π΄ 7 Tips for Effective Deception π΄
π Read
via "Dark Reading: ".
The right decoys can frustrate attackers and help detect threats more quickly.π Read
via "Dark Reading: ".
Dark Reading
7 Tips for Effective Deception
The right decoys can frustrate attackers and help detect threats more quickly.
π΄ Criminals Turn to IM Platforms to Avoid Law Enforcement Scrutiny π΄
π Read
via "Dark Reading: ".
Researchers from IntSights observed a sharp increase in the use of popular instant messaging apps over the past year among threat groups.π Read
via "Dark Reading: ".
Dark Reading
Criminals Turn to IM Platforms to Avoid Law Enforcement Scrutiny
Researchers from IntSights observed a sharp increase in the use of popular instant messaging apps over the past year among threat groups.
ATENTIONβΌ New - CVE-2020-10379
π Read
via "National Vulnerability Database".
In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Overflows in libImaging/TiffDecode.c.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10378
π Read
via "National Vulnerability Database".
In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10177
π Read
via "National Vulnerability Database".
Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds reads in libImaging/FliDecode.c.π Read
via "National Vulnerability Database".
π How to use NGINX as a reverse proxy π
π Read
via "Security on TechRepublic".
A reverse proxy can do wonders for your network and its security. Learn how to configure NGINX to serve this very purpose.π Read
via "Security on TechRepublic".
TechRepublic
How to use NGINX as a reverse proxy
A reverse proxy can do wonders for your network and its security. Learn how to configure NGINX to serve this very purpose.
ATENTIONβΌ New - CVE-2019-19506
π Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19505
π Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-16213
π Read
via "National Vulnerability Database".
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.π Read
via "National Vulnerability Database".
β REvil gang threaten to auction celebrity data from Mariah Carey, Lebron James, MTV and more β
π Read
via "Naked Security".
The ransomware gang is threatening to auction celebrities' legal documents stolen from the law firm it paralyzed in May.π Read
via "Naked Security".
Naked Security
REvil gang threaten to auction celebrity data from Mariah Carey, Lebron James, MTV and more
The ransomware gang is threatening to auction celebritiesβ legal documents stolen from the law firm it paralyzed in May.
β Fancy hacking a PlayStation? Sony announces its bug bounty program β
π Read
via "Naked Security".
Got a PS4? Like to hack?π Read
via "Naked Security".
Naked Security
Fancy hacking a PlayStation? Sony announces its bug bounty program
Got a PS4? Like to hack?
β TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior β
π Read
via "Threatpost".
App will stop reading usersβ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity.π Read
via "Threatpost".
Threat Post
TikTok To Stop Clipboard Snooping After Apple Privacy Feature Exposes Behavior
App will stop reading usersβ device cut-and-paste data after a new banner alert in an Apple update uncovered the activity.
π΄ Good Cyber Hygiene in a Post-Pandemic World Starts with Us π΄
π Read
via "Dark Reading: ".
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.π Read
via "Dark Reading: ".
Dark Reading
Good Cyber Hygiene in a Post-Pandemic World Starts with Us
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
π΄ SOC Wins & Losses π΄
π Read
via "Dark Reading: ".
While the security operations center is enjoying a higher profile these days, just one-fourth of security operations centers actually resolve incidents quickly enough.π Read
via "Dark Reading: ".
Dark Reading
SOC Wins & Losses
While the security operations center is enjoying a higher profile these days, just one-fourth of security operations centers actually resolve incidents quickly enough.
β Satori Botnet Creator Sentenced to 13 Months in Prison β
π Read
via "Threatpost".
The creator of the Satori/Okiru, Masuta and Tsunami/Fbot botnets has been sentenced to prison for compromising hundreds of thousands of devices.π Read
via "Threatpost".
Threat Post
Satori Botnet Creator Sentenced to 13 Months in Prison
The creator of the Satori/Okiru, Masuta and Tsunami/Fbot botnets has been sentenced to prison for compromising hundreds of thousands of devices.
π΄ 5 New InfoSec Job Training Trends: What We're Studying During COVID-19 π΄
π Read
via "Dark Reading: ".
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?π Read
via "Dark Reading: ".
Dark Reading
5 New InfoSec Job Training Trends: What We're Studying During COVID-19
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?
π Friday Five: 6/26 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Files from hundreds of police departments are leaked, FBI issues a security warning to K12 schools, and more - catch up on all the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 6/26 Edition
Files from hundreds of police departments are leaked, FBI issues a security warning to K12 schools, and more - catch up on all the week's news with the Friday Five.
ATENTIONβΌ New - CVE-2019-4650
π Read
via "National Vulnerability Database".
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.π Read
via "National Vulnerability Database".
π΄ Major US Companies Targeted in New Ransomware Campaign π΄
π Read
via "Dark Reading: ".
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.π Read
via "Dark Reading: ".
Dark Reading
Major US Companies Targeted in New Ransomware Campaign
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.
π Congress proposes ban on government use of facial recognition software π
π Read
via "Security on TechRepublic".
The Facial Recognition and Biometric Technology Moratorium Act would explicitly ban police from using the technology.π Read
via "Security on TechRepublic".
TechRepublic
Congress proposes ban on government use of facial recognition software
The Facial Recognition and Biometric Technology Moratorium Act would explicitly ban police from using the technology.
β βCardplanetβ Operator Sentenced to 9 Years for Selling Stolen Credit Cards β
π Read
via "Threatpost".
The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.π Read
via "Threatpost".
Threat Post
βCardplanetβ Operator Sentenced to 9 Years for Selling Stolen Credit Cards
The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.