β Iran-Linked βNewbieβ Hackers Spread Dharma Ransomware Via RDP Ports β
π Read
via "Threatpost".
The recent Dharma campaign by Iran-linked script kiddies shows that the ransomware is being spread not just by sophisticated, state-sponsored actors anymore.π Read
via "Threatpost".
Threat Post
Iran-Linked βNewbieβ Hackers Spread Dharma Ransomware Via RDP Ports
The recent Dharma campaign by Iran-linked script kiddies shows that the ransomware is being spread not just by sophisticated, state-sponsored actors anymore.
π Top 5 programming languages for security admins to learn π
π Read
via "Security on TechRepublic".
SecAdmins working to protect infrastructure, whether in a defensively or offensively, may find these programming languages helpful in safeguarding apps, systems, and hardware from threats.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 programming languages security admins should learn
SecAdmins working to protect infrastructure, whether defensively or offensively, may find these programming languages helpful in safeguarding apps, systems, and hardware from threats.
π΄ DeathStalker APT Targets SMBs with Cyber Espionage π΄
π Read
via "Dark Reading: ".
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.π Read
via "Dark Reading: ".
Dark Reading
DeathStalker APT Targets SMBs with Cyber Espionage
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
ATENTIONβΌ New - CVE-2018-1985
π Read
via "National Vulnerability Database".
IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207.π Read
via "National Vulnerability Database".
π FBI, CISA Warn About Vishing Campaign Targeting Teleworkers π
π Read
via "Subscriber Blog RSS Feed ".
In the wake of news that attackers have been carrying out a successful voice phishing campaign against companies for a month, government orgs offered tips on how employees working from home can mitigate future attacks.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
FBI, CISA Warn About Vishing Campaign Targeting Teleworkers
In the wake of news that attackers have been carrying out a successful voice phishing campaign against companies for a month, government orgs offered tips on how employees working from home can mitigate future attacks.
π Extra security or extra risk? Pros and cons of password managers π
π Read
via "Security on TechRepublic".
Tech consultants and journalists have their own conflicting opinions about the best way to manage access in a world full of security risks.π Read
via "Security on TechRepublic".
TechRepublic
Extra security or extra risk? Pros and cons of password managers
Tech consultants and journalists have their own conflicting opinions about the best way to manage access in a world full of security risks.
π΄ Attackers Use Unicode & HTML to Bypass Email Security Tools π΄
π Read
via "Dark Reading: ".
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.π Read
via "Dark Reading: ".
Dark Reading
Attackers Use Unicode & HTML to Bypass Email Security Tools
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.
π΄ CISA Releases 5G Security Guidelines π΄
π Read
via "Dark Reading: ".
The new document defines lines of effort for developing security for the growing 5G network.π Read
via "Dark Reading: ".
Dark Reading
CISA Releases 5G Security Guidelines
The new document defines lines of effort for developing security for the growing 5G network.
β Google Fixes High-Severity Chrome Browser Code Execution Bug β
π Read
via "Threatpost".
The high-severity flaw, which was patched in the latest version of Google's Chrome browser, could allow code execution.π Read
via "Threatpost".
Threat Post
Google Fixes High-Severity Chrome Browser Code Execution Bug
The high-severity flaw, which was patched in the latest version of Google's Chrome browser, could allow code execution.
π΄ MITRE Releases 'Shield' Active Defense Framework π΄
π Read
via "Dark Reading: ".
Free knowledge base offers techniques and tactics for engaging with and better defending against network intruders.π Read
via "Dark Reading: ".
Dark Reading
MITRE Releases 'Shield' Active Defense Framework
Free knowledge base offers techniques and tactics for engaging with and better defending against network intruders.
β Shoring Up the 2020 Election: Secure Vote Tallies Arenβt the Problem β
π Read
via "Threatpost".
With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas.π Read
via "Threatpost".
Threat Post
Shoring Up the 2020 Election: Secure Vote Tallies Arenβt the Problem
With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas.
π IoT botnets: Smart homes ripe for a new type of cyberattack π
π Read
via "Security on TechRepublic".
The burgeoning smart home device market has given rise to digital intrusion and potential energy market manipulation on a massive scale.π Read
via "Security on TechRepublic".
TechRepublic
IoT botnets: Smart homes ripe for a new type of cyberattack
The burgeoning smart home device market has given rise to digital intrusion and potential energy market manipulation on a massive scale.
π΄ The Fatal Flaw in Data Security π΄
π Read
via "Dark Reading: ".
Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.π Read
via "Dark Reading: ".
Dark Reading
The Fatal Flaw in Data Security
Simply stated: No matter how sophisticated your security software is, data cannot be simultaneously used and secured. But that may be changing soon.
β Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages β
π Read
via "Threatpost".
The North Korean-linked APT's latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals.π Read
via "Threatpost".
Threat Post
Lazarus Group Targets Cryptocurrency Firms Via LinkedIn Messages
The North Korean-linked APT's latest campaign shows that it is shifting focus to target the cryptocurrency and financial verticals.
β Safari Bug Revealed After Apple Takes Nearly a Year to Patch β
π Read
via "Threatpost".
Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attackers to steal user files.π Read
via "Threatpost".
Threat Post
Safari Bug Revealed After Apple Takes Nearly a Year to Patch
Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attackers to steal user files.
π Sifter 9.5 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 9.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Falco 0.25.0 π
π Go!
via "Security Tool Files β Packet Storm".
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Falco 0.25.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Palo Alto Networks to Acquire The Crypsis Group for $265M π΄
π Read
via "Dark Reading: ".
This is the latest in a series of acquisitions that Palo Alto has made since 2018.π Read
via "Dark Reading: ".
Dark Reading
Palo Alto Networks to Acquire The Crypsis Group for $265M
This is the latest in a series of acquisitions that Palo Alto has made since 2018.
π΄ Three Easy Ways to Avoid Meow-like Database Attacks π΄
π Read
via "Dark Reading: ".
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.π Read
via "Dark Reading: ".
Dark Reading
Three Easy Ways to Avoid Meow-like Database Attacks
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
π DOJ Discusses China's Efforts to Steal US IP π
π Read
via "Subscriber Blog RSS Feed ".
John Demers, the Justice Department's top national security official, said that 80% of state-connected espionage cases relate to China.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
DOJ Discusses China's Efforts to Steal US IP
John Demers, the Justice Department's top national security official, said that 80% of state-connected espionage cases relate to China.
π΄ Online Business Fraud Down, Consumer Fraud Up π΄
π Read
via "Dark Reading: ".
Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.π Read
via "Dark Reading: ".
Dark Reading
Online Business Fraud Down, Consumer Fraud Up
Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.