π Phishing emails caught exploiting DocuSign and COVID-19 π
π Read
via "Security on TechRepublic".
A new attack discovered by Abnormal Security aims to steal account credentials from people who use the online document signing platform.π Read
via "Security on TechRepublic".
TechRepublic
Phishing emails caught exploiting DocuSign and COVID-19
A new attack discovered by Abnormal Security aims to steal account credentials from people who use the online document signing platform.
π Capstone 4.0.2 π
π Go!
via "Security Tool Files β Packet Storm".
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Capstone 4.0.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Zeek 3.1.3 π
π Go!
via "Security Tool Files β Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Zeek 3.1.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TestSSL 3.0.2 π
π Go!
via "Security Tool Files β Packet Storm".
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
TestSSL 3.0.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π nfstream 5.1.0 π
π Go!
via "Security Tool Files β Packet Storm".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
nfstream 5.1.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Packet Fence 10.0.1 π
π Go!
via "Security Tool Files β Packet Storm".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Packet Fence 10.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2018-20225
π Read
via "National Vulnerability Database".
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).π Read
via "National Vulnerability Database".
π΄ Companies Struggle for Effective Cybersecurity π΄
π Read
via "Dark Reading: ".
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.π Read
via "Dark Reading: ".
Dark Reading
Companies Struggle for Effective Cybersecurity
The money companies are spending on cybersecurity tools doesn't necessarily result in better security, a new survey shows.
π 5 things developers should know about data privacy and security π
π Read
via "Security on TechRepublic".
In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.π Read
via "Security on TechRepublic".
TechRepublic
5 things developers should know about data privacy and security
In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.
β Monday review β the hot 16 stories of the week β
π Read
via "Naked Security".
It's weekly roundup time!π Read
via "Naked Security".
Naked Security
Monday review β the hot 16 stories of the week
Itβs weekly roundup time!
β Microsoft opens IoT bug bounty program β
π Read
via "Naked Security".
Microsoft really wants to secure the Internet of Things (IoT), and it's enlisting citizen hackers' help to do it.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Clearview AI wonβt sell vast faceprint collection to private companies β
π Read
via "Naked Security".
β¦ nor to anybody, even law enforcement, in the place where privacy-oblivious biometrics companies are forced to their knees: Illinois.π Read
via "Naked Security".
Naked Security
Clearview AI wonβt sell vast faceprint collection to private companies
β¦ nor to anybody, even law enforcement, in the place where privacy-oblivious biometrics companies are forced to their knees: Illinois.
π Cybercriminals exploiting the coronavirus to deploy infostealers π
π Read
via "Security on TechRepublic".
These threats are designed to capture usernames, passwords, bank details, network information, and other sensitive data, says security provider Lastline.π Read
via "Security on TechRepublic".
TechRepublic
Cybercriminals exploiting the coronavirus to deploy infostealers
These threats are designed to capture usernames, passwords, bank details, network information, and other sensitive data, says security provider Lastline.
π How to use the new Vivaldi tracking feature π
π Read
via "Security on TechRepublic".
The latest release of the Vivaldi web browser includes one of the easiest to use tracker blockers on the market.π Read
via "Security on TechRepublic".
TechRepublic
How to use the new Vivaldi tracking feature
The latest release of the Vivaldi web browser includes one of the easiest to use tracker blockers on the market.
π΄ Rule of Thumb: USB Killers Pose Real Threat π΄
π Read
via "Dark Reading: ".
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.π Read
via "Dark Reading: ".
Dark Reading
Rule of Thumb: USB Killers Pose Real Threat
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
β Celebrity personal data taken in ransomware attack β
π Read
via "Naked Security".
Ransomware crooks are apparently threatening to dump personal data for a long of celebs including Lady Gaga, Madonna, Nicki Minaj and more.π Read
via "Naked Security".
Naked Security
Celebrity personal data taken in ransomware attack
Ransomware crooks are apparently threatening to dump personal data for a long list of celebs including Lady Gaga, Madonna, Nicki Minaj and more.
β Sphinx Malware Returns to Riddle U.S. Targets β
π Read
via "Threatpost".
The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.π Read
via "Threatpost".
Threat Post
Sphinx Malware Returns to Riddle U.S. Targets
The banking trojan has upgraded and is seeing a resurgence on the back of coronavirus stimulus payment themes.
β Millions of Thunderbolt-Equipped Devices Open to βThunderSpyβ Attack β
π Read
via "Threatpost".
If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called "Thunderspy."π Read
via "Threatpost".
Threat Post
Millions of Thunderbolt-Equipped Devices Open to βThunderSpyβ Attack
If an attacker can get his hands on a Thunderbolt-equipped device for five minutes, he can launch a new data-stealing attack called "Thunderspy."
π CISOs forced to adapt to pandemic and other geopolitical risks π
π Read
via "Security on TechRepublic".
A new report finds cyber resilience, security culture, and cloud security are hot topics for chief information security officers.π Read
via "Security on TechRepublic".
TechRepublic
CISOs forced to adapt to pandemic and other geopolitical risks
A new report finds cyber resilience, security culture, and cloud security are hot topics for chief information security officers.
π Phishing campaign caught spoofing Zoom π
π Read
via "Security on TechRepublic".
The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.π Read
via "Security on TechRepublic".
TechRepublic
Phishing campaign caught spoofing Zoom
The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims, says security firm Abnormal Security.
π Survey: Teams supported by mature DevOps practices more likely to integrate automated security π
π Read
via "Security on TechRepublic".
Adding security into DevOps hasn't been as easy as automating all the things. Sonatype's survey shows the state of the industryβand what you might want to work on next.π Read
via "Security on TechRepublic".
TechRepublic
Survey: Teams supported by mature DevOps practices more likely to integrate automated security
Adding security into DevOps hasn't been as easy as automating all the things. Sonatype's survey shows the state of the industryβand what you might want to work on next.