❌ FBI: Ring Smart Doorbells Could Sabotage Cops ❌
📖 Read
via "Threatpost".
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.📖 Read
via "Threatpost".
Threat Post
FBI: Ring Smart Doorbells Could Sabotage Cops
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.
ATENTION‼ New - CVE-2019-5645
📖 Read
via "National Vulnerability Database".
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.📖 Read
via "National Vulnerability Database".
❌ Magecart Credit-Card Skimmer Adds Telegram as C2 Channel ❌
📖 Read
via "Threatpost".
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.📖 Read
via "Threatpost".
Threat Post
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.
❌ U.S. Voter Databases Offered for Free on Dark Web, Report ❌
📖 Read
via "Threatpost".
Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort.📖 Read
via "Threatpost".
Threat Post
U.S. Voter Databases Offered for Free on Dark Web, Report
Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort.
🕴 ISO 27701 Paves the Way for a Strategic Approach to Privacy 🕴
📖 Read
via "Dark Reading: ".
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.📖 Read
via "Dark Reading: ".
Dark Reading
ISO 27701 Paves the Way for a Strategic Approach to Privacy
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.
🔏 Phishing, BEC Scams Netting $80,000 On Average in 2020 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
A recap of recent phishing activity trends found a decrease in detected phishing sites but a big increase in Business Email Compromise attack losses, around $80 million per attack.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Phishing, BEC Scams Netting $80,000 On Average in 2020
A recap of recent phishing activity trends found a decrease in detected phishing sites but a big increase in Business Email Compromise attack losses, around $80 million per attack.
🔐 Ransomware attacks continue to dominate the threat landscape 🔐
📖 Read
via "Security on TechRepublic".
Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.📖 Read
via "Security on TechRepublic".
TechRepublic
Ransomware attacks continue to dominate the threat landscape
Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.
🛠 Sifter 10 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
Sifter 10 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 SQLMAP - Automatic SQL Injection Tool 1.4.9 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.9 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTION‼ New - CVE-2012-3341
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 78294.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3340
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3338
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3337
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-3336
📖 Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.📖 Read
via "National Vulnerability Database".
🕴 New APT Pioneer Kitten Linked to Iranian Government 🕴
📖 Read
via "Dark Reading: ".
The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.📖 Read
via "Dark Reading: ".
Dark Reading
New APT Pioneer Kitten Linked to Iranian Government
The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.
🕴 Apple Signs Shlayer, Legitimizes Malware 🕴
📖 Read
via "Dark Reading: ".
Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.📖 Read
via "Dark Reading: ".
Dark Reading
Apple Signs Shlayer, Legitimizes Malware
Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.
❌ Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws ❌
📖 Read
via "Threatpost".
Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites.📖 Read
via "Threatpost".
Threat Post
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites.
🕴 Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats 🕴
📖 Read
via "Dark Reading: ".
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.📖 Read
via "Dark Reading: ".
Dark Reading
Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.
🕴 New Threat Activity by Lazarus Group Spells Trouble For Orgs 🕴
📖 Read
via "Dark Reading: ".
The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation's missile program, security experts say.📖 Read
via "Dark Reading: ".
Dark Reading
New Threat Activity by Lazarus Group Spells Trouble For Orgs
The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation's missile program, security experts say.
❌ Chinese APT Debuts Sepulcher Malware in Spear-Phishing Attacks ❌
📖 Read
via "Threatpost".
The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents.📖 Read
via "Threatpost".
Threat Post
China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks
The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents.
❌ Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers ❌
📖 Read
via "Threatpost".
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.📖 Read
via "Threatpost".
Threat Post
Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.