β Google Cloud Buckets Exposed in Rampant Misconfiguration β
π Read
via "Threatpost".
A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows.π Read
via "Threatpost".
Threat Post
Google Cloud Buckets Exposed in Rampant Misconfiguration
A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows.
β Activision Refutes Claims of 500K-Account Hack β
π Read
via "Threatpost".
The Call of Duty behemoth said that the reports of widespread hacks are false.π Read
via "Threatpost".
Threat Post
Activision Refutes Claims of 500K-Account Hack
The Call of Duty behemoth said that the reports of widespread hacks are false.
β Firefox 81 Release Kills High-Severity Code-Execution Bugs β
π Read
via "Threatpost".
Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3.π Read
via "Threatpost".
Threat Post
Firefox 81 Release Kills High-Severity Code-Execution Bugs
Mozilla has fixed three high-severity flaws with the release of Firefox 81 and Firefox ESR 78.3.
β Microsoft Overhauls Patch Tuesday Security Update Guide β
π Read
via "Threatpost".
Microsoft announced a new Security Guide to help cybersecurity profession more quickly untangle relevant bugs in its monthly security bulletins.π Read
via "Threatpost".
Threat Post
Microsoft Overhauls Patch Tuesday Security Update Guide
Microsoft announced a new Security Guide to help cybersecurity professionals more quickly untangle relevant bugs in its monthly security bulletins.
π΄ Microsoft Extends Data Loss Prevention to Cloud App Security π΄
π Read
via "Dark Reading: ".
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.π Read
via "Dark Reading: ".
Darkreading
Microsoft Extends Data Loss Prevention to Cloud App Security
The update, one of several announced today, is intended to help employees remain compliant when handling data across cloud applications.
π΄ Can Schools Pass Their Biggest Cybersecurity Test Yet? π΄
π Read
via "Dark Reading: ".
Understaffed, underfunded, and underequipped, IT teams in the K-12 sector face a slew of challenges amid remote and hybrid learning models. Here's where they can begin to protect their schools against cyberattacks.π Read
via "Dark Reading: ".
Dark Reading
Can Schools Pass Their Biggest Cybersecurity Test Yet?
Understaffed, underfunded, and underequipped, IT teams in the K-12 sector face a slew of challenges amid remote and hybrid learning models. Here's where they can begin to protect their schools against cyberattacks.
β Known Citrix Workspace Bug Open to New Attack β
π Read
via "Threatpost".
Windows MSI files provide an opening for attackers even though the bug was mostly patched in July.π Read
via "Threatpost".
Threat Post
Known Citrix Workspace Bug Open to New Attack Vector
Windows MSI files provide an opening for attackers even though the bug was mostly patched in July.
π΄ Startup Aims to Map and Track All the IT and Security Things π΄
π Read
via "Dark Reading: ".
Security service JupiterOne spins off from a healthcare service provider's homegrown technology.π Read
via "Dark Reading: ".
Dark Reading
Startup Aims to Map and Track All the IT and Security Things
Security service JupiterOne spins off from a healthcare service provider's homegrown technology.
π΄ New Google Search Hacks Push Viruses & Porn π΄
π Read
via "Dark Reading: ".
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.π Read
via "Dark Reading: ".
Dark Reading
New Google Search Hacks Push Viruses & Porn
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
π Georgia Clinic Pays $1.5M to Settle HIPAA Noncompliance π
π Read
via "Subscriber Blog RSS Feed ".
An investigation by HHS OCR at this clinic uncovered "longstanding, systemic noncompliance with the HIPAA Privacy and Security Rules."π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Georgia Clinic Pays $1.5M to Settle HIPAA Noncompliance
An investigation by HHS OCR at this clinic uncovered "longstanding, systemic noncompliance with the HIPAA Privacy and Security Rules."
π Four ways CISOs can move enterprise security into the new normal π
π Read
via "Security on TechRepublic".
Security is changing rapidly, and the COVID-19 pandemic hasn't helped. A Cisco roundtable of chief information security officer advisers plotted the course for a secure future.π Read
via "Security on TechRepublic".
TechRepublic
Four ways CISOs can move enterprise security into the new normal
Security is changing rapidly, and the COVID-19 pandemic hasn't helped. A Cisco roundtable of chief information security officer advisers plotted the course for a secure future.
π OpenSSL Toolkit 1.1.1h π
π Go!
via "Security Tool Files β Packet Storm".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
OpenSSL Toolkit 1.1.1h β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Google Chrome Bugs Open Browsers to Attack β
π Read
via "Threatpost".
Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.π Read
via "Threatpost".
Threat Post
Google Chrome Bugs Open Browsers to Attack
Google's new release of Chrome 85.0.4183.121 for Windows, Mac, and Linux fixes 10 security flaws.
π How to create a secure username π
π Read
via "Security on TechRepublic".
Passwords are the most important factor for securing your accounts. But you need to pay attention to your usernames as well, says NordPass.π Read
via "Security on TechRepublic".
TechRepublic
How to Create a Secure Username
Discover how to create a unique and secure username for your online accounts, and find out why itβs just as important as having a strong password.
π΄ Vulnerability Disclosure Programs See Signups & Payouts Surge π΄
π Read
via "Dark Reading: ".
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability Disclosure Programs See Signups & Payouts Surge
More than $44.75 million in rewards were paid to hackers over the past year, driving total payouts beyond $100 million.
π΄ Attackers Target Small Manufacturing Firms π΄
π Read
via "Dark Reading: ".
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.π Read
via "Dark Reading: ".
Dark Reading
Attackers Target Small Manufacturing Firms
The most common tactics include credential stuffing using valid accounts, various forms of deception, and vulnerabilities in third-party software, Rapid7 says in its latest quarterly threat report.
ATENTIONβΌ New - CVE-2019-1983
π Read
via "National Vulnerability Database".
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-1947
π Read
via "National Vulnerability Database".
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-1888
π Read
via "National Vulnerability Database".
A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-1736
π Read
via "National Vulnerability Database".
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-16028
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.π Read
via "National Vulnerability Database".