π Friday Five: 7/24 Edition π
π Read
via "Subscriber Blog RSS Feed ".
A new phishing campaign abuses enterprise cloud services, BadPower attack could set your device on fire, and the UK sports industry under near constant cyber attack - catch up on all the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 7/24 Edition
A new phishing campaign abuses enterprise cloud services, BadPower attack could set your device on fire, and the UK sports industry under near constant cyber attack - catch up on all the week's news with the Friday Five.
π Sifter 8.6 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 8.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β ASUS routers could be reflashed with malware β patch now! β
π Read
via "Naked Security".
Responsible disclosure means the bugs are already fixed - but don't forget to check that you applied the patch.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Companies turning to isolation technology to protect against the internet's biggest threats π
π Read
via "Security on TechRepublic".
Isolation technology allows companies to keep employee browsers siloed in the cloud.π Read
via "Security on TechRepublic".
TechRepublic
Companies turning to isolation technology to protect against the internet's biggest threats
Isolation technology allows companies to keep employee browsers siloed in the cloud.
β News Wrap: Twitter Hack, Apple Under Fire and Global Privacy Finger Wags β
π Read
via "Threatpost".
Threatpost editors talk about the biggest security news stories for the week ended Jul. 24.π Read
via "Threatpost".
Threat Post
News Wrap: Twitter Hack, Apple Under Fire and Global Privacy Finger Wags
Threatpost editors talk about the biggest security news stories for the week ended Jul. 24.
β NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug β
π Read
via "Threatpost".
Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns.π Read
via "Threatpost".
Threat Post
NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug
Power plants, factories, oil and gas refineries and more are all in the sights of foreign adversaries, the U.S. warns.
π΄ Rise of the Robots: How You Should Secure RPA π΄
π Read
via "Dark Reading: ".
Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots?π Read
via "Dark Reading: ".
π΄ Access to Internal Twitter Admin Tools Is Widespread π΄
π Read
via "Dark Reading: ".
More than 1,000 individuals have access to tools that could have aided the attackers in the recent Twitter attack on high-profile accounts.π Read
via "Dark Reading: ".
Dark Reading
Access to Internal Twitter Admin Tools Is Widespread
More than 1,000 individuals have access to tools that could have aided the attackers in the recent Twitter attack on high-profile accounts.
π΄ Remote Work Could Help Cybersecurity's Diversity Problem - But Will It? π΄
π Read
via "Dark Reading: ".
Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.π Read
via "Dark Reading: ".
Dark Reading
Remote Work Could Help Cybersecurity's Diversity Problem - But Will It?
Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.
β DJI Drone App Riddled With Privacy Issues, Researchers Allege β
π Read
via "Threatpost".
The DJI GO 4 application open usersβ sensitive data up for the taking, researchers allege.π Read
via "Threatpost".
Threat Post
DJI Drone App Riddled With Privacy Issues, Researchers Allege
The DJI GO 4 application open usersβ sensitive data up for the taking, researchers allege.
π΄ Garmin Takes App & Services Offline After Suspected Ransomware Attack π΄
π Read
via "Dark Reading: ".
Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.π Read
via "Dark Reading: ".
Dark Reading
Garmin Takes App & Services Offline After Suspected Ransomware Attack
Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.
π DevSecOps tutorial: What is it, and how can it improve application security? π
π Read
via "Security on TechRepublic".
Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what DevSecOps is and how companies can use it to improve security.π Read
via "Security on TechRepublic".
π Social engineering: A cheat sheet for business professionals π
π Read
via "Security on TechRepublic".
People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.π Read
via "Security on TechRepublic".
TechRepublic
Social engineering: A cheat sheet for business professionals
People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.
π΄ Organizations Continue to Struggle With App Vulns π΄
π Read
via "Dark Reading: ".
A high percentage of discovered bugs remain unremediated for a long time, a new study shows.π Read
via "Dark Reading: ".
Dark Reading
Organizations Continue to Struggle With App Vulns
A high percentage of discovered bugs remain unremediated for a long time, a new study shows.
ATENTIONβΌ New - CVE-2020-10610
π Read
via "National Vulnerability Database".
In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control of the local computer at Windows system privilege level, resulting in unauthorized information disclosure, deletion, or modification.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10608
π Read
via "National Vulnerability Database".
In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target another local user of PI System software on the computer to escalate privilege and result in unauthorized information disclosure, deletion, or modification.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10606
π Read
via "National Vulnerability Database".
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10602
π Read
via "National Vulnerability Database".
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries to PI Data Archive.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10600
π Read
via "National Vulnerability Database".
In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Archive Subsystem when the subsystem is working under memory pressure. This can result in blocking queries to PI Data Archive.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10614
π Read
via "National Vulnerability Database".
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10604
π Read
via "National Vulnerability Database".
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.π Read
via "National Vulnerability Database".