ATENTIONβΌ New - CVE-2020-1010
π Read
via "National Vulnerability Database".
An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0963
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0909
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0901
π Read
via "National Vulnerability Database".
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20804
π Read
via "National Vulnerability Database".
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20803
π Read
via "National Vulnerability Database".
Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21234
π Read
via "National Vulnerability Database".
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.π Read
via "National Vulnerability Database".
π΄ 10 iOS Security Tips to Lock Down Your iPhone π΄
π Read
via "Dark Reading: ".
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.π Read
via "Dark Reading: ".
Dark Reading
10 iOS Security Tips to Lock Down Your iPhone
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
β Apple and Google launch COVID-19 contact tracing API β
π Read
via "Naked Security".
The first phase of Apple and Google's contact tracing framework allows public health authorities across the world to connect their apps with data that could help them identify people at risk from coronavirus.π Read
via "Naked Security".
Naked Security
Apple and Google launch COVID-19 contact tracing API
The first phase of Apple and Googleβs contact tracing framework to help identify people at risk from coronavirus.
β Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks β
π Read
via "Threatpost".
Government and air transportation companies in Kuwait and Saudi Arabia were targeted in a recent attack tracked back to the Chafer APT.π Read
via "Threatpost".
Threat Post
Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks
Government and air transportation companies in Kuwait and Saudi Arabia were targeted in a recent attack tracked back to the Chafer APT.
π nfstream 5.1.3 π
π Go!
via "Security Tool Files β Packet Storm".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
nfstream 5.1.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β NSO Group Impersonates Facebook Security Team to Spread Spyware β Report β
π Read
via "Threatpost".
An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal.π Read
via "Threatpost".
Threat Post
NSO Group Impersonates Facebook Security Team to Spread Spyware β Report
An investigation traces an NSO Group-controlled IP address to a fake Facebook security portal.
π 8 states targeted in CARES Act scams from cybercrime group π
π Read
via "Security on TechRepublic".
Scattered Canary has siphoned over $4 million in unemployment benefits and federal funding through a variety of scams, according to the Secret Service and the cybersecurity company Agari.π Read
via "Security on TechRepublic".
TechRepublic
8 states targeted in CARES Act scams from cybercrime group
Scattered Canary has siphoned over $4 million in unemployment benefits and federal funding through a variety of scams, according to the Secret Service and the cybersecurity company Agari.
β Home Chef Serves Up Data Breach for 8 Million Records β
π Read
via "Threatpost".
The meal-kit company's customer records were leaked as part of the Shiny Hunters breach.π Read
via "Threatpost".
Threat Post
Home Chef Serves Up Data Breach for 8 Million Records
The meal-kit company's customer records were leaked as part of the Shiny Hunters breach.
β βCoronavirus Reportβ Emails Spread NetSupport RAT, Microsoft Warns β
π Read
via "Threatpost".
Attackers used malicious Excel 4.0 documents to spread the weaponized NetSupport RAT in a spear-phishing campaign.π Read
via "Threatpost".
Threat Post
βCoronavirus Reportβ Emails Spread NetSupport RAT, Microsoft Warns
Attackers used malicious Excel 4.0 documents to spread the weaponized NetSupport RAT in a spear-phishing campaign.
β Signal secure messaging can now identify you without a phone number β
π Read
via "Naked Security".
Signal decouples its secure messaging service from your phone number - a bit.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β The ransomware that attacks you from inside a virtual machine β
π Read
via "Naked Security".
In a recent attack, Ragnar Locker ransomware was seen encrypting victim's files while shielded from security software inside a virtual machine.π Read
via "Naked Security".
Naked Security
The ransomware that attacks you from inside a virtual machine
In a recent attack, Ragnar Locker ransomware was seen encrypting victimβs files while shielded from security software inside a virtual machine.
π΄ Security & Trust Ratings Proliferate: Is That a Good Thing? π΄
π Read
via "Dark Reading: ".
Phishing ratings, security ratings, human-ness ratings -- we are looking at a future filled with grades of security and trustworthiness. But there is a downside.π Read
via "Dark Reading: ".
Dark Reading
Security & Trust Ratings Proliferate: Is That a Good Thing?
Phishing ratings, security ratings, human-ness ratings -- we are looking at a future filled with grades of security and trustworthiness. But there is a downside.
π΄ Dark Reading Edge Cybersecurity Crossword Puzzle, May 22th π΄
π Read
via "Dark Reading: ".
Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...π Read
via "Dark Reading: ".
Dark Reading
The Edge
Have a hard time coming up with the answers to these puzzle questions? We know a great place to look for more clues...
π΄ Former Salesforce Execs Launch Data Protection Startup π΄
π Read
via "Dark Reading: ".
Cloud-based API service stores and manages sensitive consumer data with a zero-trust, database-as-a service approach.π Read
via "Dark Reading: ".
Dark Reading
Former Salesforce Execs Launch Data Protection Startup
Cloud-based API service stores and manages sensitive consumer data with a zero-trust, database-as-a service approach.
π Friday Five: 5/22 Edition π
π Read
via "Subscriber Blog RSS Feed ".
The European Parliament suffers a cyber-attack, ransomware gang threatens to leak celebrities' information, and Microsoft warns of a COVID-19 themed phishing campaign - catch up on the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 5/22 Edition
The European Parliament suffers a cyber-attack, ransomware gang threatens to leak celebrities' information, and Microsoft warns of a COVID-19 themed phishing campaign - catch up on the week's news with the Friday Five.