ATENTIONβΌ New - CVE-2019-12784
π Read
via "National Vulnerability Database".
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12783
π Read
via "National Vulnerability Database".
An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-12773
π Read
via "National Vulnerability Database".
An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_popup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this product is installed, given the attacker can convince a victim to visit a crafted link.π Read
via "National Vulnerability Database".
β The TLS 1.2 Deadline is Looming, Do You Have Your Act Together? β
π Read
via "Threatpost".
Sectors such as Education (47%), Energy (40%), and Public Administration (37%) have struggled to implement TLS 1.2 protocolsπ Read
via "Threatpost".
Threat Post
The TLS 1.2 Deadline is Looming, Do You Have Your Act Together?
Sectors such as Education (47%), Energy (40%), and Public Administration (37%) have struggled to implement TLS 1.2 protocols
π΄ Stay on the Cutting Edge of Mobile Security π΄
π Read
via "Dark Reading: ".
Here are some of the mobile-focused Briefings, Trainings, and Arsenal tools that will be explored at Black Hat USA.π Read
via "Dark Reading: ".
Dark Reading
Stay on the Cutting Edge of Mobile Security
Here are some of the mobile-focused Briefings, Trainings, and Arsenal tools that will be explored at Black Hat USA.
π΄ Top 5 Questions (and Answers) About GRC Technology π΄
π Read
via "Dark Reading: ".
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.π Read
via "Dark Reading: ".
Dark Reading
Top 5 Questions (and Answers) About GRC Technology
For the first time in a long time, we must shift from managing localized risks against a landscape of economic growth to managing those issues under much less certain circumstances.
β Brazilβs Banking Trojans Go Global β
π Read
via "Threatpost".
Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S.π Read
via "Threatpost".
Threat Post
Brazilβs Banking Trojans Go Global
Four sophisticated malware families are ramping up their techniques and actively spreading to new countries, including the U.S.
β Patch now! SIGRED β the wormable hole in your Windows servers β
π Read
via "Naked Security".
The bug can definitely crash your Windows DNS servers, and it could end up being used for much worse than that. Please patch now!π Read
via "Naked Security".
Naked Security
Patch now! SIGRED β the wormable hole in your Windows servers
The bug can definitely crash your Windows DNS servers, and it could end up being used for much worse than that. Please patch now!
π Microsoft patches critical 17-year-old DNS bug in Windows Server π
π Read
via "Security on TechRepublic".
The bug has been deemed "wormable," which means a single exploit could spread from one unpatched server to another.π Read
via "Security on TechRepublic".
π΄ How Nanotechnology Will Disrupt Cybersecurity π΄
π Read
via "Dark Reading: ".
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.π Read
via "Dark Reading: ".
Dark Reading
How Nanotechnology Will Disrupt Cybersecurity
Tangible solutions related to cryptography, intelligent threat detection and consumer security are closer than you think.
π What is CSPM (Cloud Security Posture Management)? π
π Read
via "Subscriber Blog RSS Feed ".
Modern businesses are moving their data to the cloud, and for good reason. But as cloud platform services see an increase in use, there has been an explosion in the number of unmanaged risks in the mission-critical digital industry. This is where Cloud Security Posture Management (CSPM) comes into play.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
What is CSPM (Cloud Security Posture Management)?
Modern businesses are moving their data to the cloud, and for good reason. But as cloud platform services see an increase in use, there has been an explosion in the number of unmanaged risks in the mission-critical digital industry. This is where Cloud Securityβ¦
π΄ Vulns in Open Source EHR Puts Patient Health Data at Risk π΄
π Read
via "Dark Reading: ".
Five high-risk flaws in health IT software from LibreHealth, a researcher at Bishop Fox finds.π Read
via "Dark Reading: ".
Dark Reading
Vulns in Open Source EHR Puts Patient Health Data at Risk
Five high-risk flaws in health IT software from LibreHealth, a researcher at Bishop Fox finds.
π΄ 'Patch ASAP': Cisco Issues Updates for Routers, VPN Firewall π΄
π Read
via "Dark Reading: ".
Cisco issues five critical security patches among a batch of some 31 updates.π Read
via "Dark Reading: ".
Dark Reading
'Patch ASAP': Cisco Issues Updates for Routers, VPN Firewall
Cisco issues five critical security patches among a batch of some 31 updates.
π΄ Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems π΄
π Read
via "Dark Reading: ".
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.π Read
via "Dark Reading: ".
Dark Reading
Puzzles and Riddles Help InfoSec Pros Solve Real-World Problems
A researcher shares the unexpected lessons learned in years of creating puzzles and riddles for his cybersecurity colleagues.
π΄ New Attack Technique Uses Misconfigured Docker API π΄
π Read
via "Dark Reading: ".
A new technique builds and deploys an attack on the victim's own systemπ Read
via "Dark Reading: ".
Dark Reading
New Attack Technique Uses Misconfigured Docker API
A new technique builds and deploys an attack on the victim's own system
π Ransomware accounts for a third of all cyberattacks against organizations π
π Read
via "Security on TechRepublic".
Government agencies were most heavily hit by ransomware during the first quarter, says Positive Technologies.π Read
via "Security on TechRepublic".
TechRepublic
Ransomware accounts for a third of all cyberattacks against organizations
Government agencies were most heavily hit by ransomware during the first quarter, says Positive Technologies.
π΄ Cryptocurrency Scam Spreads Across High-Profile Twitter Accounts π΄
π Read
via "Dark Reading: ".
Twitter accounts belonging to former president Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and Bill Gates are among those hijacked in a massive cryptocurrency scam.π Read
via "Dark Reading: ".
Dark Reading
Cryptocurrency Scam Spreads Across High-Profile Twitter Accounts
Twitter accounts belonging to former president Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, and Bill Gates are among those hijacked in a massive cryptocurrency scam.
π Twitter accounts of Elon Musk, Bill Gates and others hijacked to promote crypto scam π
π Read
via "Security on TechRepublic".
The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address.π Read
via "Security on TechRepublic".
TechRepublic
Twitter accounts of Elon Musk, Bill Gates and others hijacked to promote crypto scam
The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam, asking followers to send money to a blockchain address.
β Twitter Elite Accounts Are Hijacked in Unprecedented Cryptocurrency Scam β
π Read
via "Threatpost".
The Twitter accounts of Gates, Musk, Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts.π Read
via "Threatpost".
Threat Post
Twitter Confirms it Was Hacked in an Unprecedented Cryptocurrency Scam
The Twitter accounts of Bill Gates, Elon Musk, Joe Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts.
β Twitter limits tweeting as prominent accounts spam out cryptocoin scams β
π Read
via "Naked Security".
Twitter is investigating a rash of fraudulent tweets from prominent accounts - don't fall for these scams!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β LokiBot Redux Attacks Massive List of Common Android Apps β
π Read
via "Threatpost".
BlackRock, based on the Xerxes source code, can steal info not only from financial apps but also TikTok, Tinder, Instagram, Uber and many others.π Read
via "Threatpost".
Threat Post
LokiBot Redux Attacks Massive List of Common Android Apps
BlackRock, based on the Xerxes source code, can steal info not only from financial apps but also TikTok, Tinder, Instagram, Uber and many others.