π΄ The Future's Biggest Cybercrime Threat May Already Be Here π΄
π Read
via "Dark Reading: ".
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.π Read
via "Dark Reading: ".
Dark Reading
The Future's Biggest Cybercrime Threat May Already Be Here
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.
π How to protect your website's database from hackers π
π Read
via "Security on TechRepublic".
A recent investigation by NordPass and a white hat hacker discovered more than 9,000 unsecured databases online with more than 10 billion individual entries.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your website's database from hackers
A recent investigation by NordPass and a white hat hacker discovered more than 9,000 unsecured databases online with more than 10 billion individual entries.
π΄ How to Decipher InfoSec Job Titles' Mysteries π΄
π Read
via "Dark Reading: ".
Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.π Read
via "Dark Reading: ".
Dark Reading
How to Decipher InfoSec Job Titles' Mysteries
Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.
π How IT leaders were unprepared for the security challenges posed by COVID-19 π
π Read
via "Security on TechRepublic".
The top three challenges cited in a Tanium survey were identifying new computing devices, overwhelmed IT capacity due to VPN requirements, and increased risks from video conferencing.π Read
via "Security on TechRepublic".
TechRepublic
How IT leaders were unprepared for the security challenges posed by COVID-19
The top three challenges cited in a Tanium survey were identifying new computing devices, overwhelmed IT capacity due to VPN requirements, and increased risks from video conferencing.
π Most consumers do not trust big tech with their privacy π
π Read
via "Security on TechRepublic".
Social media and online shopping sites top the list of services consumers feel do not adequately protect their personal information.π Read
via "Security on TechRepublic".
TechRepublic
Most consumers do not trust big tech with their privacy
Social media and online shopping sites top the list of services consumers feel do not adequately protect their personal information.
π It's not OK, Cupid: Security flaws could expose user data and more π
π Read
via "Security on TechRepublic".
Researchers found a number of vulnerabilities that could give attackers access to a treasure trove of personally identifying information about members.π Read
via "Security on TechRepublic".
TechRepublic
It's not OK, Cupid: Security flaws could expose user data and more
Researchers found a number of vulnerabilities that could give attackers access to a treasure trove of personally identifying information about members.
β US tax service says, β2FA is a must!β β
π Read
via "Naked Security".
We know it's an old drum, but we're not tired of beating it yet: 2FA is your friend.π Read
via "Naked Security".
Naked Security
US tax service says, β2FA is a must!β
We know itβs an old drum, but weβre not tired of beating it yet: 2FA is your friend.
β Critical Security Flaw in WordPress Plugin Allows RCE β
π Read
via "Threatpost".
WordPress plugin Comments β wpDiscuz, which is installed on over 70,000 sites, has issued a patch.π Read
via "Threatpost".
Threat Post
Critical Security Flaw in WordPress Plugin Allows RCE
WordPress plugin Comments β wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
β Critical Bugs in Utilities VPNs Could Cause Physical Damage β
π Read
via "Threatpost".
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.π Read
via "Threatpost".
Threat Post
Critical Bugs in Utilities VPNs Could Cause Physical Damage
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.
π΄ Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World π΄
π Read
via "Dark Reading: ".
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.π Read
via "Dark Reading: ".
Dark Reading
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
π Sifter 9 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Hydra Network Logon Cracker 9.1 π
π Go!
via "Security Tool Files β Packet Storm".
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Hydra Network Logon Cracker 9.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2020-11934
π Read
via "National Vulnerability Database".
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11933
π Read
via "National Vulnerability Database".
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.π Read
via "National Vulnerability Database".
π΄ Dark Reading Video News Desk Returns to Black Hat π΄
π Read
via "Dark Reading: ".
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!π Read
via "Dark Reading: ".
Dark Reading
Dark Reading Video News Desk Returns to Black Hat
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
π΄ 70,000+ WordPress Sites Affected by Critical Plug-in Flaw π΄
π Read
via "Dark Reading: ".
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.π Read
via "Dark Reading: ".
Dark Reading
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.
π NYDFS Charges First Company for Violating Its Cybersecurity Regulation π
π Read
via "Subscriber Blog RSS Feed ".
NYDFS made its first enforcement action around its Cybersecurity Regulation, 23 NYCRR 500, alleging errors and deficient controls led to a breach at an insurance company.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NYDFS Charges First Company for Violating Its Cybersecurity Regulation
NYDFS made its first enforcement action around its Cybersecurity Regulation, 23 NYCRR 500, alleging errors and deficient controls led to a breach at an insurance company.
β Billions of Devices Impacted by Secure Boot Bypass β
π Read
via "Threatpost".
The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.π Read
via "Threatpost".
Threat Post
Billions of Devices Impacted by Secure Boot Bypass
The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT, IoT and home networks.
ATENTIONβΌ New - CVE-2019-20033
π Read
via "National Vulnerability Database".
On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20032
π Read
via "National Vulnerability Database".
An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20031
π Read
via "National Vulnerability Database".
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.π Read
via "National Vulnerability Database".