β Phishing tricks β the Top Ten Treacheries of 2020 β
π Read
via "Naked Security".
Here's the Top Ten - or perhaps we mean The Worst Ten. How many would you fall for?π Read
via "Naked Security".
Naked Security
Phishing tricks β the Top Ten Treacheries of 2020
Hereβs the Top Ten β or perhaps we mean The Worst Ten. How many would you fall for?
π΄ The Hidden Security Risks of Business Applications π΄
π Read
via "Dark Reading: ".
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.π Read
via "Dark Reading: ".
Dark Reading
The Hidden Security Risks of Business Applications
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
π Phishing attack baits victims by promising access to quarantined emails π
π Read
via "Security on TechRepublic".
This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.π Read
via "Security on TechRepublic".
TechRepublic
Phishing attack baits victims by promising access to quarantined emails
This campaign tries to steal account credentials by convincing users that their email service has quarantined three messages, says Cofense.
ATENTIONβΌ New - CVE-2019-3881
π Read
via "National Vulnerability Database".
Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed.π Read
via "National Vulnerability Database".
β Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites β
π Read
via "Threatpost".
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.π Read
via "Threatpost".
Threat Post
Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.
π΄ Strategic Cyber Warfare Heats Up π΄
π Read
via "Dark Reading: ".
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.π Read
via "Dark Reading: ".
Dark Reading
Strategic Cyber Warfare Heats Up
It's anything goes, according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
π New Python-based trojan targets financial tech firms to steal sensitive data π
π Read
via "Security on TechRepublic".
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.π Read
via "Security on TechRepublic".
TechRepublic
New Python-based trojan targets financial tech firms to steal sensitive data
Dubbed PyVil, the new remote access trojan goes after passwords, documents, browser cookies, and email credentials, says Cybereason.
β Facebook Debuts Third-Party Vulnerability Disclosure Policy β
π Read
via "Threatpost".
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.π Read
via "Threatpost".
Threat Post
Facebook Debuts Third-Party Vulnerability Disclosure Policy
If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.
β Vulnerability Disclosure: Ethical Hackers Seek Best Practices β
π Read
via "Threatpost".
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.π Read
via "Threatpost".
Threat Post
Vulnerability Disclosure: Ethical Hackers Seek Best Practices
Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.
π΄ Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook π΄
π Read
via "Dark Reading: ".
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.π Read
via "Dark Reading: ".
Dark Reading
Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
π΄ Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests π΄
π Read
via "Dark Reading: ".
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.π Read
via "Dark Reading: ".
Dark Reading
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
β Social Media: Thwarting The Phishing-Data Goldmine β
π Read
via "Threatpost".
Cybercriminals can use social media in many ways in order to trick employees.π Read
via "Threatpost".
Threat Post
Social Media: Thwarting The Phishing-Data Goldmine
Cybercriminals can use social media in many ways in order to trick employees.
π΄ Warner Music Group Admits Breach π΄
π Read
via "Dark Reading: ".
The months-long breach hit financial details for customers.π Read
via "Dark Reading: ".
Dark Reading
Warner Music Group Admits Breach
The months-long breach hit financial details for customers.
π Qualcomm unveils new Snapdragon processor to power 5G computers π
π Read
via "Security on TechRepublic".
The Snapdragon 8cx Gen 2 5G chip is designed to bring 5G to commercial and consumer Always On, Always Connected PCs. The processor supports Wi-Fi 6 and offers productivity and security benefits.π Read
via "Security on TechRepublic".
TechRepublic
Qualcomm unveils new Snapdragon processor to power 5G computers
The Snapdragon 8cx Gen 2 5G chip is designed to bring 5G to commercial and consumer Always On, Always Connected PCs. The processor supports Wi-Fi 6 and offers productivity and security benefits.
π What SMBs and startups can learn from securing a presidential campaign π
π Read
via "Security on TechRepublic".
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.π Read
via "Security on TechRepublic".
TechRepublic
What SMBs and startups can learn from securing a presidential campaign
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.
π What SMBs and startups can learn from securing a presidential campaign π
π Read
via "Security on TechRepublic".
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.π Read
via "Security on TechRepublic".
TechRepublic
What SMBs and startups can learn from securing a presidential campaign
Mayor Pete Buttigieg's former CISO and Splunk security advisor Mick Baccio explains the cybersecurity best practices he learned from protecting a presidential candidate's campaign.
π΄ Ad Fraud: The Multibillion-Dollar Cybercrime CISOs Might Overlook π΄
π Read
via "Dark Reading: ".
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.π Read
via "Dark Reading: ".
Dark Reading
Ad Fraud: The Multibillion-Dollar Cybercrime CISOs Might Overlook
Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
π How to move Google Authenticator from one iPhone or Android device to another π
π Read
via "Security on TechRepublic".
If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.π Read
via "Security on TechRepublic".
TechRepublic
How to move Google Authenticator from one iPhone or Android device to another
If you migrated to a different iPhone or Android device and need to transfer Google Authenticator to the new hardware, follow these steps.
π Faraday 3.12 π
π Go!
via "Security Tool Files β Packet Storm".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Faraday 3.12 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNU Privacy Guard 2.2.23 π
π Go!
via "Security Tool Files β Packet Storm".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
GNU Privacy Guard 2.2.23 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Scapy Packet Manipulation Tool 2.4.4 π
π Go!
via "Security Tool Files β Packet Storm".
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Scapy Packet Manipulation Tool 2.4.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers