ATENTIONβΌ New - CVE-2020-10737
π Read
via "National Vulnerability Database".
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.π Read
via "National Vulnerability Database".
β Google may soon add end-to-end encryption for RCS β
π Read
via "Naked Security".
The dogfood version of the recently updated app shows multiple references to encryption for RCS, the feature-rich successor to SMS messaging.π Read
via "Naked Security".
Naked Security
Google may soon add end-to-end encryption for RCS
The dogfood version of the recently updated app shows multiple references to encryption for RCS, the feature-rich successor to SMS messaging.
β Open source libraries a big source of application security flaws β
π Read
via "Naked Security".
How many vulnerabilities lurk inside the open source libraries that todayβs developers happily borrow to build their applications?π Read
via "Naked Security".
Naked Security
Open source libraries a big source of application security flaws
How many vulnerabilities lurk inside the open source libraries that todayβs developers happily borrow to build their applications?
π Security is still an issue, despite success telecommuting during pandemic π
π Read
via "Security on TechRepublic".
A new report from Bitglass examines how businesses adjusted to the shift from offices to working from home; 84% support remote work, but are ill-equipped to keep data secure.π Read
via "Security on TechRepublic".
TechRepublic
Security is still an issue, despite success telecommuting during pandemic
A new report from Bitglass examines how businesses adjusted to the shift from offices to working from home; 84% support remote work, but are ill-equipped to keep data secure.
π Cybercriminals targeting cloud services amid shift to remote working π
π Read
via "Security on TechRepublic".
Attackers are increasingly hitting collaboration services such as Microsoft 365 to access cloud accounts with stolen credentials, says McAfee.π Read
via "Security on TechRepublic".
π΄ Virtual Black Hat USA Offers Unparalleled Access to Expert Security Insights π΄
π Read
via "Dark Reading: ".
Attendees can look forward to the same high-quality Briefings and Trainings from the comfort of their own desk.π Read
via "Dark Reading: ".
Dark Reading
Virtual Black Hat USA Offers Unparalleled Access to Expert Security Insights
Attendees can look forward to the same high-quality Briefings and Trainings from the comfort of their own desk.
β Hackers Sell Data from 26 Million LiveJournal Users on Dark Web β
π Read
via "Threatpost".
Passwords and other credentials have been listed on Have I Been Pwned as attack rumors circulate.π Read
via "Threatpost".
Threat Post
Hackers Sell Data from 26 Million LiveJournal Users on Dark Web
Passwords and other credentials have been listed on Have I Been Pwned as attack rumors circulate.
π΄ 6 Steps Consumers Should Take Following a Hack π΄
π Read
via "Dark Reading: ".
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.π Read
via "Dark Reading: ".
Dark Reading
6 Steps Consumers Should Take Following a Hack
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
π΄ What the World's Elite Protectors Teach Us about Cybersecurity π΄
π Read
via "Dark Reading: ".
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.π Read
via "Dark Reading: ".
Dark Reading
What the World's Elite Protectors Teach Us about Cybersecurity
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
ATENTIONβΌ New - CVE-2020-13386
π Read
via "National Vulnerability Database".
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20806
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.π Read
via "National Vulnerability Database".
π΄ How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do π΄
π Read
via "Dark Reading: ".
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.π Read
via "Dark Reading: ".
Dark Reading
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
π COVID-19 Forcing Countries to Reshuffle Data Protection Regulations π
π Read
via "Subscriber Blog RSS Feed ".
The COVID-19 pandemic has forced some countries to consider delaying data protection law implementation.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
COVID-19 Forcing Countries to Reshuffle Data Protection Regulations
The COVID-19 pandemic has forced some countries to consider delaying data protection law implementation.
β Apple sends out 11 security alerts β get your fixes now! β
π Read
via "Naked Security".
Apple's current round of updates have been officially anounced in the company's latest Security Advisory emails.π Read
via "Naked Security".
Naked Security
Apple sends out 11 security alerts β get your fixes now!
Appleβs current round of updates have been officially anounced in the companyβs latest Security Advisory emails.
π΄ Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics π΄
π Read
via "Dark Reading: ".
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π OpenSSH 8.3p1 π
π Go!
via "Security Tool Files β Packet Storm".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
OpenSSH 8.3p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Chameleon Mini Smartcard Emulator Iceman Fork Gray GUI 1.3 π
π Go!
via "Security Tool Files β Packet Storm".
Firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Chameleon Mini Smartcard Emulator Iceman Fork Gray GUI 1.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2020-13253
π Read
via "National Vulnerability Database".
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.π Read
via "National Vulnerability Database".
β β[F]Unicornβ Ransomware Impersonates Legit COVID-19 Contact-Tracing App β
π Read
via "Threatpost".
The new malware family was seen pretending to be an official Italian app, called Immuni.π Read
via "Threatpost".
Threat Post
β[F]Unicornβ Ransomware Impersonates Legit COVID-19 Contact-Tracing App
The new malware family was seen pretending to be an official Italian app, called Immuni.
π΄ GDPR Enforcement Loosens Amid Pandemic π΄
π Read
via "Dark Reading: ".
The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.π Read
via "Dark Reading: ".
Dark Reading
GDPR Enforcement Loosens Amid Pandemic
The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.
π΄ Standing Privilege: The Attacker's Advantage π΄
π Read
via "Dark Reading: ".
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.π Read
via "Dark Reading: ".
Dark Reading
Standing Privilege: The Attacker's Advantage
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.