π΄ Good Cyber Hygiene in a Pandemic-Driven World Starts with Us π΄
π Read
via "Dark Reading: ".
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.π Read
via "Dark Reading: ".
Dark Reading
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
π Sifter 7.5 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 7.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Haveged 1.9.13 π
π Go!
via "Security Tool Files β Packet Storm".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Haveged 1.9.13 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2019-19160
π Read
via "National Vulnerability Database".
Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18256
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18254
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18252
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18248
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the productΓ’β¬β’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18246
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure.π Read
via "National Vulnerability Database".
β Unpatched Wi-Fi Extender Opens Home Networks to Remote Control β
π Read
via "Threatpost".
The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.π Read
via "Threatpost".
Threat Post
Unpatched Wi-Fi Extender Opens Home Networks to Remote Control
The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.
β AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals β
π Read
via "Threatpost".
Comparitechβs Paul Bischoff found that Amazonβs facial recognition platform misidentified an alarming number of people, and was racially biased.π Read
via "Threatpost".
Threat Post
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Comparitechβs Paul Bischoff found that Amazonβs facial recognition platform misidentified an alarming number of people, and was racially biased.
π ID theft: Fake Google alerts are now delivering malware π
π Read
via "Security on TechRepublic".
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.π Read
via "Security on TechRepublic".
TechRepublic
ID theft: Fake Google alerts are now delivering malware
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.
π ID theft: Fake Google alerts are now delivering malware π
π Read
via "Security on TechRepublic".
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.π Read
via "Security on TechRepublic".
TechRepublic
ID theft: Fake Google alerts are now delivering malware
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.
β Tuesdayβs Magento 1 EOL Leaves Clock Ticking on 100K Online Stores β
π Read
via "Threatpost".
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.π Read
via "Threatpost".
Threat Post
Tuesdayβs Magento 1 EOL Leaves Clock Ticking on 100K Online Stores
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.
π΄ Files Stolen from 945 Websites Discovered on Dark Web π΄
π Read
via "Dark Reading: ".
Researchers who found the archived SQL files estimate up to 14 million people could be affected.π Read
via "Dark Reading: ".
Dark Reading
Files Stolen from 945 Websites Discovered on Dark Web
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
π 2020 sees rise in invoice and payment fraud BEC attacks π
π Read
via "Security on TechRepublic".
Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.π Read
via "Security on TechRepublic".
TechRepublic
2020 sees rise in invoice and payment fraud BEC attacks
Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.
π Email Error Leads to Exposed PHI of 11,500 Patients π
π Read
via "Subscriber Blog RSS Feed ".
A health plan recently disclosed a data breach of 11,500 patients that was triggered by an email mistake.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Email Error Leads to Exposed PHI of 11,500 Patients
A health plan recently disclosed a data breach of 11,500 patients that was triggered by an email mistake.
π Why everyone should care about disinformation campaigns π
π Read
via "Security on TechRepublic".
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.π Read
via "Security on TechRepublic".
TechRepublic
Why everyone should care about disinformation campaigns
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.
π Why everyone should care about disinformation campaigns π
π Read
via "Security on TechRepublic".
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.π Read
via "Security on TechRepublic".
TechRepublic
Why everyone should care about disinformation campaigns
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.
ATENTIONβΌ New - CVE-2018-6446
π Read
via "National Vulnerability Database".
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.π Read
via "National Vulnerability Database".
β REvil Ransomware Gang Adds Auction Feature for Stolen Data β
π Read
via "Threatpost".
An anonymous bidding mechanism enhances the REvil group's double-extortion game.π Read
via "Threatpost".
Threat Post
REvil Ransomware Gang Adds Auction Feature for Stolen Data
An anonymous bidding mechanism enhances the REvil group's double-extortion game.