π Most consumers do not trust big tech with their privacy π
π Read
via "Security on TechRepublic".
Social media and online shopping sites top the list of services consumers feel do not adequately protect their personal information.π Read
via "Security on TechRepublic".
TechRepublic
Most consumers do not trust big tech with their privacy
Social media and online shopping sites top the list of services consumers feel do not adequately protect their personal information.
π It's not OK, Cupid: Security flaws could expose user data and more π
π Read
via "Security on TechRepublic".
Researchers found a number of vulnerabilities that could give attackers access to a treasure trove of personally identifying information about members.π Read
via "Security on TechRepublic".
TechRepublic
It's not OK, Cupid: Security flaws could expose user data and more
Researchers found a number of vulnerabilities that could give attackers access to a treasure trove of personally identifying information about members.
β US tax service says, β2FA is a must!β β
π Read
via "Naked Security".
We know it's an old drum, but we're not tired of beating it yet: 2FA is your friend.π Read
via "Naked Security".
Naked Security
US tax service says, β2FA is a must!β
We know itβs an old drum, but weβre not tired of beating it yet: 2FA is your friend.
β Critical Security Flaw in WordPress Plugin Allows RCE β
π Read
via "Threatpost".
WordPress plugin Comments β wpDiscuz, which is installed on over 70,000 sites, has issued a patch.π Read
via "Threatpost".
Threat Post
Critical Security Flaw in WordPress Plugin Allows RCE
WordPress plugin Comments β wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
β Critical Bugs in Utilities VPNs Could Cause Physical Damage β
π Read
via "Threatpost".
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.π Read
via "Threatpost".
Threat Post
Critical Bugs in Utilities VPNs Could Cause Physical Damage
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.
π΄ Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World π΄
π Read
via "Dark Reading: ".
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.π Read
via "Dark Reading: ".
Dark Reading
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
π Sifter 9 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Hydra Network Logon Cracker 9.1 π
π Go!
via "Security Tool Files β Packet Storm".
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Hydra Network Logon Cracker 9.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2020-11934
π Read
via "National Vulnerability Database".
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11933
π Read
via "National Vulnerability Database".
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.π Read
via "National Vulnerability Database".
π΄ Dark Reading Video News Desk Returns to Black Hat π΄
π Read
via "Dark Reading: ".
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!π Read
via "Dark Reading: ".
Dark Reading
Dark Reading Video News Desk Returns to Black Hat
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
π΄ 70,000+ WordPress Sites Affected by Critical Plug-in Flaw π΄
π Read
via "Dark Reading: ".
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.π Read
via "Dark Reading: ".
Dark Reading
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.
π NYDFS Charges First Company for Violating Its Cybersecurity Regulation π
π Read
via "Subscriber Blog RSS Feed ".
NYDFS made its first enforcement action around its Cybersecurity Regulation, 23 NYCRR 500, alleging errors and deficient controls led to a breach at an insurance company.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NYDFS Charges First Company for Violating Its Cybersecurity Regulation
NYDFS made its first enforcement action around its Cybersecurity Regulation, 23 NYCRR 500, alleging errors and deficient controls led to a breach at an insurance company.
β Billions of Devices Impacted by Secure Boot Bypass β
π Read
via "Threatpost".
The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.π Read
via "Threatpost".
Threat Post
Billions of Devices Impacted by Secure Boot Bypass
The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT, IoT and home networks.
ATENTIONβΌ New - CVE-2019-20033
π Read
via "National Vulnerability Database".
On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20032
π Read
via "National Vulnerability Database".
An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20031
π Read
via "National Vulnerability Database".
NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20030
π Read
via "National Vulnerability Database".
An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20029
π Read
via "National Vulnerability Database".
An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20028
π Read
via "National Vulnerability Database".
Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20027
π Read
via "National Vulnerability Database".
Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.π Read
via "National Vulnerability Database".