ATENTION‼ New - CVE-2020-14178
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-12776
📖 Read
via "National Vulnerability Database".
Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.📖 Read
via "National Vulnerability Database".
❌ Pioneer Kitten APT Sells Corporate Network Access ❌
📖 Read
via "Threatpost".
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.📖 Read
via "Threatpost".
Threat Post
Pioneer Kitten APT Sells Corporate Network Access
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.
🕴 Why Are There Still So Many Windows 7 Devices? 🕴
📖 Read
via "Dark Reading: ".
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.📖 Read
via "Dark Reading: ".
Dark Reading
Why Are There Still So Many Windows 7 Devices?
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.
ATENTION‼ New - CVE-2018-12475
📖 Read
via "National Vulnerability Database".
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .📖 Read
via "National Vulnerability Database".
❌ FBI: Ring Smart Doorbells Could Sabotage Cops ❌
📖 Read
via "Threatpost".
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.📖 Read
via "Threatpost".
Threat Post
FBI: Ring Smart Doorbells Could Sabotage Cops
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.
ATENTION‼ New - CVE-2019-5645
📖 Read
via "National Vulnerability Database".
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.📖 Read
via "National Vulnerability Database".
❌ Magecart Credit-Card Skimmer Adds Telegram as C2 Channel ❌
📖 Read
via "Threatpost".
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.📖 Read
via "Threatpost".
Threat Post
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.
❌ U.S. Voter Databases Offered for Free on Dark Web, Report ❌
📖 Read
via "Threatpost".
Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort.📖 Read
via "Threatpost".
Threat Post
U.S. Voter Databases Offered for Free on Dark Web, Report
Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort.
🕴 ISO 27701 Paves the Way for a Strategic Approach to Privacy 🕴
📖 Read
via "Dark Reading: ".
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.📖 Read
via "Dark Reading: ".
Dark Reading
ISO 27701 Paves the Way for a Strategic Approach to Privacy
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.
🔏 Phishing, BEC Scams Netting $80,000 On Average in 2020 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
A recap of recent phishing activity trends found a decrease in detected phishing sites but a big increase in Business Email Compromise attack losses, around $80 million per attack.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Phishing, BEC Scams Netting $80,000 On Average in 2020
A recap of recent phishing activity trends found a decrease in detected phishing sites but a big increase in Business Email Compromise attack losses, around $80 million per attack.
🔐 Ransomware attacks continue to dominate the threat landscape 🔐
📖 Read
via "Security on TechRepublic".
Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.📖 Read
via "Security on TechRepublic".
TechRepublic
Ransomware attacks continue to dominate the threat landscape
Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.
🛠 Sifter 10 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
Sifter 10 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 SQLMAP - Automatic SQL Injection Tool 1.4.9 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.9 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTION‼ New - CVE-2012-3341
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3340
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3338
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3337
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3336
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.📖 Read
via "National Vulnerability Database".
🕴 New APT Pioneer Kitten Linked to Iranian Government 🕴
📖 Read
via "Dark Reading: ".
The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.📖 Read
via "Dark Reading: ".
Dark Reading
New APT Pioneer Kitten Linked to Iranian Government
The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.