π Google and Amazon most impersonated brands in phishing attacks π
π Read
via "Security on TechRepublic".
WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.π Read
via "Security on TechRepublic".
π΄ Retooling the SOC for a Post-COVID World π΄
π Read
via "Dark Reading: ".
Residual work-from-home policies will require changes to security policies, procedures, and technologies.π Read
via "Dark Reading: ".
Dark Reading
Retooling the SOC for a Post-COVID World
Residual work-from-home policies will require changes to security policies, procedures, and technologies.
β Newsletter WordPress Plugin Opens Door to Site Takeover β
π Read
via "Threatpost".
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.π Read
via "Threatpost".
Threat Post
Newsletter WordPress Plugin Opens Door to Site Takeover
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.
π΄ 6 Dangerous Defaults Attackers Love (and You Should Know) π΄
π Read
via "Dark Reading: ".
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.π Read
via "Dark Reading: ".
Dark Reading
6 Dangerous Defaults Attackers Love (and You Should Know)
Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.
π΄ New Spin on a Longtime DNS Intel Tool π΄
π Read
via "Dark Reading: ".
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.π Read
via "Dark Reading: ".
Dark Reading
New Spin on a Longtime DNS Intel Tool
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
π Trade Secret Theft Case Involving Pharma Giant Can Move Forward π
π Read
via "Subscriber Blog RSS Feed ".
An ex-worker who allegedly stole hundreds of company files had previously attempted to dismiss the lawsuit.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Trade Secret Theft Case Involving Pharma Giant Can Move Forward
An ex-worker who allegedly stole hundreds of company files had previously attempted to dismiss the lawsuit.
π΄ New Spin on a Longtime DNS Intel Tool π΄
π Read
via "Dark Reading: ".
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.π Read
via "Dark Reading: ".
Dark Reading
New Spin on a Longtime DNS Intel Tool
Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.
π Why multi-factor authentication should be set up for all your services and devices π
π Read
via "Security on TechRepublic".
More than ever, now is the time to make absolutely sure that your services and devices are using the best protection available to keep data secured and away from unauthorized hands.π Read
via "Security on TechRepublic".
TechRepublic
Why multi-factor authentication should be set up for all your services and devices
More than ever, now is the time to make absolutely sure that your services and devices are using the best protection available to keep data secured and away from unauthorized hands.
ATENTIONβΌ New - CVE-2020-13523
π Read
via "National Vulnerability Database".
An exploitable information disclosure vulnerability exists in SoftPerfectΓ’β¬β’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
β NetWalker Ransomware Rakes in $29M Since March β
π Read
via "Threatpost".
The ransomware has surged since moving to a RaaS model.π Read
via "Threatpost".
Threat Post
NetWalker Ransomware Rakes in $29M Since March
The ransomware has surged since moving to a RaaS model.
π΄ How Ransomware Threats Are Evolving & How to Spot Them π΄
π Read
via "Dark Reading: ".
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.π Read
via "Dark Reading: ".
Dark Reading
How Ransomware Threats Are Evolving & How to Spot Them
A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.
ATENTIONβΌ New - CVE-2020-13522
π Read
via "National Vulnerability Database".
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18112
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.π Read
via "National Vulnerability Database".
π΄ Pen Testers Who Got Arrested Doing Their Jobs Tell All π΄
π Read
via "Dark Reading: ".
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.π Read
via "Dark Reading: ".
Dark Reading
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.
β A Cyber βVigilanteβ is Sabotaging Emotetβs Return β
π Read
via "Threatpost".
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.π Read
via "Threatpost".
Threat Post
A Cyber βVigilanteβ is Sabotaging Emotetβs Return
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.
π΄ Less Than Half of Security Pros Can Identify Their Organization's Level of Risk π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
Less Than Half of Security Pros Can Identify Their Organization's Level of Risk
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
π΄ DDoS Attacks Doubled in Q2 Compared with Prior Quarter π΄
π Read
via "Dark Reading: ".
Most attacks were small, but the big ones got bigger than ever, Cloudflare says.π Read
via "Dark Reading: ".
Dark Reading
DDoS Attacks Doubled in Q2 Compared with Prior Quarter
Most attacks were small, but the big ones got bigger than ever, Cloudflare says.
π COVID-19 highlights need for business and security leaders to work together to prevent cyberattacks π
π Read
via "Security on TechRepublic".
New Tenable study says 94% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months; 46% weathered five or more attacks.π Read
via "Security on TechRepublic".
TechRepublic
COVID-19 highlights need for business and security leaders to work together to prevent cyberattacks
New Tenable study says 94% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months; 46% weathered five or more attacks.
π΄ Why Confidential Computing Is a Game Changer π΄
π Read
via "Dark Reading: ".
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.π Read
via "Dark Reading: ".
Dark Reading
Why Confidential Computing Is a Game Changer
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
ATENTIONβΌ New - CVE-2020-13151
π Read
via "National Vulnerability Database".
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.π Read
via "National Vulnerability Database".
π΄ Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020 π΄
π Read
via "Dark Reading: ".
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.π Read
via "Dark Reading: ".
Darkreading
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.