ATENTIONβΌ New - CVE-2017-18112
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.π Read
via "National Vulnerability Database".
π΄ Pen Testers Who Got Arrested Doing Their Jobs Tell All π΄
π Read
via "Dark Reading: ".
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.π Read
via "Dark Reading: ".
Dark Reading
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Coalfire's Gary De Mercurio and Justin Wynn share the details of their physical penetration-testing engagement gone wrong, as well as recommendations for protecting all red teamers.
β A Cyber βVigilanteβ is Sabotaging Emotetβs Return β
π Read
via "Threatpost".
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.π Read
via "Threatpost".
Threat Post
A Cyber βVigilanteβ is Sabotaging Emotetβs Return
During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.
π΄ Less Than Half of Security Pros Can Identify Their Organization's Level of Risk π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
Less Than Half of Security Pros Can Identify Their Organization's Level of Risk
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
π΄ DDoS Attacks Doubled in Q2 Compared with Prior Quarter π΄
π Read
via "Dark Reading: ".
Most attacks were small, but the big ones got bigger than ever, Cloudflare says.π Read
via "Dark Reading: ".
Dark Reading
DDoS Attacks Doubled in Q2 Compared with Prior Quarter
Most attacks were small, but the big ones got bigger than ever, Cloudflare says.
π COVID-19 highlights need for business and security leaders to work together to prevent cyberattacks π
π Read
via "Security on TechRepublic".
New Tenable study says 94% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months; 46% weathered five or more attacks.π Read
via "Security on TechRepublic".
TechRepublic
COVID-19 highlights need for business and security leaders to work together to prevent cyberattacks
New Tenable study says 94% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months; 46% weathered five or more attacks.
π΄ Why Confidential Computing Is a Game Changer π΄
π Read
via "Dark Reading: ".
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.π Read
via "Dark Reading: ".
Dark Reading
Why Confidential Computing Is a Game Changer
Confidential Computing is a transformational technology that should be part of every enterprise cloud deployment. It's time to start unlocking the possibilities together.
ATENTIONβΌ New - CVE-2020-13151
π Read
via "National Vulnerability Database".
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.π Read
via "National Vulnerability Database".
π΄ Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020 π΄
π Read
via "Dark Reading: ".
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.π Read
via "Dark Reading: ".
Darkreading
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
π΄ Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020 π΄
π Read
via "Dark Reading: ".
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Budget Rose in 2019, Uncertainty Prevails in 2020
Budgets rise as IT complexity continued to challenge companies, with identity and access management technology an increasingly common focus.
β NSA Warns Smartphones Leak Location Data β
π Read
via "Threatpost".
The agency known for its own questionable surveillance activity advised how mobile users can limit othersβ ability to track where they are.π Read
via "Threatpost".
Threat Post
NSA Warns Smartphones Leak Location Data
The agency known for its own questionable surveillance activity advised how mobile users can limit othersβ ability to track where they are.
β Microsoft Teams Patch Bypass Allows RCE β
π Read
via "Threatpost".
An attacker can hide amidst legitimate traffic in the application's update function.π Read
via "Threatpost".
Threat Post
Microsoft Teams Patch Bypass Allows RCE
An attacker can hide amidst legitimate traffic in the application's update function.
ATENTIONβΌ New - CVE-2020-14347
π Read
via "National Vulnerability Database".
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-14344
π Read
via "National Vulnerability Database".
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13921
π Read
via "National Vulnerability Database".
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13819
π Read
via "National Vulnerability Database".
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request.π Read
via "National Vulnerability Database".
β High-Severity Android RCE Flaw Fixed in August Security Update β
π Read
via "Threatpost".
Google addressed high-severity and critical flaws tied to 54 CVEs in this month's Android security bulletin.π Read
via "Threatpost".
Threat Post
High-Severity Android RCE Flaw Fixed in August Security Update
Google addressed high-severity and critical flaws tied to 54 CVEs in this month's Android security bulletin.
π΄ Microsoft Teams Vulnerable to Patch Workaround, Researchers Report π΄
π Read
via "Dark Reading: ".
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.π Read
via "Dark Reading: ".
Darkreading
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
π΄ CISA Offers Tool for Career Navigation π΄
π Read
via "Dark Reading: ".
The new Cyber Career Pathways Tool helps individuals understand the roles in cybersecurity and how to prepare for them.π Read
via "Dark Reading: ".
Dark Reading
CISA Offers Tool for Career Navigation
The new Cyber Career Pathways Tool helps individuals understand the roles in cybersecurity and how to prepare for them.
π΄ 3 Tips for Securing Open Source Software π΄
π Read
via "Dark Reading: ".
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.π Read
via "Dark Reading: ".
Dark Reading
3 Tips for Securing Open Source Software
Maintaining myriad open source components can be tough. Here's how teams can begin to address open source security and continue to innovate.
π΄ Attack of the Clone: Next-Gen Social Engineering π΄
π Read
via "Dark Reading: ".
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.π Read
via "Dark Reading: ".
Dark Reading
Attack of the Clone: Next-Gen Social Engineering
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.