β βBot or Not?β β a game to train us to spot chatbots faking it as humans β
π Read
via "Naked Security".
Can you tell whether you're talking to a human or AI?π Read
via "Naked Security".
Naked Security
βBot or Not?β β a game to train us to spot chatbots faking it as humans
Can you tell whether youβre talking to a human or AI?
π Honda hit by cyberattack that impacted its global operations π
π Read
via "Security on TechRepublic".
The automaker's customer service and financial services are unavailable as it deals with an attack that experts believe is ransomware.π Read
via "Security on TechRepublic".
TechRepublic
Honda hit by cyberattack that impacted its global operations
The automaker's customer service and financial services are unavailable as it deals with an attack that experts believe is ransomware.
π 92% of SMBs think they can recover from a disaster, but many don't have plans in place π
π Read
via "Security on TechRepublic".
New research shows that the vast majority of small and midsize leaders believe they expect, and can handle, the unexpectedβbut 16% don't even know their recovery time objective.π Read
via "Security on TechRepublic".
TechRepublic
92% of SMBs think they can recover from a disaster, but many don't have plans in place
New research shows that the vast majority of small and midsize leaders believe they expect, and can handle, the unexpectedβbut 16% don't even know their recovery time objective.
π How DNS attacks threaten organizations π
π Read
via "Security on TechRepublic".
Application downtime was the most significant side effect of a DNS attack, according to EfficientIP.π Read
via "Security on TechRepublic".
TechRepublic
How DNS attacks threaten organizations
Application downtime was the most significant side effect of a DNS attack, according to EfficientIP and IDC.
β Thanos Ransomware First to Weaponize RIPlace Tactic β
π Read
via "Threatpost".
Thanos is the first ransomware family to feature the weaponized RIPlace tactic, enabling it to bypass ransomware protections.π Read
via "Threatpost".
Threat Post
Thanos Ransomware First to Weaponize RIPlace Tactic
Researchers say the new Thanos ransomware-as-a-service is the first ransomware family to feature the weaponized RIPlace tactic.
β Encryption Utility Firm Accused of Bundling Malware Functions in Product β
π Read
via "Threatpost".
The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board.π Read
via "Threatpost".
Threat Post
Encryption Utility Firm Accused of Bundling Malware Functions in Product
The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts, according to researchers.
π΄ 3 Ways the Pandemic Will Affect Enterprise Security in the Future π΄
π Read
via "Dark Reading: ".
While CISOs have been focused on immediate threats, it's time to look ahead to what a post-COVID-19 future will look like.π Read
via "Dark Reading: ".
Dark Reading
3 Ways the Pandemic Will Affect Enterprise Security in the Future
While CISOs have been focused on immediate threats, it's time to look ahead to what a post-COVID-19 future will look like.
π What is Cyber Security? Definition, Best Practices & More π
π Read
via "Subscriber Blog RSS Feed ".
Learn about cyber security, why it's important, and how to get started building a cyber security program in this installment of our Data Protection 101 series.π Read
via "Subscriber Blog RSS Feed ".
Digitalguardian
What is Cyber Security? Definition, Best Practices & Examples
Learn about cyber security, why it's important, and how to get started building a cyber security program in this installment of our Data Protection 101 series.
ATENTIONβΌ New - CVE-2019-4576
π Read
via "National Vulnerability Database".
IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-3588
π Read
via "National Vulnerability Database".
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-3585
π Read
via "National Vulnerability Database".
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.π Read
via "National Vulnerability Database".
π΄ Efficient Security Testing Requires Automation, but Humans Are Needed Too π΄
π Read
via "Dark Reading: ".
An annual survey of penetration testers finds that although machines can quickly find many classes of vulnerabilities, human analysts are still necessary to gauge the severity of discovered issues.π Read
via "Dark Reading: ".
Dark Reading
Efficient Security Testing Requires Automation, but Humans Are Needed Too
An annual survey of penetration testers finds that although machines can quickly find many classes of vulnerabilities, human analysts are still necessary to gauge the severity of discovered issues.
π WhatWeb Scanner 0.5.2 π
π Go!
via "Security Tool Files β Packet Storm".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
WhatWeb Scanner 0.5.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Zeek 3.1.4 π
π Go!
via "Security Tool Files β Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Zeek 3.1.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Asset Management Mess? How to Get Organized π΄
π Read
via "Dark Reading: ".
Hardware and software deployments all over the place due to the pandemic scramble? Here are the essential steps to ensure you can find what you need -- and secure it.π Read
via "Dark Reading: ".
Dark Reading
Asset Management Mess? How to Get Organized
Hardware and software deployments all over the place due to the pandemic scramble? Here are the essential steps to ensure you can find what you need -- and secure it.
ATENTIONβΌ New - CVE-2020-10708
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π΄ Fake COVID-19 Contact-Tracing Apps Infect Android Phones π΄
π Read
via "Dark Reading: ".
Researchers find 12 Android applications disguised as official COVID-19 contact tracing apps installing malware onto devices.π Read
via "Dark Reading: ".
Dark Reading
Fake COVID-19 Contact-Tracing Apps Infect Android Phones
Researchers find 12 Android applications disguised as official COVID-19 contact tracing apps installing malware onto devices.
π΄ The Telehealth Attack Surface π΄
π Read
via "Dark Reading: ".
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.π Read
via "Dark Reading: ".
Dark Reading
The Telehealth Attack Surface
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.
ATENTIONβΌ New - CVE-2020-10755
π Read
via "National Vulnerability Database".
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack projectπ Read
via "National Vulnerability Database".
β Critical Intel Flaws Fixed in Active Management Technology β
π Read
via "Threatpost".
Two critical flaws in Intel AMT, which could enable privilege escalation, were patched along with 20 other bugs in its June security update.π Read
via "Threatpost".
Threat Post
Critical Intel Flaws Fixed in Active Management Technology
Two critical flaws in Intel AMT, which could enable privilege escalation, were patched along with 20 other bugs in its June security update.
π How to better defend your cloud-based environments against cyberattack π
π Read
via "Security on TechRepublic".
A rapid, disorganized shift to the cloud can open the door to data theft, ransomware, malware, and other cyberattacks, says IBM X-Force.π Read
via "Security on TechRepublic".
TechRepublic
How to better defend your cloud-based environments against cyberattack
A rapid, disorganized shift to the cloud can open the door to data theft, ransomware, malware, and other cyberattacks, says IBM X-Force.