ATENTIONβΌ New - CVE-2019-20897
π Read
via "National Vulnerability Database".
The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.π Read
via "National Vulnerability Database".
β Monday review β the hot stories of the week β
π Read
via "Naked Security".
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot stories of the week
Get yourself up to date with everything we've written in the last seven days β it's weekly roundup time.
β How CARTA Strategies for Web Applications are Met with Indusface AppTrana Solution β
π Read
via "Threatpost".
From an operational standpoint, the foundation of CARTA starts with an assessment and then building the zero-trust principles on top of that with an adaptive security model.π Read
via "Threatpost".
Threat Post
How CARTA Strategies for Web Applications are Met with Indusface AppTrana Solution
From an operational standpoint, the foundation of CARTA starts with an assessment and then building the zero-trust principles on top of that.
β A βNew Ageβ of Sophisticated Business Email Compromise is Coming β
π Read
via "Threatpost".
A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.π Read
via "Threatpost".
Threat Post
A βNew Ageβ of Sophisticated Business Email Compromise is Coming
A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.
π΄ Learn About the Latest Election Security Threats and Defenses at Black Hat USA π΄
π Read
via "Dark Reading: ".
Christopher Krebs, director of the CISA, will explain how the organization is leading the federal effort to support state and local officials in their mission to secure US elections this year.π Read
via "Dark Reading: ".
Dark Reading
Learn About the Latest Election Security Threats and Defenses at Black Hat USA
Christopher Krebs, director of the CISA, will explain how the organization is leading the federal effort to support state and local officials in their mission to secure US elections this year.
β The Enemy Within: How Insider Threats Are Changing β
π Read
via "Threatpost".
Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.π Read
via "Threatpost".
Threat Post
The Enemy Within: How Insider Threats Are Changing
Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.
π΄ Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines π΄
π Read
via "Dark Reading: ".
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.π Read
via "Dark Reading: ".
Dark Reading
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
β Digicert revokes a raft of web security certificates β
π Read
via "Naked Security".
The good news is that this was a bureaucratic necessity rather than an actual cybersecurity attack.π Read
via "Naked Security".
Naked Security
Digicert revokes a raft of web security certificates
The good news is that this was a bureaucratic necessity rather than an actual cybersecurity attack.
β Secret Service Creates Cyber Fraud Task Forces β
π Read
via "Threatpost".
Traditional financial crime and cyberattacks are converging, requiring new skills and approaches to the problem, officials said.π Read
via "Threatpost".
Threat Post
Secret Service Creates Cyber Fraud Task Forces
Traditional financial crime and cyberattacks are converging, requiring new skills and approaches to the problem, officials said.
π΄ Experts Predict Rise of Data Theft in Ransomware Attacks π΄
π Read
via "Dark Reading: ".
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.π Read
via "Dark Reading: ".
Dark Reading
Experts Predict Rise of Data Theft in Ransomware Attacks
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.
ATENTIONβΌ New - CVE-2019-19338
π Read
via "National Vulnerability Database".
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.π Read
via "National Vulnerability Database".
π Sifter 8.2 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 8.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β TrickBot Sample Accidentally Warns Victims Theyβre Infected β
π Read
via "Threatpost".
A data-stealing module in a recent sandboxed sample triggers browser-based fraud alerts for Trickbot victims -- and shows something of the inner working of the malware's operators.π Read
via "Threatpost".
Threat Post
TrickBot Sample Accidentally Warns Victims Theyβre Infected
A data-stealing module in a recent sandboxed sample triggers browser-based fraud alerts for Trickbot victims β and shows something of the inner working of the malware's operators.
π΄ Russian Hacker Convicted for Social Network Hacks π΄
π Read
via "Dark Reading: ".
The Russian national was convicted of hacking into accounts at LinkedIn, Dropbox, and Formspring.π Read
via "Dark Reading: ".
Dark Reading
Russian Hacker Convicted for Social Network Hacks
The Russian national was convicted of hacking into accounts at LinkedIn, Dropbox, and Formspring.
π΄ Lost in Translation: Serious Flaws Found in ICS Protocol Gateways π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.
π΄ Zero-Trust Efforts Rise with the Tide of Remote Working π΄
π Read
via "Dark Reading: ".
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.π Read
via "Dark Reading: ".
Dark Reading
Zero-Trust Efforts Rise with the Tide of Remote Working
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
β Critical SAP Bug Allows Full Enterprise System Takeover β
π Read
via "Threatpost".
Exploitation of the bug can allow an attacker to lift sensitive information, delete files, execute code, carry out sabotage and more.π Read
via "Threatpost".
Threat Post
Critical SAP Bug Allows Full Enterprise System Takeover
Exploitation of the bug can allow an attacker to lift sensitive information, delete files, execute code, carry out sabotage and more.
π΄ 99% of Websites at Risk of Attack Via JavaScript Plug-ins π΄
π Read
via "Dark Reading: ".
The average website includes content from 32 different third-party JavaScript programs, new study finds.π Read
via "Dark Reading: ".
Dark Reading
99% of Websites at Risk of Attack Via JavaScript Plug-ins
The average website includes content from 32 different third-party JavaScript programs, new study finds.
π New Google Cloud tech gives users control of data confidentiality π
π Read
via "Security on TechRepublic".
Confidential computing encrypts data in use as it's being processed and keeps that data encrypted in memory and elsewhere outside the CPU.π Read
via "Security on TechRepublic".
TechRepublic
New Google Cloud tech gives users control of data confidentiality
Confidential computing encrypts data in use as it's being processed and keeps that data encrypted in memory and elsewhere outside the CPU.
β Leaked Details of 142 Million MGM Hotel Guests Found for Sale on Dark Web β
π Read
via "Threatpost".
Last summerβs data leak at the hotel chain appears to be far more expansive than previously thought -- or the credentials could come from a hack of DataViper.π Read
via "Threatpost".
Threat Post
Leaked Details of 142 Million MGM Hotel Guests Found for Sale on Dark Web
Last summerβs data leak at the hotel chain appears to be far more expansive than previously thought β or the credentials could come from a hack of DataViper.