β Black Hat 2020: βZero-Clickβ MacOS Exploit Chain Uses Microsoft Office Macros β
π Read
via "Threatpost".
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users.π Read
via "Threatpost".
Threat Post
Black Hat 2020: βZero-Clickβ MacOS Exploit Chain Uses Microsoft Office Macros
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users.
β Porn blast disrupts bail hearing of alleged Twitter hacker β
π Read
via "Naked Security".
An alleged hacker's bail hearing held online via Zoom with screen sharing enabled... what could possibly go wrong?π Read
via "Naked Security".
Naked Security
Porn blast disrupts bail hearing of alleged Twitter hacker
An alleged hackerβs bail hearing held online via Zoom with screen sharing enabledβ¦ what could possibly go wrong?
π FBI announcement on Windows 7 end of life prompts worry from security experts π
π Read
via "Security on TechRepublic".
Despite the FBI announcement, hospitals, schools, and government offices across the world still use Windows 7.π Read
via "Security on TechRepublic".
TechRepublic
FBI announcement on Windows 7 end of life prompts worry from security experts
Despite the FBI announcement, hospitals, schools, and government offices across the world still use Windows 7.
π΄ 3 Tips For Better Security Across the Software Supply Chain π΄
π Read
via "Dark Reading: ".
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.π Read
via "Dark Reading: ".
Dark Reading
3 Tips For Better Security Across the Software Supply Chain
It may sound look intimidating, but with a few tweaks to tools and processes already in use, it's not hard to get a head start on improving security posture of the software supply chain.
π COVID-19-related scams cost Americans more than $98 million since the start of 2020 π
π Read
via "Security on TechRepublic".
Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data.π Read
via "Security on TechRepublic".
TechRepublic
COVID-19-related scams cost Americans more than $98 million since the start of 2020
Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data.
π Security analysts want more help from developers to improve DevSecOps π
π Read
via "Security on TechRepublic".
More training on security tools and better performance metrics can accomplish this, according to a new survey.π Read
via "Security on TechRepublic".
TechRepublic
Security analysts want more help from developers to improve DevSecOps
More training on security tools and better performance metrics can accomplish this, according to a new survey.
β High-Severity Cisco DoS Flaw Plagues Small-Business Switches β
π Read
via "Threatpost".
Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches.π Read
via "Threatpost".
Threat Post
High-Severity Cisco DoS Flaw Plagues Small-Business Switches
Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches.
π΄ Ripple20: More Vulnerable Devices Identified π΄
π Read
via "Dark Reading: ".
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.π Read
via "Dark Reading: ".
Dark Reading
Ripple20: More Vulnerable Devices Identified
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.
π΄ Energy Market Manipulation with High-Wattage IoT Botnets π΄
π Read
via "Dark Reading: ".
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.π Read
via "Dark Reading: ".
Dark Reading
Energy Market Manipulation with High-Wattage IoT Botnets
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.
π΄ Four Rules and Three Tools to Protect Against Fake SaaS Apps π΄
π Read
via "Dark Reading: ".
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.π Read
via "Dark Reading: ".
Dark Reading
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
π΄ A Real-World Tool for Organizing, Integrating Your Other Tools π΄
π Read
via "Dark Reading: ".
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.π Read
via "Dark Reading: ".
Dark Reading
A Real-World Tool for Organizing, Integrating Your Other Tools
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.
π΄ 2019 Breach Leads to $80 Million Fine for Capital One π΄
π Read
via "Dark Reading: ".
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.π Read
via "Dark Reading: ".
Dark Reading
2019 Breach Leads to $80 Million Fine for Capital One
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
π΄ Counting for Good: Hardware Counters Un-mask Malware π΄
π Read
via "Dark Reading: ".
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, "Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic."π Read
via "Dark Reading: ".
Dark Reading
Counting for Good: Hardware Counters Un-mask Malware
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
ATENTIONβΌ New - CVE-2020-13365
π Read
via "National Vulnerability Database".
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13364
π Read
via "National Vulnerability Database".
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.π Read
via "National Vulnerability Database".
π΄ Platform Security: Intel Pushes to Reduce Supply Chain Attacks π΄
π Read
via "Dark Reading: ".
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.π Read
via "Dark Reading: ".
Dark Reading
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches toβ¦
π΄ New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet π΄
π Read
via "Dark Reading: ".
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.π Read
via "Dark Reading: ".
Darkreading
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.
π΄ Remotely Hacking Operations Technology Systems π΄
π Read
via "Dark Reading: ".
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.π Read
via "Dark Reading: ".
Dark Reading
Remotely Hacking Operations Technology Systems
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
π΄ The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed π΄
π Read
via "Dark Reading: ".
Researchers Peleg Hader and Tomer Bar of SafeBreach share details of the three vulnerabilities they found in Windows Print Spooler that could allow an attacker to sneak into the network through an old printer service mechanism.π Read
via "Dark Reading: ".
Dark Reading
IoT recent news | Dark Reading
Explore the latest news and expert commentary on IoT, brought to you by the editors of Dark Reading
β Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack β
π Read
via "Threatpost".
Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.π Read
via "Threatpost".
Threat Post
Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack
Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.
π΄ Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl π΄
π Read
via "Dark Reading: ".
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.π Read
via "Dark Reading: ".
Dark Reading
Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a differentβ¦