β Zoom Zero-Day Allows RCE, Patch on the Way β
π Read
via "Threatpost".
Researchers said that the issue is only exploitable on Windows 7 and earlier.π Read
via "Threatpost".
Threat Post
Zoom Zero-Day Allows RCE, Patch on the Way
Researchers said that the issue is only exploitable on Windows 7 and earlier.
π΄ When WAFs Go Wrong π΄
π Read
via "Dark Reading: ".
Web application firewalls are increasingly disappointing enterprises today. Here's why.π Read
via "Dark Reading: ".
Dark Reading
When WAFs Go Wrong
Web application firewalls are increasingly disappointing enterprises today. Here's why.
ATENTIONβΌ New - CVE-2019-17638
π Read
via "National Vulnerability Database".
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).π Read
via "National Vulnerability Database".
β Microsoft Warns on OAuth Attacks Against Cloud App Users β
π Read
via "Threatpost".
Application-based attacks that use the passwordless "log in with..." feature common to cloud services are on the rise.π Read
via "Threatpost".
Threat Post
Microsoft Warns on OAuth Attacks Against Cloud App Users
Application-based attacks that use the passwordless "log in withβ¦" feature common to cloud services are on the rise.
π΄ 'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store π΄
π Read
via "Dark Reading: ".
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.π Read
via "Dark Reading: ".
Dark Reading
'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.
π΄ Omdia Research Launches Page On Dark Reading π΄
π Read
via "Dark Reading: ".
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.π Read
via "Dark Reading: ".
Dark Reading
Omdia Research Launches Page On Dark Reading
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
π΄ Up Close with Evilnum, the APT Group Behind the Malware π΄
π Read
via "Dark Reading: ".
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.π Read
via "Dark Reading: ".
Dark Reading
Up Close with Evilnum, the APT Group Behind the Malware
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
π΄ Huge DDoS Attack Launched Against Cloudflare in Late June π΄
π Read
via "Dark Reading: ".
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.π Read
via "Dark Reading: ".
Dark Reading
Huge DDoS Attack Launched Against Cloudflare in Late June
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
π TOR Virtual Network Tunneling Tool 0.4.3.6 π
π Go!
via "Security Tool Files β Packet Storm".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.3.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition π΄
π Read
via "Dark Reading: ".
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.π Read
via "Dark Reading: ".
Dark Reading
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
π΄ Black Hat USA Debuts Cyber-Physical Systems Briefings Track π΄
π Read
via "Dark Reading: ".
Discover how to defend systems where computers monitor, manage, and control a physical process.π Read
via "Dark Reading: ".
Dark Reading
Black Hat USA Debuts Cyber-Physical Systems Briefings Track
Discover how to defend systems where computers monitor, manage, and control a physical process.
β Report: Most Popular Home Routers Have βCriticalβ Flaws β
π Read
via "Threatpost".
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates donβt fix.π Read
via "Threatpost".
Threat Post
Report: Most Popular Home Routers Have βCriticalβ Flaws
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates donβt fix.
π΄ 4 Security Tips as the July 15 Tax-Day Extension Draws Near π΄
π Read
via "Dark Reading: ".
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.π Read
via "Dark Reading: ".
Dark Reading
4 Security Tips as the July 15 Tax-Day Extension Draws Near
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
π Software-defined perimeters may be the solution to remote work security concerns π
π Read
via "Security on TechRepublic".
The massive remote work shift due to COVID-19 has increased interest in SDPs, with 70% of respondents polled for a new report saying they're now considering adopting one in the coming year.π Read
via "Security on TechRepublic".
TechRepublic
Software-defined perimeters may be the solution to remote work security concerns
The massive remote work shift due to COVID-19 has increased interest in SDPs, with 70% of respondents polled for a new report saying they're now considering adopting one in the coming year.
π Sifter 8 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ As Offices Reopen, Hardware from Home Threatens Security π΄
π Read
via "Dark Reading: ".
Devices out of sight for the past several months could spell trouble when employees bring them back to work.π Read
via "Dark Reading: ".
Dark Reading
As Offices Reopen, Hardware from Home Threatens Security
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
π΄ Zoom Patches Zero-Day Vulnerability in Windows 7 π΄
π Read
via "Dark Reading: ".
The flaw also affects older versions of the operating system, even if they're fully patched.π Read
via "Dark Reading: ".
Darkreading
Zoom Patches Zero-Day Vulnerability in Windows 7
The flaw also affects older versions of the operating system, even if they're fully patched.
ATENTIONβΌ New - CVE-2013-1703
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-0802
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-6492
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none.π Read
via "National Vulnerability Database".