π΄ 6 Tips for Getting the Most From Nessus π΄
π Read
via "Dark Reading: ".
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help you get started.π Read
via "Dark Reading: ".
Dark Reading
6 Tips for Getting the Most from Nessus
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help you get started.
π Joker billing fraud malware eluded Google Play security to infect Android devices π
π Read
via "Security on TechRepublic".
A new variant targeted Android users to subscribe them to premium services without their consent, according to Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Joker billing fraud malware eluded Google Play security to infect Android devices
A new variant targeted Android users to subscribe them to premium services without their consent, according to Check Point Research.
π GNU Privacy Guard 2.2.21 π
π Go!
via "Security Tool Files β Packet Storm".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
GNU Privacy Guard 2.2.21 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2020-12408
π Read
via "National Vulnerability Database".
When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox < 77.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12407
π Read
via "National Vulnerability Database".
Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12406
π Read
via "National Vulnerability Database".
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12405
π Read
via "National Vulnerability Database".
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12404
π Read
via "National Vulnerability Database".
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12402
π Read
via "National Vulnerability Database".
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12399
π Read
via "National Vulnerability Database".
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12398
π Read
via "National Vulnerability Database".
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11992
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10096
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-12371
π Read
via "National Vulnerability Database".
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.π Read
via "National Vulnerability Database".
β Joker Android Malware Dupes Its Way Back Onto Google Play β
π Read
via "Threatpost".
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.π Read
via "Threatpost".
Threat Post
Joker Android Malware Dupes Its Way Back Onto Google Play
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.
π΄ Name That Toon: Tough Times, Tough Measures π΄
π Read
via "Dark Reading: ".
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading: ".
Dark Reading
Name That Toon: Tough Times, Tough Measures - Dark Reading
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
π 2,500 of FBI's Counterintelligence Cases Linked to China π
π Read
via "Subscriber Blog RSS Feed ".
The Federal Bureau of Investigationβs Director Christopher Wray discussed the Chinese Communist Party's vast influence on U.S. intellectual property, the financial sector, and democracy in a talk this week.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
2,500 of FBI's Counterintelligence Cases Linked to China
The Federal Bureau of Investigationβs Director Christopher Wray discussed the Chinese Communist Party's vast influence on U.S. intellectual property, the financial sector, and democracy in a talk this week.
π How to enable Canonical Livepatch from the command line π
π Read
via "Security on TechRepublic".
If you have Ubuntu Servers in your data center, you should consider adding Canonical Livepatch to keep them up to date with kernel security patches.π Read
via "Security on TechRepublic".
TechRepublic
How to enable Canonical Livepatch from the command line
If you have Ubuntu Servers in your data center, you should consider adding Canonical Livepatch to keep them up to date with kernel security patches.
π Microsoft warns organizations of consent phishing attacks π
π Read
via "Security on TechRepublic".
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.π Read
via "Security on TechRepublic".
π΄ Fight Phishing with Intention π΄
π Read
via "Dark Reading: ".
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.π Read
via "Dark Reading: ".
Dark Reading
Fight Phishing with Intention
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
π΄ 56% of Large Companies Handle 1,000+ Security Alerts Each Day π΄
π Read
via "Dark Reading: ".
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.π Read
via "Dark Reading: ".
Dark Reading
56% of Large Companies Handle 1,000+ Security Alerts Each Day - Dark Reading
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.