ATENTIONβΌ New - CVE-2013-7491
π Read
via "National Vulnerability Database".
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7490
π Read
via "National Vulnerability Database".
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.π Read
via "National Vulnerability Database".
β Office 365 Phishing Attack Leverages Real-Time Active Directory Validation β
π Read
via "Threatpost".
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.π Read
via "Threatpost".
Threat Post
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
β APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins β
π Read
via "Threatpost".
The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.π Read
via "Threatpost".
Threat Post
APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins
The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
β Naked Security Live β βShould you worry about your wallpaper?β β
π Read
via "Naked Security".
Naked Security Live - here's the recorded version of our latest video. Enjoy.π Read
via "Naked Security".
Naked Security
Naked Security Live β βShould you worry about your wallpaper?β
Naked Security Live β hereβs the recorded version of our latest video. Enjoy.
π΄ More Printers Could Mean Security Problems for Home-Bound Workers π΄
π Read
via "Dark Reading: ".
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.π Read
via "Dark Reading: ".
Dark Reading
More Printers Could Mean Security Problems for Home-Bound Workers
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
π΄ Open Source Security's Top Threat and What To Do About It π΄
π Read
via "Dark Reading: ".
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.π Read
via "Dark Reading: ".
Dark Reading
Open Source Security's Top Threat and What To Do About It
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
π How to restrict Nextcloud logins to IP addresses π
π Read
via "Security on TechRepublic".
If you want to lock down your Nextcloud instance so only certain computers can log in, follow these steps.π Read
via "Security on TechRepublic".
TechRepublic
How to restrict Nextcloud logins to IP addresses
If you want to lock down your Nextcloud instance so only certain computers can log in, follow these steps.
π How to install Infection Monkey for breach and attack simulations on your network π
π Read
via "Security on TechRepublic".
Have you tested your network using a breach and attack simulator? If not, Jack Wallen shows you how with Infection Monkey.π Read
via "Security on TechRepublic".
TechRepublic
How to install Infection Monkey for breach and attack simulations on your network
Have you tested your network using a breach and attack simulator? If not, Jack Wallen shows you how with Infection Monkey.
π Clam AntiVirus Toolkit 0.103.0 π
π Go!
via "Security Tool Files β Packet Storm".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Clam AntiVirus Toolkit 0.103.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Magecart Attack Impacts More Than 10K Online Shoppers β
π Read
via "Threatpost".
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.π Read
via "Threatpost".
Threat Post
Magecart Attack Impacts More Than 10K Online Shoppers
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
π΄ Virginia's Largest School System Hit With Ransomware π΄
π Read
via "Dark Reading: ".
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.π Read
via "Dark Reading: ".
Dark Reading
Virginia's Largest School System Hit With Ransomware
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.
ATENTIONβΌ New - CVE-2018-20432
π Read
via "National Vulnerability Database".
D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or modify the configuration.π Read
via "National Vulnerability Database".
β TikTok Fixes Flaws That Opened Android App to Compromise β
π Read
via "Threatpost".
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.π Read
via "Threatpost".
Threat Post
TikTok Fixes Flaws That Opened Android App to Compromise
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
ATENTIONβΌ New - CVE-2019-0233
π Read
via "National Vulnerability Database".
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-0230
π Read
via "National Vulnerability Database".
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.π Read
via "National Vulnerability Database".
β Cloud Leak Exposes 320M Dating-Site Records β
π Read
via "Threatpost".
A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.π Read
via "Threatpost".
Threat Post
Cloud Leak Exposes 320M Dating-Site Records
A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
π CISA Breaks Down Recent Chinese Nation State Cyber Activity π
π Read
via "Subscriber Blog RSS Feed ".
A new advisory from CISA outlines recent tactics, techniques, and procedures (TTPs) used by Chinese nation state hackers to target US agencies; it also includes ATT&CK Framework TTPs.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
CISA Breaks Down Recent Chinese Nation State Cyber Activity
A new advisory from CISA outlines recent hacking tactics, techniques, and procedures (TTPs) used by Chinese nation state threat actors to target US agencies; it also includes includes ATT&CK Framework TTPs.
ATENTIONβΌ New - CVE-2019-14756
π Read
via "National Vulnerability Database".
An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application's UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application.π Read
via "National Vulnerability Database".
π΄ Security Through an Economics Lens: A Guide for CISOs π΄
π Read
via "Dark Reading: ".
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.π Read
via "Dark Reading: ".
Dark Reading
Security Through an Economics Lens: A Guide for CISOs
An expert in economics and cybersecurity applies opportunity cost and other concepts of the dismal science to infosec roles.
π΄ E-Commerce Sites Hit With New Attack on Magento π΄
π Read
via "Dark Reading: ".
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.π Read
via "Dark Reading: ".
Dark Reading
E-Commerce Sites Hit With New Attack on Magento
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.