🔐 How to restrict the Nextcloud ONLYOFFICE to groups 🔐
📖 Read
via "Security on TechRepublic".
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.📖 Read
via "Security on TechRepublic".
TechRepublic
How to restrict the Nextcloud ONLYOFFICE to groups
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.
🔐 Coronavirus-themed phishing templates used to capture personal information 🔐
📖 Read
via "Security on TechRepublic".
Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.📖 Read
via "Security on TechRepublic".
TechRepublic
Coronavirus-themed phishing templates used to capture personal information
Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.
❌ Quantum Security Goes Live with Samsung Galaxy ❌
📖 Read
via "Threatpost".
Quantum encryption, which has been touted as "unhackable," debuts with Samsung, SK Telecom in a world's first.📖 Read
via "Threatpost".
Threat Post
Quantum Security Goes Live with Samsung Galaxy
Quantum technology, which has been touted as "unhackable," debuts with Samsung, SK Telecom in a world's first.
❌ RATicate Group Hits Industrial Firms With Revolving Payloads ❌
📖 Read
via "Threatpost".
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.📖 Read
via "Threatpost".
Threat Post
RATicate Group Hits Industrial Firms With Revolving Payloads
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.
🕴 The Entertainment Biz Is Changing, But the Cybersecurity Script Is One We've Read Before 🕴
📖 Read
via "Dark Reading: ".
📖 Read
via "Dark Reading: ".
Dark Reading
The Entertainment Biz Is Changing, But the Cybersecurity Script Is One We've Read Before
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
🔏 Friday Five: 5/15 Edition 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
ChatBooks suffers a data breach, the Texas court system disables its network following a ransomware attack, and the FBI issues a security warning to healthcare organizations - catch up on the week's news with the Friday Five.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 5/15 Edition
ChatBooks suffers a data breach, the Texas court system disables its network following a ransomware attack, and the FBI issues a security warning to healthcare organizations - catch up on the week's news with the Friday Five.
ATENTION‼ New - CVE-2018-10756
📖 Read
via "National Vulnerability Database".
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.📖 Read
via "National Vulnerability Database".
🔐 Average US citizen had personal information stolen at least 4 times in 2019 🔐
📖 Read
via "Security on TechRepublic".
A new study of publicly reported data shows the average person experienced a breach every three months last year.📖 Read
via "Security on TechRepublic".
TechRepublic
Average US citizen had personal information stolen at least 4 times in 2019
A new study of publicly reported data shows the average person experienced a breach every three months last year.
❌ News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries ❌
📖 Read
via "Threatpost".
Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.📖 Read
via "Threatpost".
Threat Post
News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries
Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.
🕴 Microsoft Open Sources Its Coronavirus Threat Data 🕴
📖 Read
via "Dark Reading: ".
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.📖 Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
🕴 Templates Make Coronavirus Phishing Campaigns Easy 🕴
📖 Read
via "Dark Reading: ".
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.📖 Read
via "Dark Reading: ".
Dark Reading
Templates Make Coronavirus Phishing Campaigns Easy
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.
ATENTION‼ New - CVE-2019-20390
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20389
📖 Read
via "National Vulnerability Database".
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19721
📖 Read
via "National Vulnerability Database".
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-18666
📖 Read
via "National Vulnerability Database".
An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization.📖 Read
via "National Vulnerability Database".
🔐 How to enable SSL on Ubuntu Linux for testing 🔐
📖 Read
via "Security on TechRepublic".
Sometimes admins need to be able to test a web-based solution before deciding it's worth using. When that software requires SSL, you can enable a snake-oil SSL key for testing purposes.📖 Read
via "Security on TechRepublic".
TechRepublic
How to enable SSL on Ubuntu Linux for testing | TechRepublic
Sometimes admins need to be able to test a web-based solution before deciding it's worth using. When that software requires SSL, you can enable a snake-oil SSL key for testing purposes.
🔐 How to enable SSL on Ubuntu Linux for testing 🔐
📖 Read
via "Security on TechRepublic".
Sometimes admins need to be able to test a web-based solution before deciding it's worth using. When that software requires SSL, you can enable a snake oil SSL key for testing purposes.📖 Read
via "Security on TechRepublic".
TechRepublic
How to enable SSL on Ubuntu Linux for testing
Sometimes admins need to be able to test a web-based solution before deciding it's worth using. When that software requires SSL, you can enable a snake oil SSL key for testing purposes.
🕴 UK Supercomputing Service ARCHER Still Offline After Monday Attack 🕴
📖 Read
via "Dark Reading: ".
Incident comes amid US warnings about Chinese cybergroups targeting organizations involved in COVID-19-related research.📖 Read
via "Dark Reading: ".
Dark Reading
UK Supercomputing Service ARCHER Still Offline After Monday Attack
Incident comes amid US warnings about Chinese cybergroups targeting organizations involved in COVID-19-related research.
❌ Hoaxcalls Botnet Exploits Symantec Secure Web Gateways ❌
📖 Read
via "Threatpost".
The fast-moving botnet has added an exploit for an unpatched bug in an unsupported version of the security gateway.📖 Read
via "Threatpost".
Threat Post
Hoaxcalls Botnet Exploits Symantec Secure Web Gateways
The fast-moving botnet has added an exploit for an unpatched bug in an unsupported version of the security gateway.
🛠 TOR Virtual Network Tunneling Tool 0.4.3.5 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.3.5 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTION‼ New - CVE-2019-20802
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker.📖 Read
via "National Vulnerability Database".