β Safari Bug Revealed After Apple Takes Nearly a Year to Patch β
π Read
via "Threatpost".
Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attackers to steal user files.π Read
via "Threatpost".
Threat Post
Safari Bug Revealed After Apple Takes Nearly a Year to Patch
Polish security researcher unveiled the flaw in a cross-browser sharing API that could allow attackers to steal user files.
π Sifter 9.5 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 9.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Falco 0.25.0 π
π Go!
via "Security Tool Files β Packet Storm".
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Falco 0.25.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Palo Alto Networks to Acquire The Crypsis Group for $265M π΄
π Read
via "Dark Reading: ".
This is the latest in a series of acquisitions that Palo Alto has made since 2018.π Read
via "Dark Reading: ".
Dark Reading
Palo Alto Networks to Acquire The Crypsis Group for $265M
This is the latest in a series of acquisitions that Palo Alto has made since 2018.
π΄ Three Easy Ways to Avoid Meow-like Database Attacks π΄
π Read
via "Dark Reading: ".
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.π Read
via "Dark Reading: ".
Dark Reading
Three Easy Ways to Avoid Meow-like Database Attacks
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
π DOJ Discusses China's Efforts to Steal US IP π
π Read
via "Subscriber Blog RSS Feed ".
John Demers, the Justice Department's top national security official, said that 80% of state-connected espionage cases relate to China.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
DOJ Discusses China's Efforts to Steal US IP
John Demers, the Justice Department's top national security official, said that 80% of state-connected espionage cases relate to China.
π΄ Online Business Fraud Down, Consumer Fraud Up π΄
π Read
via "Dark Reading: ".
Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.π Read
via "Dark Reading: ".
Dark Reading
Online Business Fraud Down, Consumer Fraud Up
Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.
π How phishing attacks have exploited Amazon Web Services accounts π
π Read
via "Security on TechRepublic".
Phishing campaigns could compromise business data and use Amazon's cloud platform to launch further attacks, says KnowBe4.π Read
via "Security on TechRepublic".
TechRepublic
How phishing attacks have exploited Amazon Web Services accounts
Phishing campaigns could compromise business data and use Amazon's cloud platform to launch further attacks, says KnowBe4.
π΄ Phishing Attack Used Box to Land in Victim Inboxes π΄
π Read
via "Dark Reading: ".
A phishing attack targeting government and security organizations used a legitimate Box page with Microsoft 365 branding to trick victims.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Election Security's Sticky Problem: Attackers Who Don't Attack Votes π΄
π Read
via "Dark Reading: ".
If election defenders are protecting votes, and adversaries are attacking something else entirely, both sides might claim success, "Operation BlackOut" simulation shows.π Read
via "Dark Reading: ".
Dark Reading
Election Security's Sticky Problem: Attackers Who Don't Attack Votes
If election defenders are protecting votes, and adversaries are attacking something else entirely, both sides might claim success, Operation BlackOut simulation shows.
β Four More Bugs Patched in Microsoftβs Azure Sphere IoT Platform β
π Read
via "Threatpost".
Researchers have unearthed more vulnerabilities in Microsoftβs IoT security solution.π Read
via "Threatpost".
Threat Post
Four More Bugs Patched in Microsoftβs Azure Sphere IoT Platform
Researchers have unearthed more vulnerabilities in Microsoftβs IoT security solution.
ATENTIONβΌ New - CVE-2019-14904
π Read
via "National Vulnerability Database".
A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected.π Read
via "National Vulnerability Database".
β How to Write a Cybersecurity Playbook During a Pandemic β
π Read
via "Threatpost".
IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on.π Read
via "Threatpost".
Threat Post
How to Write a Cybersecurity Playbook During a Pandemic
IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on.
β Medical Data Leaked on GitHub Due to Developer Errors β
π Read
via "Threatpost".
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.π Read
via "Threatpost".
Threat Post
Medical Data Leaked on GitHub Due to Developer Errors
Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
π΄ Deep Fake: Setting the Stage for Next-Gen Social Engineering π΄
π Read
via "Dark Reading: ".
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.π Read
via "Dark Reading: ".
Dark Reading
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
π What a year of penetration testing data can reveal about the state of cybersecurity π
π Read
via "Security on TechRepublic".
From web app flaws to a lack of 2FA, Rapid7 found lots of common soft targets in the networks it breached on behalf of clients.π Read
via "Security on TechRepublic".
TechRepublic
What a year of penetration testing data can reveal about the state of cybersecurity
From web app flaws to a lack of 2FA, Rapid7 found lots of common soft targets in the networks it breached on behalf of clients.
β Disinformation Spurs a Thriving Industry as U.S. Election Looms β
π Read
via "Threatpost".
Threat actors are becoming increasingly sophisticated in launching disinformation campaigns - and staying under the radar to avoid detection from Facebook, Twitter and other platforms.π Read
via "Threatpost".
Threat Post
Disinformation Spurs a Thriving Industry as U.S. Election Looms
Threat actors are becoming increasingly sophisticated in launching disinformation campaigns - and staying under the radar to avoid detection from Facebook, Twitter and other platforms.
π΄ With More Use of Cloud, Passwords Become Even Weaker Link π΄
π Read
via "Dark Reading: ".
Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.π Read
via "Dark Reading: ".
Dark Reading
With More Use of Cloud, Passwords Become Even Weaker Link
Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.
π Want to create loyal customers? Get on the bleeding edge of data security π
π Read
via "Security on TechRepublic".
The public is increasingly wary of the privacy of their data. Companies reliant on it should take this as a sign of the future of customer loyalty, says data privacy firm Privitar.π Read
via "Security on TechRepublic".
TechRepublic
Want to create loyal customers? Get on the bleeding edge of data security
The public is increasingly wary of the privacy of their data. Companies reliant on it should take this as a sign of the future of customer loyalty, says data privacy firm Privitar.
π Cybersecurity at a crossroads: Moving toward trust in our technologies π
π Read
via "Security on TechRepublic".
Cloud computing changed the technology landscape forever. Here's hoping that trust will be the next frontier of computing.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity at a crossroads: Moving toward trust in our technologies
Cloud computing changed the technology landscape forever. Here's hoping that trust will be the next frontier of computing.
ATENTIONβΌ New - CVE-2019-18847
π Read
via "National Vulnerability Database".
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1.π Read
via "National Vulnerability Database".