ATENTIONβΌ New - CVE-2019-20912
π Read
via "National Vulnerability Database".
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20911
π Read
via "National Vulnerability Database".
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20910
π Read
via "National Vulnerability Database".
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20909
π Read
via "National Vulnerability Database".
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.π Read
via "National Vulnerability Database".
β Enterprise Data Security: Itβs Time to Flip the Established Approach β
π Read
via "Threatpost".
Companies should forget about auditing where data resides and who has access to it.π Read
via "Threatpost".
Threat Post
Enterprise Data Security: Itβs Time to Flip the Established Approach
Companies should forget about auditing where data resides and who has access to it.
π΄ Major Flaws Open the Edge to Attack π΄
π Read
via "Dark Reading: ".
Attackers are using critical exploits for flaws in VPN appliances, app-delivery services, and other network-edge hardware and software to punch through corporate perimeters. What can companies do?π Read
via "Dark Reading: ".
Dark Reading
Major Flaws Open the Edge to Attack
Attackers are using critical exploits for flaws in VPN appliances, app-delivery services, and other network-edge hardware and software to punch through corporate perimeters. What can companies do?
π΄ 8 Signs of a Smartphone Hack π΄
π Read
via "Dark Reading: ".
A rapidly dwindling battery life or sudden spike in data usage could indicate your iOS or Android device has been compromised.π Read
via "Dark Reading: ".
Dark Reading
8 Signs of a Smartphone Hack
A rapidly dwindling battery life or sudden spike in data usage could indicate your iOS or Android device has been compromised.
π CISOs discuss cybersecurity in the COVID-19 environment π
π Read
via "Security on TechRepublic".
A digital panel discussion sponsored by MIT's Sloan CIO Digital Learning Series covered a range of topics from protecting remote workers to phishing to how to manage risk.π Read
via "Security on TechRepublic".
TechRepublic
CISOs discuss cybersecurity in the COVID-19 environment
A digital panel discussion sponsored by MIT's Sloan CIO Digital Learning Series covered a range of topics from protecting remote workers to phishing to how to manage risk.
β Appleβs latest updates are out for iPhones and Macs β get them now! β
π Read
via "Naked Security".
None of Apple's bugs have nicknames like Microsoft's recent "SIGRed" - but there are nevertheless kernel-level code holes to be patched...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π How to install Malware Information Sharing Platform on Ubuntu Server 18.04 π
π Read
via "Security on TechRepublic".
If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.π Read
via "Security on TechRepublic".
TechRepublic
How to install Malware Information Sharing Platform on Ubuntu Server 18.04
If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool.
β CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug β
π Read
via "Threatpost".
An emergency directive orders some federal agencies to apply Microsoftβs patch for a critical DNS vulnerability by Friday, July 17 at 2 p.m. (ET).π Read
via "Threatpost".
Threat Post
CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug
An emergency directive orders some federal agencies to apply Microsoftβs patch for a critical DNS vulnerability by Friday, July 17 at 2 p.m. ET.
π Phishing: Email fraudsters are impersonating colleagues, customers, and vendors, report says π
π Read
via "Security on TechRepublic".
Nearly a third of professionals said they have to remediate email-based attacks every day, GreatHorn found.π Read
via "Security on TechRepublic".
TechRepublic
Phishing: Email fraudsters are impersonating colleagues, customers, and vendors, report says
Nearly a third of professionals said they have to remediate email-based attacks every day, GreatHorn found.
β Twitter Hack Update: What We Know (and What We Donβt) β
π Read
via "Threatpost".
With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.π Read
via "Threatpost".
Threat Post
Twitter Hack Update: What We Know (and What We Donβt)
With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.
π΄ Cybercriminals Targeted Streaming Services to Provide Pandemic Entertainment π΄
π Read
via "Dark Reading: ".
Prior to 2020, about 1 in 5 credential attacks targeted video services, but that's nothing compared to the first quarter of 2020, according to newly published data.π Read
via "Dark Reading: ".
Dark Reading
Cybercriminals Targeted Streaming Services to Provide Pandemic Entertainment
Prior to 2020, about 1 in 5 credential attacks targeted video services, but that's nothing compared to the first quarter of 2020, according to newly published data.
π΄ Election Security: Recovering from 2016, Looking Toward 2020 π΄
π Read
via "Dark Reading: ".
Researchers publish the results of a four-year investigation and discuss whether the US is ready to secure its largest elections.π Read
via "Dark Reading: ".
Dark Reading
Election Security: Recovering from 2016, Looking Toward 2020
Researchers publish the results of a four-year investigation and discuss whether the US is ready to secure its largest elections.
π Friday Five: 7/17 Edition π
π Read
via "Subscriber Blog RSS Feed ".
US Secret Service forms a cyber fraud task force, Twitter deals with the hacking of high-profile Twitter accounts, and more - catch up on all the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 7/17 Edition
US Secret Service forms a cyber fraud task force, Twitter deals with the hacking of high-profile Twitter accounts, and more - catch up on all the week's news with the Friday Five.
π Sifter 8.5 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 8.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π SMB12 Information Gathering π
π Go!
via "Security Tool Files β Packet Storm".
SMB12 Information Gathering is a data gathering python script that inspects SMB1 and SMB2 endpoints. It will extract various attributes from the remote server such as OS version (only supported by SMB1 as per protocol definition), DNS computer name, DNS domain name, NetBIOS computer name and NetBIOS domain name (SMB1 and SMB2).π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
SMB12 Information Gathering β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover β
π Read
via "Threatpost".
Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that's under active exploit.π Read
via "Threatpost".
Threat Post
Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that's under active exploit.
π΄ Emotet Lives! π΄
π Read
via "Dark Reading: ".
Emotet malware has back to action after a four-month hiatus that allowed cybersecurity experts to worry about other things.π Read
via "Dark Reading: ".
Dark Reading
Emotet Lives!
Emotet malware has back to action after a four-month hiatus that allowed cybersecurity experts to worry about other things.
ATENTIONβΌ New - CVE-2019-4090
π Read
via "National Vulnerability Database".
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."π Read
via "National Vulnerability Database".