π΄ Virtual Black Hat USA Offers Unparalleled Access to Expert Security Insights π΄
π Read
via "Dark Reading: ".
Attendees can look forward to the same high-quality Briefings and Trainings from the comfort of their own desk.π Read
via "Dark Reading: ".
Dark Reading
Virtual Black Hat USA Offers Unparalleled Access to Expert Security Insights
Attendees can look forward to the same high-quality Briefings and Trainings from the comfort of their own desk.
β Hackers Sell Data from 26 Million LiveJournal Users on Dark Web β
π Read
via "Threatpost".
Passwords and other credentials have been listed on Have I Been Pwned as attack rumors circulate.π Read
via "Threatpost".
Threat Post
Hackers Sell Data from 26 Million LiveJournal Users on Dark Web
Passwords and other credentials have been listed on Have I Been Pwned as attack rumors circulate.
π΄ 6 Steps Consumers Should Take Following a Hack π΄
π Read
via "Dark Reading: ".
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.π Read
via "Dark Reading: ".
Dark Reading
6 Steps Consumers Should Take Following a Hack
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
π΄ What the World's Elite Protectors Teach Us about Cybersecurity π΄
π Read
via "Dark Reading: ".
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.π Read
via "Dark Reading: ".
Dark Reading
What the World's Elite Protectors Teach Us about Cybersecurity
How to protect anyone and anything, from the perspective of a career Secret Service agent and former special operations marine.
ATENTIONβΌ New - CVE-2020-13386
π Read
via "National Vulnerability Database".
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20806
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.π Read
via "National Vulnerability Database".
π΄ How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do π΄
π Read
via "Dark Reading: ".
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.π Read
via "Dark Reading: ".
Dark Reading
How to Pay a Ransom: A Step-By-Step Guide for Something You'd Never Do
Even prior to the COVID-19 pandemic, ransomware attacks were on the rise and becoming more expensive. Now your, um, friend's organization has fallen victim and is going to pay. Here's how they should handle it.
π COVID-19 Forcing Countries to Reshuffle Data Protection Regulations π
π Read
via "Subscriber Blog RSS Feed ".
The COVID-19 pandemic has forced some countries to consider delaying data protection law implementation.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
COVID-19 Forcing Countries to Reshuffle Data Protection Regulations
The COVID-19 pandemic has forced some countries to consider delaying data protection law implementation.
β Apple sends out 11 security alerts β get your fixes now! β
π Read
via "Naked Security".
Apple's current round of updates have been officially anounced in the company's latest Security Advisory emails.π Read
via "Naked Security".
Naked Security
Apple sends out 11 security alerts β get your fixes now!
Appleβs current round of updates have been officially anounced in the companyβs latest Security Advisory emails.
π΄ Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics π΄
π Read
via "Dark Reading: ".
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π OpenSSH 8.3p1 π
π Go!
via "Security Tool Files β Packet Storm".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
OpenSSH 8.3p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Chameleon Mini Smartcard Emulator Iceman Fork Gray GUI 1.3 π
π Go!
via "Security Tool Files β Packet Storm".
Firmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Chameleon Mini Smartcard Emulator Iceman Fork Gray GUI 1.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2020-13253
π Read
via "National Vulnerability Database".
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.π Read
via "National Vulnerability Database".
β β[F]Unicornβ Ransomware Impersonates Legit COVID-19 Contact-Tracing App β
π Read
via "Threatpost".
The new malware family was seen pretending to be an official Italian app, called Immuni.π Read
via "Threatpost".
Threat Post
β[F]Unicornβ Ransomware Impersonates Legit COVID-19 Contact-Tracing App
The new malware family was seen pretending to be an official Italian app, called Immuni.
π΄ GDPR Enforcement Loosens Amid Pandemic π΄
π Read
via "Dark Reading: ".
The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.π Read
via "Dark Reading: ".
Dark Reading
GDPR Enforcement Loosens Amid Pandemic
The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.
π΄ Standing Privilege: The Attacker's Advantage π΄
π Read
via "Dark Reading: ".
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.π Read
via "Dark Reading: ".
Dark Reading
Standing Privilege: The Attacker's Advantage
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
π Why developed countries are more vulnerable to cybercrime π
π Read
via "Security on TechRepublic".
Developed nations have higher incomes, technology, urbanization, and digitalization, which are all factors for greater cyber risk, says VPN provider NordVPN.π Read
via "Security on TechRepublic".
TechRepublic
Why developed countries are more vulnerable to cybercrime
Developed nations have higher incomes, technology, urbanization, and digitalization, which are all factors for greater cyber risk, says VPN provider NordVPN.
ATENTIONβΌ New - CVE-2020-10946
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10945
π Read
via "National Vulnerability Database".
Centreon before 19.10.7 exposes Session IDs in server responses.π Read
via "National Vulnerability Database".
π Majority of COVID phishing attacks coming from US IP addresses, report finds π
π Read
via "Security on TechRepublic".
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States.π Read
via "Security on TechRepublic".
TechRepublic
Majority of COVID phishing attacks coming from US IP addresses, report finds
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States.
π΄ HackerOne Bounties Hit $100M Milestone π΄
π Read
via "Dark Reading: ".
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.π Read
via "Dark Reading: ".
Dark Reading
HackerOne Bounties Hit $100M Milestone
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.