π Microsoft warns organizations of consent phishing attacks π
π Read
via "Security on TechRepublic".
In this type of phishing campaign, attackers trick people into giving a malicious app consent to access sensitive data, says Microsoft.π Read
via "Security on TechRepublic".
π΄ Fight Phishing with Intention π΄
π Read
via "Dark Reading: ".
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.π Read
via "Dark Reading: ".
Dark Reading
Fight Phishing with Intention
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
π΄ 56% of Large Companies Handle 1,000+ Security Alerts Each Day π΄
π Read
via "Dark Reading: ".
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.π Read
via "Dark Reading: ".
Dark Reading
56% of Large Companies Handle 1,000+ Security Alerts Each Day - Dark Reading
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.
π Highest-paying tech jobs: Where to find them π
π Read
via "Security on TechRepublic".
Find out what tech jobs and skills are most in-demand and where the positions are located.π Read
via "Security on TechRepublic".
TechRepublic
Highest-paying tech jobs: Where to find them
Find out what tech jobs and skills are most in-demand and where the positions are located.
π How to detect network abuse with Wireshark π
π Read
via "Security on TechRepublic".
With a few quick clicks, you can detect network abuse with Wireshark. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to detect network abuse with Wireshark
With a few quick clicks, you can detect network abuse with Wireshark. Jack Wallen shows you how.
π How expired domain names can redirect you to malicious websites π
π Read
via "Security on TechRepublic".
Pages for inactive domain names can be exploited by cybercriminals to take you to malicious sites, says Kaspersky.π Read
via "Security on TechRepublic".
TechRepublic
How expired domain names can redirect you to malicious websites
Pages for inactive domain names can be exploited by cybercriminals to take you to malicious sites, says Kaspersky.
ATENTIONβΌ New - CVE-2020-10756
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1.π Read
via "National Vulnerability Database".
β Zoom Zero-Day Allows RCE, Patch on the Way β
π Read
via "Threatpost".
Researchers said that the issue is only exploitable on Windows 7 and earlier.π Read
via "Threatpost".
Threat Post
Zoom Zero-Day Allows RCE, Patch on the Way
Researchers said that the issue is only exploitable on Windows 7 and earlier.
π΄ When WAFs Go Wrong π΄
π Read
via "Dark Reading: ".
Web application firewalls are increasingly disappointing enterprises today. Here's why.π Read
via "Dark Reading: ".
Dark Reading
When WAFs Go Wrong
Web application firewalls are increasingly disappointing enterprises today. Here's why.
ATENTIONβΌ New - CVE-2019-17638
π Read
via "National Vulnerability Database".
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).π Read
via "National Vulnerability Database".
β Microsoft Warns on OAuth Attacks Against Cloud App Users β
π Read
via "Threatpost".
Application-based attacks that use the passwordless "log in with..." feature common to cloud services are on the rise.π Read
via "Threatpost".
Threat Post
Microsoft Warns on OAuth Attacks Against Cloud App Users
Application-based attacks that use the passwordless "log in withβ¦" feature common to cloud services are on the rise.
π΄ 'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store π΄
π Read
via "Dark Reading: ".
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.π Read
via "Dark Reading: ".
Dark Reading
'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.
π΄ Omdia Research Launches Page On Dark Reading π΄
π Read
via "Dark Reading: ".
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.π Read
via "Dark Reading: ".
Dark Reading
Omdia Research Launches Page On Dark Reading
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
π΄ Up Close with Evilnum, the APT Group Behind the Malware π΄
π Read
via "Dark Reading: ".
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.π Read
via "Dark Reading: ".
Dark Reading
Up Close with Evilnum, the APT Group Behind the Malware
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
π΄ Huge DDoS Attack Launched Against Cloudflare in Late June π΄
π Read
via "Dark Reading: ".
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.π Read
via "Dark Reading: ".
Dark Reading
Huge DDoS Attack Launched Against Cloudflare in Late June
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
π TOR Virtual Network Tunneling Tool 0.4.3.6 π
π Go!
via "Security Tool Files β Packet Storm".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.3.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition π΄
π Read
via "Dark Reading: ".
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.π Read
via "Dark Reading: ".
Dark Reading
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
π΄ Black Hat USA Debuts Cyber-Physical Systems Briefings Track π΄
π Read
via "Dark Reading: ".
Discover how to defend systems where computers monitor, manage, and control a physical process.π Read
via "Dark Reading: ".
Dark Reading
Black Hat USA Debuts Cyber-Physical Systems Briefings Track
Discover how to defend systems where computers monitor, manage, and control a physical process.
β Report: Most Popular Home Routers Have βCriticalβ Flaws β
π Read
via "Threatpost".
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates donβt fix.π Read
via "Threatpost".
Threat Post
Report: Most Popular Home Routers Have βCriticalβ Flaws
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates donβt fix.
π΄ 4 Security Tips as the July 15 Tax-Day Extension Draws Near π΄
π Read
via "Dark Reading: ".
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.π Read
via "Dark Reading: ".
Dark Reading
4 Security Tips as the July 15 Tax-Day Extension Draws Near
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.