ATENTIONβΌ New - CVE-2020-11059
π Read
via "National Vulnerability Database".
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.π Read
via "National Vulnerability Database".
π΄ Netwalker Ransomware Tools Reveal Attacker Tactics and Techniques π΄
π Read
via "Dark Reading: ".
Malware and related files show that ransomware operators don't need a cutting-edge arsenal to be effective.π Read
via "Dark Reading: ".
Dark Reading
Netwalker Ransomware Tools Reveal Attacker Tactics and Techniques
Malware and related files show that ransomware operators don't need a cutting-edge arsenal to be effective.
ATENTIONβΌ New - CVE-2020-11075
π Read
via "National Vulnerability Database".
In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user via a valid API request to anchore engine, or if an already added image that anchore is monitoring has its manifest altered to exploit the same flaw. A successful attack can be used to execute commands that run in the analyzer environment, with the same permissions as the user that anchore engine is run as - including access to the credentials that Engine uses to access its own database which have read-write ability, as well as access to the running engien analyzer service environment. By default Anchore Engine is released and deployed as a container where the user is non-root, but if users run Engine directly or explicitly set the user to 'root' then that level of access may be gained in the execution environment where Engine runs. This issue is fixed in version 0.7.1.π Read
via "National Vulnerability Database".
β Android βStrandHogg 2.0β flaw lets malware assume identity of any app β
π Read
via "Naked Security".
A critical security flaw in Android could be used by attackers to βassume the identityβ of legitimate apps in order to carry out on-device phishing attacks, say researchers.π Read
via "Naked Security".
Naked Security
Android βStrandHogg 2.0β flaw lets malware assume identity of any app
A critical security flaw in Android could be used by attackers to βassume the identityβ of legitimate apps in order to carry out on-device phishing attacks, say researchers.
π How user credentials from LiveJournal wound up on the Dark Web π
π Read
via "Security on TechRepublic".
Hackers are trying to sell 26 million LiveJournal account credentials following a reported data breach that happened years ago.π Read
via "Security on TechRepublic".
π Phishing attack impersonates Amazon Web Services to steal user credentials π
π Read
via "Security on TechRepublic".
The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.π Read
via "Security on TechRepublic".
TechRepublic
Phishing attack impersonates Amazon Web Services to steal user credentials
The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security.
π Who is the weak link in mobile security? This study suggests it's the C-suite π
π Read
via "Security on TechRepublic".
A survey of IT pros and top execs found that IT is worried about the lax attitude their bosses have toward security.π Read
via "Security on TechRepublic".
TechRepublic
Who is the weak link in mobile security? This study suggests it's the C-suite
A survey of IT pros and top execs found that IT is worried about the lax attitude their bosses have toward security.
π Even the most tech-savvy Americans have bad online safety habits π
π Read
via "Security on TechRepublic".
92% of Americans say they care about online safety and data privacy, yet a new report from iProov showed 44% polled shared passwords and mobile devices with their partners.π Read
via "Security on TechRepublic".
TechRepublic
Even the most tech-savvy Americans have bad online safety habits
92% of Americans say they care about online safety and data privacy, yet a new report from iProov showed 44% polled shared passwords and mobile devices with their partners.
π Google, Microsoft most spoofed brands in latest phishing attacks π
π Read
via "Security on TechRepublic".
Scammers are increasingly exploiting file sharing sites such as Google Docs and Microsoft Sway to steal user credentials, according to Barracuda Networks.π Read
via "Security on TechRepublic".
β Pablo Escobarβs brother sues Apple for $2.6b over FaceTime flaw β
π Read
via "Naked Security".
Roberto Escobar says a FaceTime eavesdropping bug led to his address being leaked, assassination threats, and being forced into hiding.π Read
via "Naked Security".
Naked Security
Pablo Escobarβs brother sues Apple for $2.6b over FaceTime flaw
Roberto Escobar says a FaceTime eavesdropping bug led to his address being leaked, assassination threats, and being forced into hiding.
β Valak Loader Revamped to Rob Microsoft Exchange Servers β
π Read
via "Threatpost".
Phishing campaigns targeting enterprises in U.S. and Germany have been used to nab enterprise mailing info, passwords and certificates.π Read
via "Threatpost".
Threat Post
Valak Loader Revamped to Rob Microsoft Exchange Servers
Phishing campaigns targeting enterprises in U.S. and Germany have been used to nab enterprise mailing info, passwords and certificates.
β S2 Ep 41: Super-sized ransomware, FBI v Apple and AirPods hot or not β Naked Security Podcast β
π Read
via "Naked Security".
The latest Naked Security podcast is out now!π Read
via "Naked Security".
Naked Security
S2 Ep 41: Super-sized ransomware, FBI v Apple and AirPods hot or not β Naked Security Podcast
The latest Naked Security podcast is out now!
π΄ How Elite Protectors Operationalize Security Protection π΄
π Read
via "Dark Reading: ".
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.π Read
via "Dark Reading: ".
Dark Reading
How Elite Protectors Operationalize Security Protection
There is no silver bullet for cybersecurity. It takes the right people, with the right mindset, applying the right elements of good security from the data center to the SOC.
ATENTIONβΌ New - CVE-2020-11950
π Read
via "National Vulnerability Database".
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11949
π Read
via "National Vulnerability Database".
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.π Read
via "National Vulnerability Database".
β Inside a ransomware gangβs attack toolbox β
π Read
via "Naked Security".
Ransomware's changed a lot over the years - here's a peek into a criminal gang's current toolbox...π Read
via "Naked Security".
Naked Security
Inside a ransomware gangβs attack toolbox
Ransomwareβs changed a lot over the years β hereβs a peek into a criminal gangβs current toolboxβ¦
π Data Trends Report Highlights Risk of Data Loss in Pandemic π
π Read
via "Subscriber Blog RSS Feed ".
With nearly everyone these days working from home, how has the COVID-19 crisis impacted the risk of sensitive data loss?π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Data Trends Report Highlights Risk of Data Loss in Pandemic
With nearly everyone these days working from home, how has the COVID-19 crisis impacted the risk of sensitive data loss?
π How one hacktivist became a full-fledged cybercriminal π
π Read
via "Security on TechRepublic".
Though hacktivism can sometimes stem from a legitimate cause, one person couldn't resist turning to true cybercrime, according to Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
How one hacktivist became a full-fledged cybercriminal
Though hacktivism can sometimes stem from a legitimate cause, one person couldn't resist turning to true cybercrime, according to Check Point Research.
β PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time β
π Read
via "Threatpost".
Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.π Read
via "Threatpost".
Threat Post
PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time
Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.
π΄ Data Loss Spikes Under COVID-19 Lockdowns π΄
π Read
via "Dark Reading: ".
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.π Read
via "Dark Reading: ".
Dark Reading
Data Loss Spikes Under COVID-19 Lockdowns
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
π΄ Google, Microsoft Brands Impersonated the Most in Form-Based Attacks π΄
π Read
via "Dark Reading: ".
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading