ATENTIONβΌ New - CVE-2012-3340
π Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-3338
π Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-3337
π Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the system. IBM X-Force ID: 78284.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-3336
π Read
via "National Vulnerability Database".
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282.π Read
via "National Vulnerability Database".
π΄ New APT Pioneer Kitten Linked to Iranian Government π΄
π Read
via "Dark Reading: ".
The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.π Read
via "Dark Reading: ".
Dark Reading
New APT Pioneer Kitten Linked to Iranian Government
The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.
π΄ Apple Signs Shlayer, Legitimizes Malware π΄
π Read
via "Dark Reading: ".
Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.π Read
via "Dark Reading: ".
Dark Reading
Apple Signs Shlayer, Legitimizes Malware
Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.
β Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws β
π Read
via "Threatpost".
Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites.π Read
via "Threatpost".
Threat Post
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites.
π΄ Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats π΄
π Read
via "Dark Reading: ".
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.π Read
via "Dark Reading: ".
Dark Reading
Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.
π΄ New Threat Activity by Lazarus Group Spells Trouble For Orgs π΄
π Read
via "Dark Reading: ".
The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation's missile program, security experts say.π Read
via "Dark Reading: ".
Dark Reading
New Threat Activity by Lazarus Group Spells Trouble For Orgs
The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation's missile program, security experts say.
β Chinese APT Debuts Sepulcher Malware in Spear-Phishing Attacks β
π Read
via "Threatpost".
The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents.π Read
via "Threatpost".
Threat Post
China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks
The RAT has been distributed in various campaigns over the past six months, targeting both European officials and Tibetan dissidents.
β Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers β
π Read
via "Threatpost".
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.π Read
via "Threatpost".
Threat Post
Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices.
β Live Webinar: XDR and Beyond β
π Read
via "Threatpost".
Next week, Senior Analyst Dave Gruber of ESG will join cybersecurity company Cynet for a webinar to help companies better understand the promise and realities of emerging XDR technologiesπ Read
via "Threatpost".
Threat Post
Live Webinar: XDR and Beyond
Next week, Senior Analyst Dave Gruber of ESG will join cybersecurity company Cynet for a webinar to help companies better understand the promise and realities of emerging XDR technologies
β Phishing scam uses Sharepoint and One Note to go after passwords β
π Read
via "Naked Security".
Not all phishing links appear right in the email itself...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Hypothesis: Cyber Attackers Are After Your Scientific Research π΄
π Read
via "Dark Reading: ".
From COVID-19 treatment to academic studies, keeping research secure is more important than ever. The ResearchSOC at Indiana University intends to help.π Read
via "Dark Reading: ".
Dark Reading
Hypothesis: Cyber Attackers Are After Your Scientific Research
From COVID-19 treatment to academic studies, keeping research secure is more important than ever. The ResearchSOC at Indiana University intends to help.
π΄ Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them) π΄
π Read
via "Dark Reading: ".
By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how.π Read
via "Dark Reading: ".
Dark Reading
Why Kubernetes Clusters Are Intrinsically Insecure (& What to Do About Them)
By following best practices and prioritizing critical issues, you can reduce the chances of a security breach and constrain the blast radius of an attempted attack. Here's how.
π 33% of companies expose unsafe network services to the internet π
π Read
via "Security on TechRepublic".
The findings of a new report validate the correlation between poor network hygiene and the prevalence of wider security issues in the digital supply chain.π Read
via "Security on TechRepublic".
TechRepublic
33% of companies expose unsafe network services to the internet
The findings of a new report validate the correlation between poor network hygiene and the prevalence of wider security issues in the digital supply chain.
π How insider threats pose risks and challenges to any organization π
π Read
via "Security on TechRepublic".
Insider threats can be difficult to combat and manage due to budgetary limits, lack of staff, and insufficient tools, says Bitglass.π Read
via "Security on TechRepublic".
TechRepublic
How insider threats pose risks and challenges to any organization
Insider threats can be difficult to combat and manage due to budgetary limits, lack of staff, and insufficient tools, says Bitglass.
π΄ DHS Partners with Industry to Offer State, Local Gov'ts Cybersecurity Aid π΄
π Read
via "Dark Reading: ".
The US Department of Homeland Security teams up with Akamai and the Center for Internet Security to provide state and local governments with cybersecurity through DNS for free.π Read
via "Dark Reading: ".
Dark Reading
DHS Partners with Industry to Offer State, Local Gov'ts Cybersecurity Aid
The US Department of Homeland Security teams up with Akamai and the Center for Internet Security to provide state and local governments with cybersecurity through DNS for free.
π΄ 5 Tips for Triaging Risk from Exposed Credentials π΄
π Read
via "Dark Reading: ".
Not all exposed usernames and passwords present a threat. Here's how to quickly identify the ones that do.π Read
via "Dark Reading: ".
Dark Reading
5 Tips for Triaging Risk from Exposed Credentials
Not all exposed usernames and passwords present a threat. Here's how to quickly identify the ones that do.
π How to enable end-to-end encryption for the Nextcloud app π
π Read
via "Security on TechRepublic".
Learn how you can enable the new Nextcloud end-to-end encryption.π Read
via "Security on TechRepublic".
TechRepublic
How to enable end-to-end encryption for the Nextcloud app
Learn how you can enable the new Nextcloud end-to-end encryption.
π Replace your passwords with passphrases: Here's how to use them to remain secure π
π Read
via "Security on TechRepublic".
Instead of trying to remember a long and complex password, try switching to passphrases. Learn why they're important and how they work.π Read
via "Security on TechRepublic".
TechRepublic
Replace your passwords with passphrases: Hereβs how to use them to remain secure
Instead of trying to remember a long and complex password, try switching to passphrases. Learn why they're important and how they work.