π΄ Cloud Misconfiguration Mishaps Businesses Must Watch π΄
π Read
via "Dark Reading".
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.π Read
via "Dark Reading".
Dark Reading
Cloud Misconfiguration Mishaps Businesses Must Watch
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
π΄ GitHub Tool Spots Security Vulnerabilities in Code π΄
π Read
via "Dark Reading".
Scanner, which just became generally available, lets developers spot problems before code gets into production.π Read
via "Dark Reading".
Dark Reading
GitHub Tool Spots Security Vulnerabilities in Code
Scanner, which just became generally available, lets developers spot problems before code gets into production.
βΌ CVE-2020-25781 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25816 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13336 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.π Read
via "National Vulnerability Database".
π΄ The No Good, Very Bad Week for Iran's Nation-State Hacking Ops π΄
π Read
via "Dark Reading".
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.π Read
via "Dark Reading".
Dark Reading
The No Good, Very Bad Week for Iran's Nation-State Hacking Ops
A look at the state of Iran's cyber operations as the US puts the squeeze on it with a pile of indictments and sanctions.
βΌ CVE-2019-20902 βΌ
π Read
via "National Vulnerability Database".
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.π Read
via "National Vulnerability Database".
βΌ CVE-2019-20903 βΌ
π Read
via "National Vulnerability Database".
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.π Read
via "National Vulnerability Database".
β InterPlanetary Storm Botnet Infects 13K Mac, Android Devices β
π Read
via "Threat Post".
In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.π Read
via "Threat Post".
Threat Post
InterPlanetary Storm Botnet Infects 13K Mac, Android Devices
In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.
β #BeCyberSmart β why friends donβt let friends get scammed β
π Read
via "Naked Security".
Friends don't let friends get scammed. Because cybercrime hurts us all.π Read
via "Naked Security".
Naked Security
#BeCyberSmart β why friends donβt let friends get scammed
Friends donβt let friends get scammed. Because cybercrime hurts us all.
π΄ COVID-19: Latest Security News & Commentary π΄
π Read
via "Dark Reading".
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.π Read
via "Dark Reading".
Dark Reading
COVID-19: Latest Security News & Commentary
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
π΄ Cryptojacking: The Unseen Threat π΄
π Read
via "Dark Reading".
Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.π Read
via "Dark Reading".
Dark Reading
Cryptojacking: The Unseen Threat
Mining malware ebbs and flows with the price of cryptocurrencies, and given the momentum on price is upward, cryptojacking is a very present threat.
π¦Ώ Cisco Talos researchers explain psychology behind election disinformation posts on social media π¦Ώ
π Read
via "Tech Republic".
With the 2020 presidential election looming, here are questions to consider before posting on social media.π Read
via "Tech Republic".
TechRepublic
Cisco Talos researchers explain psychology behind election disinformation posts on social media
With the 2020 presidential election looming, here are questions to consider before posting on social media.
βΌ CVE-2020-8109 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.π Read
via "National Vulnerability Database".
π WhatWeb Scanner 0.5.3 π
π Read
via "Packet Storm Security".
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.π Read
via "Packet Storm Security".
Packetstormsecurity
WhatWeb Scanner 0.5.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
β Spammers Smuggle LokiBot Via URL Obfuscation Tactic β
π Read
via "Threat Post".
Researchers say that the campaign sidesteps end user detection and security solutions.π Read
via "Threat Post".
Threat Post
Spammers Smuggle LokiBot Via URL Obfuscation Tactic
Researchers say that the campaign sidesteps end user detection and security solutions.
π΄ Russian National Sentenced to 7+ Years for Hacking US Tech Firms π΄
π Read
via "Dark Reading".
Yevgeniy Nikulin received an 88-month sentence for breaking into LinkedIn, Dropbox, and the now-defunct social platform Formspring.π Read
via "Dark Reading".
Dark Reading
Russian National Sentenced to 7+ Years for Hacking US Tech Firms
Yevgeniy Nikulin received an 88-month sentence for breaking into LinkedIn, Dropbox, and the now-defunct social platform Formspring.
βΌ CVE-2020-24860 βΌ
π Read
via "National Vulnerability Database".
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.π Read
via "National Vulnerability Database".
π What is Data Loss Prevention (DLP)? A Definition of Data Loss Prevention π
π Read
via "Digital Guardian".
Learn more about data loss prevention software in Data Protection 101, our series covering the fundamentals of data security.π Read
via "Digital Guardian".
Digitalguardian
What is Data Loss Prevention (DLP)? Definition, Types & Tips
Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users. Learn more about data loss prevention software in Data Protection 101, our series covering the fundamentalsβ¦
β NFL, NBA Players Hacked in Would-Be Cyber-Slam-Dunk β
π Read
via "Threat Post".
Federal prosecutors charged two men with crimes that carry up to 20 years in prison.π Read
via "Threat Post".
Threat Post
NFL, NBA Players Hacked in Would-Be Cyber-Slam-Dunk
Federal prosecutors charged two men with crimes that carry up to 20 years in prison.
π΄ 'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness π΄
π Read
via "Dark Reading".
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.π Read
via "Dark Reading".
Dark Reading
'It Won't Happen to Me': Employee Apathy Prevails Despite Greater Cybersecurity Awareness
To protect your organization from all emerging file-borne threats, the security and leadership teams must align to develop a streamlined approach to file security.