π΄ As Businesses Move to the Cloud, Cybercriminals Follow Close Behind π΄
π Read
via "Dark Reading: ".
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.π Read
via "Dark Reading: ".
Dark Reading
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
π Zeek 3.1.5 π
π Go!
via "Security Tool Files β Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Zeek 3.1.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2019-4731
π Read
via "National Vulnerability Database".
IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616.π Read
via "National Vulnerability Database".
π Box announces added security to Box Shield solution with automation classification π
π Read
via "Security on TechRepublic".
Using machine learning, Shield automatically scans files and classifies them based on content, detecting and securing sensitive information.π Read
via "Security on TechRepublic".
TechRepublic
Box announces added security to Box Shield solution with automation classification
Using machine learning, Shield automatically scans files and classifies them based on content, detecting and securing sensitive information.
ATENTIONβΌ New - CVE-2020-13915
π Read
via "National Vulnerability Database".
Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13914
π Read
via "National Vulnerability Database".
webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13913
π Read
via "National Vulnerability Database".
An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.π Read
via "National Vulnerability Database".
β Firefox 79 is out β itβs a double-update month so patch now! β
π Read
via "Naked Security".
It's a Blue Moon month for Firefox - the second full update in July!π Read
via "Naked Security".
Naked Security
Firefox 79 is out β itβs a double-update month so patch now!
Itβs a Blue Moon month for Firefox β the second full update in July!
π Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses π
π Read
via "Security on TechRepublic".
The GPS maker scrambled to contain the aftermath of an attack as employees took to social media to describe what was happening.π Read
via "Security on TechRepublic".
TechRepublic
Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses
The GPS maker scrambled to contain the aftermath of an attack as employees took to social media to describe what was happening.
π΄ Autonomous IT: Less Reacting, More Securing π΄
π Read
via "Dark Reading: ".
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.π Read
via "Dark Reading: ".
Dark Reading
Autonomous IT: Less Reacting, More Securing
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
π΄ 7.5M Banking Customers Affected in Dave Security Breach π΄
π Read
via "Dark Reading: ".
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.π Read
via "Dark Reading: ".
Dark Reading
7.5M Banking Customers Affected in Dave Security Breach
The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev.
π΄ Researchers Foil Phishing Attempt on Netflix Customers π΄
π Read
via "Dark Reading: ".
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.π Read
via "Dark Reading: ".
Dark Reading
Researchers Foil Phishing Attempt on Netflix Customers
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
π΄ Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness π΄
π Read
via "Dark Reading: ".
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.π Read
via "Dark Reading: ".
Dark Reading
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
π US Indicts Two Chinese Hackers Following Theft of Trade Secrets π
π Read
via "Subscriber Blog RSS Feed ".
The two hackers were also linked to attempts to hack American biotech firms working on a coronavirus (COVID-19) vaccine.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
US Indicts Two Chinese Hackers Following Theft of Trade Secrets
The two hackers were also linked to attempts to hack American biotech firms working on a coronavirus (COVID-19) vaccine.
π Facebook data privacy scandal: A cheat sheet π
π Read
via "Security on TechRepublic".
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.π Read
via "Security on TechRepublic".
TechRepublic
Facebook data privacy scandal: A cheat sheet
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.
ATENTIONβΌ New - CVE-2020-10930
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10929
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10928
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10927
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10926
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10925
π Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.π Read
via "National Vulnerability Database".