ATENTIONβΌ New - CVE-2019-14758
π Read
via "National Vulnerability Database".
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14757
π Read
via "National Vulnerability Database".
An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application.π Read
via "National Vulnerability Database".
β MFA Bypass Bugs Opened Microsoft 365 to Attack β
π Read
via "Threatpost".
Vulnerabilities βthat have existed for yearsβ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.π Read
via "Threatpost".
Threat Post
MFA Bypass Bugs Opened Microsoft 365 to Attack
Vulnerabilities βthat have existed for yearsβ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.
π΄ A Real-World Tool for Organizing, Integrating Your Other Tools π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
A Real-World Tool for Organizing, Integrating Your Other Tools
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
π΄ Simplify Your Privacy Approach to Overcome CCPA Challenges π΄
π Read
via "Dark Reading: ".
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.π Read
via "Dark Reading: ".
Dark Reading
Simplify Your Privacy Approach to Overcome CCPA Challenges
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
π Ransomware attacks continue to dominate the threat landscape π
π Read
via "Security on TechRepublic".
Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.π Read
via "Security on TechRepublic".
TechRepublic
Ransomware attacks continue to dominate the threat landscape
Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.
π How to protect your organization from DDoS attacks π
π Read
via "Security on TechRepublic".
Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.π Read
via "Security on TechRepublic".
TechRepublic
NordVPN Teams: How to protect your organization from DDoS attacks
Without early threat detection, you may not know your website has been hit by a DDoS attack until it slows down or stops, says NordVPN Teams.
π CISOs are struggling to prepare for security compliance audits π
π Read
via "Security on TechRepublic".
CISOs are turning to automation to address concerns about doing more with less, preparing for audits remotely, and speeding evidence collection, according to a newly released study.π Read
via "Security on TechRepublic".
TechRepublic
CISOs are struggling to prepare for security compliance audits
CISOs are turning to automation to address concerns about doing more with less, preparing for audits remotely, and speeding evidence collection, according to a newly released study.
β Windows Exploit Released For Microsoft βZerologonβ Flaw β
π Read
via "Threatpost".
Security researchers and U.S. government authorities alike are urging admins to address Microsoft's critical privilege escalation flaw.π Read
via "Threatpost".
Threat Post
Windows Exploit Released For Microsoft βZerologonβ Flaw
Security researchers and U.S. government authorities alike are urging admins to address Microsoft's critical privilege escalation flaw.
π Top 5 things to know about zero trust ops π
π Read
via "Security on TechRepublic".
Checking users, applications, and devices on your network are just a few ways to keep your company safe from cyberattacks. Tom Merritt lists five things to know about zero trust ops.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about zero trust ops
Checking users, applications, and devices on your network are just a few ways to keep your company safe from cyberattacks. Tom Merritt lists five things to know about zero trust ops.
π Top 5 things to know about zero trust ops π
π Read
via "Security on TechRepublic".
Checking users, applications, and devices on your network are just a few ways to keep your company safe from cyberattacks. Tom Merritt lists five things to know about zero trust ops.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about zero trust ops
Checking users, applications, and devices on your network are just a few ways to keep your company safe from cyberattacks. Tom Merritt lists five things to know about zero trust ops.
π΄ Research Finds Nearly 800,000 Access Keys Exposed Online π΄
π Read
via "Dark Reading: ".
The keys were primarily for access to databases and cloud services.π Read
via "Dark Reading: ".
Dark Reading
Research Finds Nearly 800,000 Access Keys Exposed Online
The keys were primarily for access to databases and cloud services.
π How to run a phishing attack simulation with GoPhish π
π Read
via "Security on TechRepublic".
Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.π Read
via "Security on TechRepublic".
TechRepublic
How to run a phishing attack simulation with GoPhish
Jack Wallen shows you how to run a phishing simulation on your employees to test their understanding of how this type of attack works.
π Top 10 antivirus software options for security-conscious users π
π Read
via "Security on TechRepublic".
The world is too dangerous to use the internet unprotected. Save your computers, tablets, and phones from being attacked with these options.π Read
via "Security on TechRepublic".
TechRepublic
Top 10 antivirus software options for security-conscious users
The world is too dangerous to use the internet unprotected. Save your computers, tablets, and phones from being attacked--check out this antivirus software.
π Cyberattacks against schools are on the rise π
π Read
via "Security on TechRepublic".
With the back-to-school season, schools and academic organizations are seeing an increase in cyberattacks, says Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Cyberattacks against schools are on the rise
With the back-to-school season, schools and academic organizations are seeing an increase in cyberattacks, says Check Point Research.
π TOR Virtual Network Tunneling Tool 0.4.4.5 π
π Go!
via "Security Tool Files β Packet Storm".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.4.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption π΄
π Read
via "Dark Reading: ".
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.π Read
via "Dark Reading: ".
Dark Reading
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
π΄ Taking Security With You in the WFH Era: What to Do Next π΄
π Read
via "Dark Reading: ".
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.π Read
via "Dark Reading: ".
Dark Reading
Taking Security With You in the WFH Era: What to Do Next
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
π΄ CISA Issues Alert for Microsoft Netlogon Vulnerability π΄
π Read
via "Dark Reading: ".
CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.π Read
via "Dark Reading: ".
Darkreading
CISA Issues Alert for Microsoft Netlogon Vulnerability
CISA has issued an alert following the discovery of publicly available exploit code for Windows elevation of privilege flaw CVE-2020-1472.
β IBM Spectrum Protect Plus Security Open to RCE β
π Read
via "Threatpost".
Two bugs (CVE-2020-4703 and CVE-2020-4711) in IBM's Spectrum Protect Plus data-storage protection solution could enable remote code execution.π Read
via "Threatpost".
Threat Post
IBM Spectrum Protect Plus Security Open to RCE
Two high-severity bugs (CVE-2020-4703 and CVE-2020-4711) in IBM's Spectrum Protect Plus data-storage protection solution could enable remote code execution.
β QR Codes Serve Up a Menu of Security Concerns β
π Read
via "Threatpost".
QR code usage is soaring in the pandemic -- but malicious versions aren't something that most people think about.π Read
via "Threatpost".
Threat Post
QR Codes Serve Up a Menu of Security Concerns
QR code usage is soaring in the pandemic β but malicious versions aren't something that most people think about.