ATENTIONβΌ New - CVE-2020-11950
π Read
via "National Vulnerability Database".
VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11949
π Read
via "National Vulnerability Database".
testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices.π Read
via "National Vulnerability Database".
β Inside a ransomware gangβs attack toolbox β
π Read
via "Naked Security".
Ransomware's changed a lot over the years - here's a peek into a criminal gang's current toolbox...π Read
via "Naked Security".
Naked Security
Inside a ransomware gangβs attack toolbox
Ransomwareβs changed a lot over the years β hereβs a peek into a criminal gangβs current toolboxβ¦
π Data Trends Report Highlights Risk of Data Loss in Pandemic π
π Read
via "Subscriber Blog RSS Feed ".
With nearly everyone these days working from home, how has the COVID-19 crisis impacted the risk of sensitive data loss?π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Data Trends Report Highlights Risk of Data Loss in Pandemic
With nearly everyone these days working from home, how has the COVID-19 crisis impacted the risk of sensitive data loss?
π How one hacktivist became a full-fledged cybercriminal π
π Read
via "Security on TechRepublic".
Though hacktivism can sometimes stem from a legitimate cause, one person couldn't resist turning to true cybercrime, according to Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
How one hacktivist became a full-fledged cybercriminal
Though hacktivism can sometimes stem from a legitimate cause, one person couldn't resist turning to true cybercrime, according to Check Point Research.
β PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time β
π Read
via "Threatpost".
Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.π Read
via "Threatpost".
Threat Post
PonyFinal Ransomware Targets Enterprise Servers Then Bides Its Time
Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.
π΄ Data Loss Spikes Under COVID-19 Lockdowns π΄
π Read
via "Dark Reading: ".
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.π Read
via "Dark Reading: ".
Dark Reading
Data Loss Spikes Under COVID-19 Lockdowns
Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.
π΄ Google, Microsoft Brands Impersonated the Most in Form-Based Attacks π΄
π Read
via "Dark Reading: ".
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Vulnerability Disclosures Drop in Q1 for First Time in a Decade π΄
π Read
via "Dark Reading: ".
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability Disclosures Drop in Q1 for First Time in a Decade
Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.
π How to properly secure sysctl on Linux π
π Read
via "Security on TechRepublic".
Protecting your Linux servers against SYN attacks and IP spoofing isn't nearly as hard you think. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to properly secure sysctl on Linux
Protecting your Linux servers against SYN attacks and IP spoofing isn't nearly as hard you think. Jack Wallen shows you how.
ATENTIONβΌ New - CVE-2020-13362
π Read
via "National Vulnerability Database".
In QEMU 4.2.0, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13361
π Read
via "National Vulnerability Database".
In QEMU 4.2.0, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20807
π Read
via "National Vulnerability Database".
In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).π Read
via "National Vulnerability Database".
β Google Location Tracking Lambasted in Arizona Lawsuit β
π Read
via "Threatpost".
The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses βdeceptive and unfair conductβ to obtain usersβ location data.π Read
via "Threatpost".
Threat Post
Google Location Tracking Lambasted in Arizona Lawsuit
The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses βdeceptive and unfair conductβ to obtain usersβ location data.
π΄ 3 SMB Cybersecurity Myths Debunked π΄
π Read
via "Dark Reading: ".
Small and midsize businesses are better at cyber resilience than you might think.π Read
via "Dark Reading: ".
Dark Reading
3 SMB Cybersecurity Myths Debunked
Small and midsize businesses are better at cyber resilience than you might think.
π΄ NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers π΄
π Read
via "Dark Reading: ".
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.π Read
via "Dark Reading: ".
Dark Reading
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
π How to enable two-factor authentication for Bitwarden π
π Read
via "Security on TechRepublic".
If you use Bitwarden as your password manager of choice, you owe it to yourself to enable two-factor authentication.π Read
via "Security on TechRepublic".
TechRepublic
How to enable two-factor authentication for Bitwarden
If you use Bitwarden as your password manager of choice, you owe it to yourself to enable two-factor authentication.
ATENTIONβΌ New - CVE-2020-13245
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11079
π Read
via "National Vulnerability Database".
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.π Read
via "National Vulnerability Database".
β Hackers Compromise Cisco Servers Via SaltStack Flaws β
π Read
via "Threatpost".
Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.π Read
via "Threatpost".
Threat Post
Hackers Compromise Cisco Servers Via SaltStack Flaws
Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.
π΄ Valak Malware Retasked to Steal Data from US, German Firms π΄
π Read
via "Dark Reading: ".
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.π Read
via "Dark Reading: ".
Dark Reading
Valak Malware Retasked to Steal Data from US, German Firms
Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.