ATENTION‼ New - CVE-2020-13295
📖 Read
via "National Vulnerability Database".
For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-13294
📖 Read
via "National Vulnerability Database".
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-13293
📖 Read
via "National Vulnerability Database".
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-13292
📖 Read
via "National Vulnerability Database".
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.📖 Read
via "National Vulnerability Database".
❌ DDoS Attacks Cresting Amid Pandemic ❌
📖 Read
via "Threatpost".
Attacks were way up year-over-year in the second quarter as people continue to work from home.📖 Read
via "Threatpost".
Threat Post
DDoS Attacks Cresting Amid Pandemic
Attacks were way up year-over-year in the second quarter as people continue to work from home.
🕴 Q2 DDoS Attacks Triple Year Over Year: Report 🕴
📖 Read
via "Dark Reading: ".
Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.📖 Read
via "Dark Reading: ".
Dark Reading
Q2 DDoS Attacks Triple Year Over Year: Report
Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.
🔏 Researcher Pleads Guilty to Scientific Trade Secret Theft 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
The researcher worked for the hospital for 10 years but acknowledged last month that and her husband stole its data and used it to launch two companies, one in China, one in the US.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Researcher Pleads Guilty to Scientific Trade Secret Theft
The researcher worked for the hospital for 10 years but acknowledged last month that and her husband stole its data and used it to launch two companies, one in China, one in the US.
🔐 How phishing attacks have exploited the US Small Business Administration 🔐
📖 Read
via "Security on TechRepublic".
Such attacks have tried to capitalize on the loans provided by the SBA in the wake of the coronavirus pandemic.📖 Read
via "Security on TechRepublic".
TechRepublic
How phishing attacks have exploited the US Small Business Administration
Such attacks have tried to capitalize on the loans provided by the SBA in the wake of the coronavirus pandemic.
❌ Google Chrome Browser Bug Exposes Billions of Users to Data Theft ❌
📖 Read
via "Threatpost".
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.📖 Read
via "Threatpost".
Threat Post
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
🕴 Lock-Pickers Face an Uncertain Future Online 🕴
📖 Read
via "Dark Reading: ".
Teaching the hardware hacker the skill of picking locks is evolving because of the pandemic's lockdown.📖 Read
via "Dark Reading: ".
Dark Reading
Lock-Pickers Face an Uncertain Future Online
Teaching the hardware hacker skill of picking locks is evolving in the face of the pandemic's lockdown.
🕴 Can I Use the Same Security Tools on My IT and OT? 🕴
📖 Read
via "Dark Reading: ".
You can quit worrying about IT tools in the OT environment.📖 Read
via "Dark Reading: ".
Dark Reading
Can I Use the Same Security Tools on My IT and OT?
You can quit worrying about IT tools in the OT environment.
❌ Google Fixes Mysterious Audio Recording Blip in Smart Speakers ❌
📖 Read
via "Threatpost".
Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature.📖 Read
via "Threatpost".
Threat Post
Google Fixes Mysterious Audio Recording Blip in Smart Speakers
Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature.
🕴 Better Business Bureau Warns of New Visa Scam 🕴
📖 Read
via "Dark Reading: ".
Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.📖 Read
via "Dark Reading: ".
Dark Reading
Better Business Bureau Warns of New Visa Scam
Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.
🕴 Hacking It as a CISO: Advice for Security Leadership 🕴
📖 Read
via "Dark Reading: ".
A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives.📖 Read
via "Dark Reading: ".
Dark Reading
Hacking It as a CISO: Advice for Security Leadership
A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives.
🕴 Gamifying Password Training Shows Security Benefits 🕴
📖 Read
via "Dark Reading: ".
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.📖 Read
via "Dark Reading: ".
Dark Reading
Gamifying Password Training Shows Security Benefits
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
🛠 Sifter 9.3 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
Sifter 9.3 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Zeek 3.2.0 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
Zeek 3.2.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 17 Essential Stats About the State of Consumer Privacy 🕴
📖 Read
via "Dark Reading: ".
These illuminating numbers offer a glimpse into current consumer attitudes and enterprise readiness for protecting their customers' personal data.📖 Read
via "Dark Reading: ".
Dark Reading
17 Essential Stats About the State of Consumer Privacy
These illuminating numbers offer a glimpse into current consumer attitudes and enterprise readiness for protecting their customers' personal data.
🔐 Linux users are finally getting this popular password manager 🔐
📖 Read
via "Security on TechRepublic".
After ten years of asking and the longest forum post in the company's history, 1Password is heading to Linux.📖 Read
via "Security on TechRepublic".
TechRepublic
Linux is finally getting this popular password manager
After ten years of asking and the longest forum thread in the company's history, 1Password is heading to Linux.
❌ Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw ❌
📖 Read
via "Threatpost".
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.📖 Read
via "Threatpost".
Threat Post
Researcher Publishes Patch Bypass for vBulletin 0-Day
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
🔐 Phishing emails tempting people with fake coronavirus vaccines 🔐
📖 Read
via "Security on TechRepublic".
As researchers race to develop a COVID-19 vaccine, phishing campaigns have landed on a topic ripe for exploitation, says Check Point Research.📖 Read
via "Security on TechRepublic".
TechRepublic
Phishing emails tempting people with fake coronavirus vaccines
As researchers race to develop a COVID-19 vaccine, phishing campaigns have landed on a topic ripe for exploitation, says Check Point Research.