β Critical DNS Bug Opens Windows Servers to Infrastructure Takeover β
π Read
via "Threatpost".
Microsoft gives the βwormableβ flaw a security rating of 10 β the most severe warning possible.π Read
via "Threatpost".
Threat Post
Critical DNS Bug Opens Windows Servers to Infrastructure Hijacking
Microsoft gives the βwormableβ flaw a security rating of 10 β the most severe warning possible.
π Data breaches decline 33% in the first half of 2020 π
π Read
via "Security on TechRepublic".
The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.π Read
via "Security on TechRepublic".
TechRepublic
Data breaches decline 33% in the first half of 2020
The Identity Theft Resource Center projects 2020 is on pace to see the lowest number of breaches and exposures since 2015.
ATENTIONβΌ New - CVE-2019-15886
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-15885
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-15884
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-15883
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-15882
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-15881
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
π How to use NGINX as a reverse proxy π
π Read
via "Security on TechRepublic".
A reverse proxy can do wonders for your network and its security. Learn how to configure NGINX to serve this very purpose.π Read
via "Security on TechRepublic".
TechRepublic
How to use NGINX as a reverse proxy - TechRepublic
A reverse proxy can do wonders for your network and its security. Learn how to configure NGINX to serve this very purpose.
β Microsoft Tackles 123 Fixes for July Patch Tuesday β
π Read
via "Threatpost".
Eighteen critical bugs, impacting Windows Server, Office and Outlook, were fixed as part of the patch roundup.π Read
via "Threatpost".
Threat Post
Microsoft Tackles 123 Fixes for July Patch Tuesday
Eighteen critical bugs, impacting Windows Server, Office and Outlook, were fixed as part of the patch roundup.
π΄ Microsoft Patches Wormable RCE Flaw in Windows DNS Servers π΄
π Read
via "Dark Reading: ".
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ DevSecOps Requires a Different Approach to Security π΄
π Read
via "Dark Reading: ".
Breaking applications into microservices means more difficulty in gaining good visibility into runtime security and performance issues, says startup Traceable.π Read
via "Dark Reading: ".
Dark Reading
DevSecOps Requires a Different Approach to Security
Breaking applications into microservices means more difficulty in gaining good visibility into runtime security and performance issues, says startup Traceable.
ATENTIONβΌ New - CVE-2019-12784
π Read
via "National Vulnerability Database".
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12783
π Read
via "National Vulnerability Database".
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12773
π Read
via "National Vulnerability Database".
An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.π Read
via "National Vulnerability Database".
β The TLS 1.2 Deadline is Looming, Do You Have Your Act Together? β
π Read
via "Threatpost".
Sectors such as Education (47%), Energy (40%), and Public Administration (37%) have struggled to implement TLS 1.2 protocolsπ Read
via "Threatpost".
Threat Post
The TLS 1.2 Deadline is Looming, Do You Have Your Act Together?
Sectors such as Education (47%), Energy (40%), and Public Administration (37%) have struggled to implement TLS 1.2 protocols
π΄ Stay on the Cutting Edge of Mobile Security π΄
π Read
via "Dark Reading: ".
Here are some of the mobile-focused Briefings, Trainings, and Arsenal tools that will be explored at Black Hat USA.π Read
via "Dark Reading: ".
Dark Reading
Stay on the Cutting Edge of Mobile Security
Here are some of the mobile-focused Briefings, Trainings, and Arsenal tools that will be explored at Black Hat USA.
π΄ Top 5 Questions (and Answers) About GRC Technology π΄
π Read
via "Dark Reading: ".
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.π Read
via "Dark Reading: ".
Dark Reading
Top 5 Questions (and Answers) About GRC Technology
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
β Brazilβs Banking Trojans Go Global β
π Read
via "Threatpost".
Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S.π Read
via "Threatpost".
Threat Post
Brazilβs Banking Trojans Go Global
Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S.
β Patch now! SIGRED β the wormable hole in your Windows servers β
π Read
via "Naked Security".
The bug can definitely crash your Windows DNS servers, and it could end up being used for much worse than that. Please patch now!π Read
via "Naked Security".
Naked Security
Patch now! SIGRED β the wormable hole in your Windows servers
The bug can definitely crash your Windows DNS servers, and it could end up being used for much worse than that. Please patch now!
π Microsoft patches critical 17-year-old DNS bug in Windows Server π
π Read
via "Security on TechRepublic".
The bug has been deemed "wormable," which means a single exploit could spread from one unpatched server to another.π Read
via "Security on TechRepublic".