β Cisco Patch-Palooza Tackles 29 High-Severity Bugs β
π Read
via "Threatpost".
Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software.π Read
via "Threatpost".
Threat Post
Cisco Patch-Palooza Tackles 29 High-Severity Bugs
Patches and workaround fixes address flaws on networking hardware running Cisco IOS XE software.
β Feds Hit with Successful Cyberattack, Data Stolen β
π Read
via "Threatpost".
The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.π Read
via "Threatpost".
Threat Post
Feds Hit with Successful Cyberattack, Data Stolen
The attack featured a unique, multistage malware and a likely PulseSecure VPN exploit.
π΄ Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic π΄
π Read
via "Dark Reading: ".
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.π Read
via "Dark Reading: ".
Dark Reading
Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic
Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
π΄ Malware Attacks Declined But Became More Evasive in Q2 π΄
π Read
via "Dark Reading: ".
Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.π Read
via "Dark Reading: ".
Dark Reading
Malware Attacks Declined But Became More Evasive in Q2
Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.
ATENTIONβΌ New - CVE-2016-11086
π Read
via "National Vulnerability Database".
lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10585
π Read
via "National Vulnerability Database".
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10432
π Read
via "National Vulnerability Database".
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-17477
π Read
via "National Vulnerability Database".
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-11556
π Read
via "National Vulnerability Database".
Pagure before 5.6 allows XSS via the templates/blame.html blame view.π Read
via "National Vulnerability Database".
π΄ WannaCry Has IoT in Its Crosshairs π΄
π Read
via "Dark Reading: ".
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.π Read
via "Dark Reading: ".
Dark Reading
WannaCry Has IoT in Its Crosshairs
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
π΄ RASP 101: Staying Safe With Runtime Application Self-Protection π΄
π Read
via "Dark Reading: ".
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.π Read
via "Dark Reading: ".
Dark Reading
RASP 101: Staying Safe With Runtime Application Self-Protection
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
π Friday Five 9/25 π
π Read
via "Subscriber Blog RSS Feed ".
Insider data breaches, COVID contact tracing apps, and FBI indictments - catch up on the week's news with the Friday Five!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five 9/25
Insider data breaches, COVID contact tracing apps, and FBI indictments - catch up on the week's news with the Friday Five!
β Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks β
π Read
via "Threatpost".
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.π Read
via "Threatpost".
Threat Post
Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
β Blast from the past! Windows XP source code allegedly leaked online β
π Read
via "Naked Security".
Windows XP source code! Fair game to take a peek, or best to look away?π Read
via "Naked Security".
Naked Security
Blast from the past! Windows XP source code allegedly leaked online
Windows XP source code! Fair game to take a peek, or best to look away?
ATENTIONβΌ New - CVE-2018-6449
π Read
via "National Vulnerability Database".
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headersπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-6448
π Read
via "National Vulnerability Database".
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-6447
π Read
via "National Vulnerability Database".
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a userΓ’β¬β’s session and take over the account.π Read
via "National Vulnerability Database".
π Facebook removes a slew of accounts ahead of the US election π
π Read
via "Security on TechRepublic".
These campaigns used tailored messages to target audiences around the globe. As part of the announcement, Facebook also details account followers and advertising spending pertaining to these efforts.π Read
via "Security on TechRepublic".
TechRepublic
Facebook removes fake Russian accounts ahead of the US presidential election
These campaigns used tailored messages to target audiences around the globe. As part of the announcement, Facebook also details account followers and advertising spending pertaining to these efforts.
π SpyCloud and CyberDefenses join forces on election security effort π
π Read
via "Security on TechRepublic".
A cybersecurity company providing services to one in five election jurisdictions across the United States has teamed up with another company to beef up digital protections.π Read
via "Security on TechRepublic".
TechRepublic
SpyCloud and CyberDefenses join forces on election security effort
A cybersecurity company providing services to one in five election jurisdictions across the United States has teamed up with another company to beef up digital protections.
π΄ Getting Over the Security-to-Business Communication Gap in DevSecOps π΄
π Read
via "Dark Reading: ".
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.π Read
via "Dark Reading: ".
Dark Reading
Getting Over the Security-to-Business Communication Gap in DevSecOps
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
π΄ Navigating the Asia-Pacific Threat Landscape: Experts Dive In π΄
π Read
via "Dark Reading: ".
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.π Read
via "Dark Reading: ".
Dark Reading
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.