π΄ RASP 101: Staying Safe With Runtime Application Self-Protection π΄
π Read
via "Dark Reading: ".
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.π Read
via "Dark Reading: ".
Dark Reading
RASP 101: Staying Safe With Runtime Application Self-Protection
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
π Friday Five 9/25 π
π Read
via "Subscriber Blog RSS Feed ".
Insider data breaches, COVID contact tracing apps, and FBI indictments - catch up on the week's news with the Friday Five!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five 9/25
Insider data breaches, COVID contact tracing apps, and FBI indictments - catch up on the week's news with the Friday Five!
β Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks β
π Read
via "Threatpost".
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.π Read
via "Threatpost".
Threat Post
Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
β Blast from the past! Windows XP source code allegedly leaked online β
π Read
via "Naked Security".
Windows XP source code! Fair game to take a peek, or best to look away?π Read
via "Naked Security".
Naked Security
Blast from the past! Windows XP source code allegedly leaked online
Windows XP source code! Fair game to take a peek, or best to look away?
ATENTIONβΌ New - CVE-2018-6449
π Read
via "National Vulnerability Database".
Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headersπ Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-6448
π Read
via "National Vulnerability Database".
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-6447
π Read
via "National Vulnerability Database".
A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a userΓ’β¬β’s session and take over the account.π Read
via "National Vulnerability Database".
π Facebook removes a slew of accounts ahead of the US election π
π Read
via "Security on TechRepublic".
These campaigns used tailored messages to target audiences around the globe. As part of the announcement, Facebook also details account followers and advertising spending pertaining to these efforts.π Read
via "Security on TechRepublic".
TechRepublic
Facebook removes fake Russian accounts ahead of the US presidential election
These campaigns used tailored messages to target audiences around the globe. As part of the announcement, Facebook also details account followers and advertising spending pertaining to these efforts.
π SpyCloud and CyberDefenses join forces on election security effort π
π Read
via "Security on TechRepublic".
A cybersecurity company providing services to one in five election jurisdictions across the United States has teamed up with another company to beef up digital protections.π Read
via "Security on TechRepublic".
TechRepublic
SpyCloud and CyberDefenses join forces on election security effort
A cybersecurity company providing services to one in five election jurisdictions across the United States has teamed up with another company to beef up digital protections.
π΄ Getting Over the Security-to-Business Communication Gap in DevSecOps π΄
π Read
via "Dark Reading: ".
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.π Read
via "Dark Reading: ".
Dark Reading
Getting Over the Security-to-Business Communication Gap in DevSecOps
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
π΄ Navigating the Asia-Pacific Threat Landscape: Experts Dive In π΄
π Read
via "Dark Reading: ".
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.π Read
via "Dark Reading: ".
Dark Reading
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
β Ringβs Flying In-Home Camera Drone Escalates Privacy Worries β
π Read
via "Threatpost".
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.π Read
via "Threatpost".
Threat Post
Ringβs Flying In-Home Camera Drone Escalates Privacy Worries
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.
β Industrial Cyberattacks Get Rarer but More Complex β
π Read
via "Threatpost".
The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.π Read
via "Threatpost".
Threat Post
Industrial Cyberattacks Get Rarer but More Complex
The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.
π΄ 6 Things to Know About the Microsoft 'Zerologon' Flaw π΄
π Read
via "Dark Reading: ".
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β FortiGate VPN Default Config Allows MitM Attacks β
π Read
via "Threatpost".
The client's default configuration for SSL-VPN has a certificate issue, researchers said.π Read
via "Threatpost".
Threat Post
FortiGate VPN Default Config Allows MitM Attacks
The client's default configuration for SSL-VPN has a certificate issue, researchers said.
β Bug Bounty FAQ: Top Questions, Expert Answers β
π Read
via "Threatpost".
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.π Read
via "Threatpost".
Threat Post
Bug Bounty FAQ: Top Questions, Expert Answers
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.
βΌ CVE-2020-25827 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25812 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25814 βΌ
π Read
via "National Vulnerability Database".
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.π Read
via "National Vulnerability Database".
β Naked Security Live β βSMS scams: keep yourself and your family safe!β β
π Read
via "Naked Security".
Naked Security Live - here's the recorded version of our latest video. Enjoy.π Read
via "Naked Security".
Naked Security
Naked Security Live β βSMS scams: keep yourself and your family safe!β
Naked Security Live β hereβs the recorded version of our latest video. Enjoy.
π΄ MFA-Minded Attackers Continue to Figure Out Workarounds π΄
π Read
via "Dark Reading".
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.π Read
via "Dark Reading".
Dark Reading
MFA-Minded Attackers Continue to Figure Out Workarounds
While MFA can improve overall security posture, it's not a silver bullet -- and hacks continue.