π Why developed countries are more vulnerable to cybercrime π
π Read
via "Security on TechRepublic".
Developed nations have higher incomes, technology, urbanization, and digitalization, which are all factors for greater cyber risk, says VPN provider NordVPN.π Read
via "Security on TechRepublic".
TechRepublic
Why developed countries are more vulnerable to cybercrime
Developed nations have higher incomes, technology, urbanization, and digitalization, which are all factors for greater cyber risk, says VPN provider NordVPN.
ATENTIONβΌ New - CVE-2020-10946
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10945
π Read
via "National Vulnerability Database".
Centreon before 19.10.7 exposes Session IDs in server responses.π Read
via "National Vulnerability Database".
π Majority of COVID phishing attacks coming from US IP addresses, report finds π
π Read
via "Security on TechRepublic".
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States.π Read
via "Security on TechRepublic".
TechRepublic
Majority of COVID phishing attacks coming from US IP addresses, report finds
An anti-phishing firm discovered that most of the malicious coronavirus emails were coming from the United States.
π΄ HackerOne Bounties Hit $100M Milestone π΄
π Read
via "Dark Reading: ".
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.π Read
via "Dark Reading: ".
Dark Reading
HackerOne Bounties Hit $100M Milestone
The bug-hunting platform has now paid more than $100 million in bounties since October 2013.
π΄ Security 101: SQL Injection π΄
π Read
via "Dark Reading: ".
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.π Read
via "Dark Reading: ".
Dark Reading
Security 101: SQL Injection
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
π΄ Cloud Security Architect Proves Hardest Infosec Role to Fill π΄
π Read
via "Dark Reading: ".
Nearly 70% of businesses struggle to recruit, hire, and retain cybersecurity talent, and many link security incidents to lack of skills.π Read
via "Dark Reading: ".
Dark Reading
Cloud Security Architect Proves Hardest Infosec Role to Fill
Nearly 70% of businesses struggle to recruit, hire, and retain cybersecurity talent, and many link security incidents to lack of skills.
π Insider Behind $1 Billion Trade Secret Theft Case Sentenced π
π Read
via "Subscriber Blog RSS Feed ".
The FBI on Wednesday shared details around a recent $1 billion trade secret theft case and reminded companies to report suspected crimes like trade secret theft.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Insider Behind $1 Billion Trade Secret Theft Case Sentenced
The FBI on Wednesday shared details around a recent $1 billion trade secret theft case and reminded companies to report suspected crimes like trade secret theft.
ATENTIONβΌ New - CVE-2020-10936
π Read
via "National Vulnerability Database".
Sympa before 6.2.56 allows privilege escalation.π Read
via "National Vulnerability Database".
β DoubleGun Group Builds Massive Botnet Using Cloud Services β
π Read
via "Threatpost".
The latest campaign spread malware via pirate gaming portals.π Read
via "Threatpost".
Threat Post
DoubleGun Group Builds Massive Botnet Using Cloud Services
The latest campaign spread malware via pirate gaming portals.
π΄ Stay-at-Home Orders Coincide With Massive DNS Surge π΄
π Read
via "Dark Reading: ".
A variety of sites saw as much as seven times the number of domain requests in late March and early April, suggesting attackers attempted massive denial-of-service attacks.π Read
via "Dark Reading: ".
Dark Reading
Stay-at-Home Orders Coincide With Massive DNS Surge
A variety of sites saw as much as seven times the number of domain requests in late March and early April, suggesting attackers attempted massive denial-of-service attacks.
ATENTIONβΌ New - CVE-2020-11059
π Read
via "National Vulnerability Database".
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.π Read
via "National Vulnerability Database".
π΄ Netwalker Ransomware Tools Reveal Attacker Tactics and Techniques π΄
π Read
via "Dark Reading: ".
Malware and related files show that ransomware operators don't need a cutting-edge arsenal to be effective.π Read
via "Dark Reading: ".
Dark Reading
Netwalker Ransomware Tools Reveal Attacker Tactics and Techniques
Malware and related files show that ransomware operators don't need a cutting-edge arsenal to be effective.
ATENTIONβΌ New - CVE-2020-11075
π Read
via "National Vulnerability Database".
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1.π Read
via "National Vulnerability Database".
β Android βStrandHogg 2.0β flaw lets malware assume identity of any app β
π Read
via "Naked Security".
A critical security flaw in Android could be used by attackers to βassume the identityβ of legitimate apps in order to carry out on-device phishing attacks, say researchers.π Read
via "Naked Security".
Naked Security
Android βStrandHogg 2.0β flaw lets malware assume identity of any app
A critical security flaw in Android could be used by attackers to βassume the identityβ of legitimate apps in order to carry out on-device phishing attacks, say researchers.
π How user credentials from LiveJournal wound up on the Dark Web π
π Read
via "Security on TechRepublic".
Hackers are trying to sell 26 million LiveJournal account credentials following a reported data breach that happened years ago.π Read
via "Security on TechRepublic".
π Phishing attack impersonates Amazon Web Services to steal user credentials π
π Read
via "Security on TechRepublic".
The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.π Read
via "Security on TechRepublic".
TechRepublic
Phishing attack impersonates Amazon Web Services to steal user credentials
The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.
π Who is the weak link in mobile security? This study suggests it's the C-suite π
π Read
via "Security on TechRepublic".
A survey of IT pros and top execs found that IT is worried about the lax attitude their bosses have toward security.π Read
via "Security on TechRepublic".
TechRepublic
Who is the weak link in mobile security? This study suggests it's the C-suite
A survey of IT pros and top execs found that IT is worried about the lax attitude their bosses have toward security.
π Even the most tech-savvy Americans have bad online safety habits π
π Read
via "Security on TechRepublic".
92% of Americans say they care about online safety and data privacy, yet a new report from iProov showed 44% polled shared passwords and mobile devices with their partners.π Read
via "Security on TechRepublic".
TechRepublic
Even the most tech-savvy Americans have bad online safety habits
92% of Americans say they care about online safety and data privacy, yet a new report from iProov showed 44% polled shared passwords and mobile devices with their partners.
π Google, Microsoft most spoofed brands in latest phishing attacks π
π Read
via "Security on TechRepublic".
Scammers are increasingly exploiting file sharing sites such as Google Docs and Microsoft Sway to steal user credentials, according to Barracuda Networks.π Read
via "Security on TechRepublic".
β Pablo Escobarβs brother sues Apple for $2.6b over FaceTime flaw β
π Read
via "Naked Security".
Roberto Escobar says a FaceTime eavesdropping bug led to his address being leaked, assassination threats, and being forced into hiding.π Read
via "Naked Security".
Naked Security
Pablo Escobarβs brother sues Apple for $2.6b over FaceTime flaw
Roberto Escobar says a FaceTime eavesdropping bug led to his address being leaked, assassination threats, and being forced into hiding.