β High-Severity Cisco DoS Flaw Plagues Small-Business Switches β
π Read
via "Threatpost".
Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches.π Read
via "Threatpost".
Threat Post
High-Severity Cisco DoS Flaw Plagues Small-Business Switches
Cisco recently patched the high-severity flaw, which could allow remote, unauthenticated attackers to launch DoS attacks against its popular small business switches.
π΄ Ripple20: More Vulnerable Devices Identified π΄
π Read
via "Dark Reading: ".
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.π Read
via "Dark Reading: ".
Dark Reading
Ripple20: More Vulnerable Devices Identified
Security researchers find 34 additional vendors, and 47 devices, affected by the widespread Ripple20 vulnerabilities.
π΄ Energy Market Manipulation with High-Wattage IoT Botnets π΄
π Read
via "Dark Reading: ".
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.π Read
via "Dark Reading: ".
Dark Reading
Energy Market Manipulation with High-Wattage IoT Botnets
Attackers that can compromise enough products such as smart ACs and heaters can tweak power demand in subtle ways for financial gain or to hurt market players, researchers at Black Hat say.
π΄ Four Rules and Three Tools to Protect Against Fake SaaS Apps π΄
π Read
via "Dark Reading: ".
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.π Read
via "Dark Reading: ".
Dark Reading
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
π΄ A Real-World Tool for Organizing, Integrating Your Other Tools π΄
π Read
via "Dark Reading: ".
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.π Read
via "Dark Reading: ".
Dark Reading
A Real-World Tool for Organizing, Integrating Your Other Tools
Omdia Cybersecurity Accelerator analyst Eric Parizo describes the value overwhelmed security managers may find in a SPIF.
π΄ 2019 Breach Leads to $80 Million Fine for Capital One π΄
π Read
via "Dark Reading: ".
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.π Read
via "Dark Reading: ".
Dark Reading
2019 Breach Leads to $80 Million Fine for Capital One
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
π΄ Counting for Good: Hardware Counters Un-mask Malware π΄
π Read
via "Dark Reading: ".
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, "Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic."π Read
via "Dark Reading: ".
Dark Reading
Counting for Good: Hardware Counters Un-mask Malware
Nick Gregory, research scientist at Capsule8, talks about his session with Capsule8 data scientist Harini Kannan, Uncommon Sense: Detecting Exploits With Novel Hardware Performance Counters and Machine Learning Magic.
ATENTIONβΌ New - CVE-2020-13365
π Read
via "National Vulnerability Database".
Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-13364
π Read
via "National Vulnerability Database".
A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0.π Read
via "National Vulnerability Database".
π΄ Platform Security: Intel Pushes to Reduce Supply Chain Attacks π΄
π Read
via "Dark Reading: ".
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company's computing platforms, including Compute Lifecycle Assurance.π Read
via "Dark Reading: ".
Dark Reading
Platform Security: Intel Pushes to Reduce Supply Chain Attacks
SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel's Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches toβ¦
π΄ New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet π΄
π Read
via "Dark Reading: ".
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.π Read
via "Dark Reading: ".
Darkreading
New Windows Print Spooler Zero-Day Flaws Harken Back to Stuxnet
Researchers find new flaws in the ubiquitous decades-old printer software in Windows, including one that bypasses a recent Microsoft patch.
π΄ Remotely Hacking Operations Technology Systems π΄
π Read
via "Dark Reading: ".
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.π Read
via "Dark Reading: ".
Dark Reading
Remotely Hacking Operations Technology Systems
Marco Balduzzi senior research scientist with Trend Micro, tells us how the often-overlooked ICS protocol gateways contain serious vulnerabilities that allow attackers to hack OT systems remotely.
π΄ The Long Shadow of Stuxnet: New Microsoft Print Spooler Vulns Revealed π΄
π Read
via "Dark Reading: ".
Researchers Peleg Hader and Tomer Bar of SafeBreach share details of the three vulnerabilities they found in Windows Print Spooler that could allow an attacker to sneak into the network through an old printer service mechanism.π Read
via "Dark Reading: ".
Dark Reading
IoT recent news | Dark Reading
Explore the latest news and expert commentary on IoT, brought to you by the editors of Dark Reading
β Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack β
π Read
via "Threatpost".
Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.π Read
via "Threatpost".
Threat Post
Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack
Attackers can listen in on internet traffic for high-value targets a continent away, like shipping fleets and oil installations, using some basic home-television gear.
π΄ Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl π΄
π Read
via "Dark Reading: ".
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a different risk level than their open-source counterparts, and how WastedLocker identifies "valuable" targets.π Read
via "Dark Reading: ".
Dark Reading
Broadcom: Staying Safe with WastedLocker Ransomware Variant on the Prowl
SPONSORED CONTENT: Stealthier and more patient than some predecessors, WastedLocker lingers surreptitiously for as long as it needs to for maximum payoff, says Jon DiMaggio with Broadcom's Symantec division. He explains how Windows servers are at a differentβ¦
π΄ Using IoT Botnets to Manipulate the Energy Market π΄
π Read
via "Dark Reading: ".
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.π Read
via "Dark Reading: ".
Dark Reading
Using IoT Botnets to Manipulate the Energy Market
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
π΄ Why Satellite Communication Eavesdropping Will Remain A Problem π΄
π Read
via "Dark Reading: ".
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.π Read
via "Dark Reading: ".
Dark Reading
Why Satellite Communication Eavesdropping Will Remain A Problem
Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon.
π Android phones could spy on users via flaws in Qualcomm chip π
π Read
via "Security on TechRepublic".
Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Android phones could spy on users via flaws in Qualcomm chip
Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.
ATENTIONβΌ New - CVE-2020-13793
π Read
via "National Vulnerability Database".
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-12441
π Read
via "National Vulnerability Database".
Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the Γ’β¬˜HEATRemoteServiceΓ’β¬β’ agent. The DoS can be triggered by sending a specially crafted network packet.π Read
via "National Vulnerability Database".
β Canon Admits Ransomware Attack in Employee Note, Report β
π Read
via "Threatpost".
The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems, reportedly thanks to the Maze gang.π Read
via "Threatpost".
Threat Post
UPDATE: Canon Ransomware Attack Results in Leaked Data, Report
The consumer-electronics giant had suffered partial outages across its U.S. website and internal systems reportedly, thanks to the Maze gang.