read
via "Dark Reading: ".
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.π Read
via "Dark Reading: ".
Dark Reading
7 Tips for Security Pros Patching in a Pandemic
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.
π Cybersecurity: SMBs are keeping up with big companies according to Cisco survey π
π Read
via "Security on TechRepublic".
Cisco survey finds security experts at mid-sized companies have strong incident response plans and prioritize proactive threat hunting.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity: SMBs are keeping up with big companies, according to Cisco survey
Cisco survey finds security experts at mid-sized companies have strong incident response plans and prioritize proactive threat hunting.
ATENTIONβΌ New - CVE-2019-11823
π Read
via "National Vulnerability Database".
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.π Read
via "National Vulnerability Database".
π΄ The Cybersecurity Hiring Conundrum: Youth vs. Experience π΄
π Read
via "Dark Reading: ".
How working together across the spectrum of young to old makes our organizations more secure.π Read
via "Dark Reading: ".
Dark Reading
The Cybersecurity Hiring Conundrum: Youth vs. Experience
How working together across the spectrum of young to old makes our organizations more secure.
ATENTIONβΌ New - CVE-2019-17557
π Read
via "National Vulnerability Database".
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.π Read
via "National Vulnerability Database".
β Oracle: Unpatched Versions of WebLogic App Server Under Active Attack β
π Read
via "Threatpost".
CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after.π Read
via "Threatpost".
Threat Post
Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after.
ATENTIONβΌ New - CVE-2019-13285
π Read
via "National Vulnerability Database".
CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12864
π Read
via "National Vulnerability Database".
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21233
π Read
via "National Vulnerability Database".
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.π Read
via "National Vulnerability Database".
β ILOVEYOU: The Love Bug virus 20 years on β could it happen again? β
π Read
via "Naked Security".
If you weren't using a computer 20 years ago, this is what people mean when they talk with dismay about ILOVEYOU or the Love Bug...π Read
via "Naked Security".
Naked Security
ILOVEYOU: The Love Bug virus 20 years on β could it happen again?
If you werenβt using a computer 20 years ago, this is what people mean when they talk with dismay about ILOVEYOU or the Love Bugβ¦
π΄ Zoom Installers Used to Spread WebMonitor RAT π΄
π Read
via "Dark Reading: ".
Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.π Read
via "Dark Reading: ".
Dark Reading
Zoom Installers Used to Spread WebMonitor RAT
Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.
π New Data Protection Act Would Regulate COVID-19 Tracing Apps π
π Read
via "Subscriber Blog RSS Feed ".
The act would require βaffirmative express consentβ for transferring any health, location and proximity data, and allow individuals to opt out of data collection.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
New Data Protection Act Would Regulate COVID-19 Tracing Apps
The act would require βaffirmative express consentβ for transferring any health, location and proximity data, and allow individuals to opt out of data collection.
ATENTIONβΌ New - CVE-2017-18774
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.π Read
via "National Vulnerability Database".
π Ransomware attack on Colorado hospital highlights fears of more healthcare hostage situations π
π Read
via "Security on TechRepublic".
Cybercriminals are making millions by holding the data of healthcare institutions hostage until they get paid.π Read
via "Security on TechRepublic".
TechRepublic
Ransomware attack on Colorado hospital highlights fears of more healthcare hostage situations
Cybercriminals are making millions by holding the data of healthcare institutions hostage until they get paid.
π sshprank 1.1.1 π
π Go!
via "Security Tool Files β Packet Storm".
sshprank is a fast SSH mass-scanner, login cracker, and banner grabber tool using the python-masscan and shodan modules.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
sshprank 1.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers