ATENTIONβΌ New - CVE-2019-16374
π Read
via "National Vulnerability Database".
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.π Read
via "National Vulnerability Database".
β New Global Threat Landscape Report Reveals βUnprecedentedβ Cyberattacks β
π Read
via "Threatpost".
Fortinet's recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 - and what that means for cybercrime.π Read
via "Threatpost".
Threat Post
New Global Threat Landscape Report Reveals βUnprecedentedβ Cyberattacks
Fortinet's recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 - and what that means for cybercrime.
π΄ Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity π΄
π Read
via "Dark Reading: ".
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.π Read
via "Dark Reading: ".
Dark Reading
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
π How hospitals can better protect themselves against data breaches π
π Read
via "Security on TechRepublic".
Healthcare data breaches have fallen this year but could surge over the next few months as hospital records remain a top target, says CI Security.π Read
via "Security on TechRepublic".
TechRepublic
How hospitals can better protect themselves against data breaches
Healthcare data breaches have fallen this year but could surge over the next few months as hospital records remain a top target, says CI Security.
π How to hide files from any file manager on the Linux desktop π
π Read
via "Security on TechRepublic".
Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.π Read
via "Security on TechRepublic".
TechRepublic
How to hide files from any file manager on the Linux desktop
Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.
π Report: Unskilled hackers can breach about 3 out of 4 companies π
π Read
via "Security on TechRepublic".
Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.π Read
via "Security on TechRepublic".
TechRepublic
Report: Unskilled hackers can breach about 3 out of 4 companies
Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.
β Zoom Faces More Legal Challenges Over End-to-End Encryption β
π Read
via "Threatpost".
The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it.π Read
via "Threatpost".
Threat Post
Zoom Faces More Legal Challenges Over End-to-End Encryption
The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it.
β Tor and anonymous browsing β just how safe is it? β
π Read
via "Naked Security".
How to stay safe when you're using Tor, even if the network is littered with rogues.π Read
via "Naked Security".
Naked Security
Tor and anonymous browsing β just how safe is it?
How to stay safe when youβre using Tor, even if the network is littered with rogues.
π΄ NSA & FBI Disclose New Russian Cyberespionage Malware π΄
π Read
via "Dark Reading: ".
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.π Read
via "Dark Reading: ".
Dark Reading
NSA & FBI Disclose New Russian Cyberespionage Malware
APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations.
π Weak and infrequent cyber-crisis training is leaving companies vulnerable, new research says π
π Read
via "Security on TechRepublic".
Companies are too reliant on dated software, the most essential-to-crises staff aren't required attendance at cybersecurity training, and the pandemic exacerbated problems, according to a new report.π Read
via "Security on TechRepublic".
TechRepublic
Weak and infrequent cyber-crisis training is leaving companies vulnerable, new research says
Companies are too reliant on dated software, the most essential-to-crises staff aren't required attendance at cybersecurity training, and the pandemic exacerbated problems, according to a new report.
π US and UK workers still logging 2 extra hours every day, according to VPN data π
π Read
via "Security on TechRepublic".
People in Europe and Canada have gone back to the hours they were working before the coronavirus shutdown.π Read
via "Security on TechRepublic".
TechRepublic
US and UK workers still logging 2 extra hours every day, according to VPN data
People in Europe and Canada have gone back to the hours they were working before the coronavirus shutdown.
π Wireshark Analyzer 3.2.6 π
π Go!
via "Security Tool Files β Packet Storm".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Wireshark Analyzer 3.2.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Secure Development Takes a (Remote) Village π΄
π Read
via "Dark Reading: ".
The shift to work from home isn't just about giving your Dev team the physical tools they need.π Read
via "Dark Reading: ".
Dark Reading
Secure Development Takes a (Remote) Village
The shift to work from home isn't just about giving your Dev team the physical tools they need.
ATENTIONβΌ New - CVE-2020-0261
π Read
via "National Vulnerability Database".
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146059841π Read
via "National Vulnerability Database".
π΄ Boeing's DEF CON Debut a Sign of the Times π΄
π Read
via "Dark Reading: ".
In the wake of a stalemate between the airplane manufacturer and a security researcher over vulns found in its 787 aircraft's network, Boeing says it's ready to "embrace" the hacker community.π Read
via "Dark Reading: ".
Dark Reading
Boeing's DEF CON Debut a Sign of the Times
In the wake of a stalemate between the airplane manufacturer and a security researcher over vulns found in its 787 aircraft's network, Boeing says it's ready to embrace the hacker community.
π΄ The Race to Hack a Satellite at DEF CON π΄
π Read
via "Dark Reading: ".
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.π Read
via "Dark Reading: ".
Dark Reading
The Race to Hack a Satellite at DEF CON
Eight teams competed to win cash, bragging rights, and the chance to control a satellite in space.
π Zero trust is critical, but very underused π
π Read
via "Security on TechRepublic".
Organizations must quickly adopt the zero trust mindset of "never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report.π Read
via "Security on TechRepublic".
TechRepublic
Zero trust is critical, but very underused
Organizations must quickly adopt the zero trust mindset of "never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report.
π΄ RedCurl APT Group Hacks Global Companies for Corporate Espionage π΄
π Read
via "Dark Reading: ".
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.π Read
via "Dark Reading: ".
Dark Reading
RedCurl APT Group Hacks Global Companies for Corporate Espionage
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
π New Phishing Campaign Targets SBA COVID-19 Loan Relief Accounts π
π Read
via "Subscriber Blog RSS Feed ".
Scams targeting small businesses are unfortunately commonplace these days. The latest attempts to phish business owners' SBA loan relief logins.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
New Phishing Campaign Targets SBA COVID-19 Loan Relief Accounts
Scams targeting small businesses are unfortunately commonplace these days. The latest attempts to phish business owners' SBA loan relief logins.
β CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets β
π Read
via "Threatpost".
The APT is becoming more sophisticated over time.π Read
via "Threatpost".
Threat Post
CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets
The APT is becoming more sophisticated over time.
π΄ Business Email Compromise Attacks Involving MFA Bypass Increase π΄
π Read
via "Dark Reading: ".
Adversaries are using legacy email clients to access and take over accounts protected with strong authentication, Abnormal Security says.π Read
via "Dark Reading: ".
Dark Reading
Business Email Compromise Attacks Involving MFA Bypass Increase
Adversaries are using legacy email clients to access and take over accounts protected with strong authentication, Abnormal Security says.