π Ransomware Reportedly Behind Nationwide UHS Hospital Outage π
π Read
via "Digital Guardian".
The full scope of the incident isn't yet known but as a result, many facilities have been left without access to computer systems.π Read
via "Digital Guardian".
Digital Guardian
Ransomware Reportedly Behind Nationwide UHS Hospital Outage
The full scope of the incident isn't yet known but as a result, many facilities have been left without access to computer systems.
β Mac, Linux Users Now Targeted by FinSpy Variants β
π Read
via "Threat Post".
FinSpy has returned in new campaigns targeting dissident organizations in Egypt - and researchers uncovered new samples of the spyware targeting macOS and Linux users.π Read
via "Threat Post".
Threat Post
Mac, Linux Users Now Targeted by FinSpy Variants
FinSpy has returned in new campaigns targeting dissident organizations in Egypt β and researchers uncovered new samples of the spyware targeting macOS and Linux users.
β Windows 7 βUpgradeβ Emails Steal Outlook Credentials β
π Read
via "Threat Post".
Researchers warn of emails pretending to help business employees upgrade to Windows 10 - and then stealing their Outlook emails and passwords.π Read
via "Threat Post".
Threat Post
Windows 7 βUpgradeβ Emails Steal Outlook Credentials
Researchers warn of emails pretending to help business employees upgrade to Windows 10 - and then stealing their Outlook emails and passwords.
π¦Ώ How companies can meet the needs of the future workforce π¦Ώ
π Read
via "Tech Republic".
The workforce is changing in the wake of a global pandemic. Learn some insights from industry executives about what companies and employees should be doing to evolve accordingly.π Read
via "Tech Republic".
TechRepublic
How companies can meet the needs of the future workforce
The workforce is changing in the wake of a global pandemic. Learn some insights from industry executives about what companies and employees should be doing to evolve accordingly.
π΄ Ivanti Acquires Two Security Companies π΄
π Read
via "Dark Reading".
Purchase of MobilIron and Pulse Secure announced simultaneously.π Read
via "Dark Reading".
Dark Reading
Ivanti Acquires Two Security Companies
Purchase of MobilIron and Pulse Secure announced simultaneously.
βΌ CVE-2020-25770 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24565 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770.π Read
via "National Vulnerability Database".
β Telehealth Poll: How Risky Are Remote Doctor Visits? β
π Read
via "Threat Post".
Threatpost's latest poll probes telehealth security risks and asks for IT cures.π Read
via "Threat Post".
Threat Post
Telehealth Poll: How Risky Are Remote Doctor Visits?
Threatpost's latest poll probes telehealth security risks and asks for IT cures.
π΄ The Shared Irresponsibility Model in the Cloud Is Putting You at Risk π΄
π Read
via "Dark Reading".
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?π Read
via "Dark Reading".
Dark Reading
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk
Step up, put the architecture and organization in place, and take responsibility. If you don't, who will?
π΄ State-Sponsored Groups Increasingly Use Cloud & Open Source Infrastructure π΄
π Read
via "Dark Reading".
Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.π Read
via "Dark Reading".
Darkreading
State-Sponsored Hacking Groups Increasingly Use Cloud & Open Source Infrastructure
Microsoft shuts down Azure Active Directory instances used by attackers to evade detection and warns that the use of open source tools by espionage groups is growing.
β Las Vegas Studentsβ Personal Data Leaked, Post-Ransomware Attack β
π Read
via "Threat Post".
A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.π Read
via "Threat Post".
Threat Post
Las Vegas Studentsβ Personal Data Leaked, Post-Ransomware Attack
A researcher said he discovered an open data cache with names, grades, birthdates and more, after the Clark County School District refused to pay the ransom.
π¦Ώ How to handle security risks in a hybrid work environment π¦Ώ
π Read
via "Tech Republic".
Half of the organizations surveyed by Tessian were hit by a security incident while employees were working remotely. Here are some tips for mitigation.π Read
via "Tech Republic".
TechRepublic
How to handle security risks in a hybrid work environment
Half of the organizations surveyed by Tessian were hit by a security incident while employees were working remotely. Here are some tips for mitigation.
βΌ CVE-2020-4607 βΌ
π Read
via "National Vulnerability Database".
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.π Read
via "National Vulnerability Database".
β The Network Perimeter: This Time, Itβs Personal β
π Read
via "Threat Post".
Botnets and IoT devices are forming a perfect storm for IT staff wrestling with WFH employee security.π Read
via "Threat Post".
Threat Post
The Network Perimeter: This Time, Itβs Personal
Botnets and IoT devices are forming a perfect storm for IT staff wrestling with WFH employee security.
π΄ Shifting Left of Left: Why Secure Code Isn't Always Quality Code π΄
π Read
via "Dark Reading".
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.π Read
via "Dark Reading".
Dark Reading
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
β Zerologon Attacks Against Microsoft DCs Snowball in a Week β
π Read
via "Threat Post".
The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged.π Read
via "Threat Post".
Threat Post
Zerologon Attacks Against Microsoft DCs Snowball in a Week
The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged.
βΌ CVE-2020-15216 βΌ
π Read
via "National Vulnerability Database".
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0π Read
via "National Vulnerability Database".
π Ahead of Election, FBI, CISA Issue Warning on Disinformation Campaigns π
π Read
via "Digital Guardian".
The FBI and CISA have issued another warning about the 2020 election, asserting that foreign actors are spreading disinformation around hacked voter information.π Read
via "Digital Guardian".
Digital Guardian
Ahead of Election, FBI, CISA Issue Warning on Disinformation Campaigns
The FBI and CISA has issued another warning about the 2020 election, asserting that foreign actors will spread disinformation around hacked voter information.
π΄ Vulnerability in Wireless Router Chipsets Prompts Advisory π΄
π Read
via "Dark Reading".
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.π Read
via "Dark Reading".
Dark Reading
Vulnerability in Wireless Router Chipsets Prompts Advisory
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.
π¦Ώ FBI says hackers want to stoke doubt about the 2020 election π¦Ώ
π Read
via "Tech Republic".
In a PSA on Monday, the FBI and CISA warned about the potential for widespread disinformation campaigns in the run-up to November.π Read
via "Tech Republic".
TechRepublic
FBI says hackers want to stoke doubt about the 2020 election
In a PSA on Monday, the FBI and CISA warned about the potential for widespread disinformation campaigns in the run-up to November.
π΄ Securing Slack: 5 Tips for Safer Messaging, Collaboration π΄
π Read
via "Dark Reading".
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.π Read
via "Dark Reading".
Dark Reading
Securing Slack: 5 Tips for Safer Messaging, Collaboration
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.