π΄ Getting Over the Security-to-Business Communication Gap in DevSecOps π΄
π Read
via "Dark Reading: ".
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.π Read
via "Dark Reading: ".
Dark Reading
Getting Over the Security-to-Business Communication Gap in DevSecOps
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
π΄ Navigating the Asia-Pacific Threat Landscape: Experts Dive In π΄
π Read
via "Dark Reading: ".
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.π Read
via "Dark Reading: ".
Dark Reading
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
β Ringβs Flying In-Home Camera Drone Escalates Privacy Worries β
π Read
via "Threatpost".
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.π Read
via "Threatpost".
Threat Post
Ringβs Flying In-Home Camera Drone Escalates Privacy Worries
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.
β Industrial Cyberattacks Get Rarer but More Complex β
π Read
via "Threatpost".
The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.π Read
via "Threatpost".
Threat Post
Industrial Cyberattacks Get Rarer but More Complex
The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.
π΄ 6 Things to Know About the Microsoft 'Zerologon' Flaw π΄
π Read
via "Dark Reading: ".
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β FortiGate VPN Default Config Allows MitM Attacks β
π Read
via "Threatpost".
The client's default configuration for SSL-VPN has a certificate issue, researchers said.π Read
via "Threatpost".
Threat Post
FortiGate VPN Default Config Allows MitM Attacks
The client's default configuration for SSL-VPN has a certificate issue, researchers said.
β Bug Bounty FAQ: Top Questions, Expert Answers β
π Read
via "Threatpost".
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.π Read
via "Threatpost".
Threat Post
Bug Bounty FAQ: Top Questions, Expert Answers
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.
βΌ CVE-2020-25827 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25812 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25814 βΌ
π Read
via "National Vulnerability Database".
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.π Read
via "National Vulnerability Database".
β Naked Security Live β βSMS scams: keep yourself and your family safe!β β
π Read
via "Naked Security".
Naked Security Live - here's the recorded version of our latest video. Enjoy.π Read
via "Naked Security".
Naked Security
Naked Security Live β βSMS scams: keep yourself and your family safe!β
Naked Security Live β hereβs the recorded version of our latest video. Enjoy.
π΄ MFA-Minded Attackers Continue to Figure Out Workarounds π΄
π Read
via "Dark Reading".
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.π Read
via "Dark Reading".
Dark Reading
MFA-Minded Attackers Continue to Figure Out Workarounds
While MFA can improve overall security posture, it's not a silver bullet -- and hacks continue.
π΄ Safeguarding Schools Against RDP-Based Ransomware π΄
π Read
via "Dark Reading".
How getting online learning right today will protect schools, and the communities they serve, for years to come.π Read
via "Dark Reading".
Dark Reading
Safeguarding Schools Against RDP-Based Ransomware
How getting online learning right today will protect schools, and the communities they serve, for years to come.
π΄ 9 Tips to Prepare for the Future of Cloud & Network Security π΄
π Read
via "Dark Reading".
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.π Read
via "Dark Reading".
Dark Reading
9 Tips to Prepare for the Future of Cloud & Network Security
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
β REvil ransomware crew dangles $1,000,000 cybercrime carrot β
π Read
via "Naked Security".
When a company pays a multimillion dollar ransomware blackmail demand, where do you think the money goes?π Read
via "Naked Security".
Naked Security
REvil ransomware crew dangles $1,000,000 cybercrime carrot
When a company pays a multimillion dollar ransomware blackmail demand, where do you think the money goes?
β Joker Trojans Flood the Android Ecosystem β
π Read
via "Threat Post".
September saw dozens of Joker malware variants hitting Google Play and third-party app stores.π Read
via "Threat Post".
Threat Post
Joker Trojans Flood the Android Ecosystem
September saw dozens of Joker malware variants hitting Google Play and third-party app stores.
π Sifter 10_r2 π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 10_r2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ How to install common security tools via Homebrew on a Mac π¦Ώ
π Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install common security tools on macOS computers to assess and aid in hardening devices on your network.π Read
via "Tech Republic".
TechRepublic
How to install common security tools via Homebrew on a Mac
We'll guide you through the process of using Homebrew package manager to install common security tools on macOS computers to assess and aid in hardening devices on your network.
β Universal Health Services Ransomware Attack Impacts Hospitals Nationwide β
π Read
via "Threat Post".
The Ryuk ransomware is suspected to be the culprit.π Read
via "Threat Post".
Threat Post
Universal Health Services Ransomware Attack Impacts Hospitals Nationwide
The Ryuk ransomware is suspected to be the culprit.
π Ransomware Reportedly Behind Nationwide UHS Hospital Outage π
π Read
via "Digital Guardian".
The full scope of the incident isn't yet known but as a result, many facilities have been left without access to computer systems.π Read
via "Digital Guardian".
Digital Guardian
Ransomware Reportedly Behind Nationwide UHS Hospital Outage
The full scope of the incident isn't yet known but as a result, many facilities have been left without access to computer systems.
β Mac, Linux Users Now Targeted by FinSpy Variants β
π Read
via "Threat Post".
FinSpy has returned in new campaigns targeting dissident organizations in Egypt - and researchers uncovered new samples of the spyware targeting macOS and Linux users.π Read
via "Threat Post".
Threat Post
Mac, Linux Users Now Targeted by FinSpy Variants
FinSpy has returned in new campaigns targeting dissident organizations in Egypt β and researchers uncovered new samples of the spyware targeting macOS and Linux users.