π΄ New HP Bug Bounty Program Targets Vulns in Printer Cartridges π΄
π Read
via "Dark Reading".
White-hat hackers will receive $10,000 for each security bug they discover plus a base fee, under this invitation-only initiative.π Read
via "Dark Reading".
Dark Reading
New HP Bug Bounty Program Targets Vulns in Printer Cartridges
White-hat hackers will receive $10,000 for each security bug they discover plus a base fee, under this invitation-only initiative.
π΄ Singapore Asks Big Cybersecurity Questions to Improve National Defense π΄
π Read
via "Dark Reading".
An executive from Singapore's Cyber Security Agency examines the role of security in a nation increasingly dependent on technology.π Read
via "Dark Reading".
Dark Reading
Singapore Asks Big Cybersecurity Questions to Improve National Defense
An executive from Singapore's Cyber Security Agency examines the role of security in a nation increasingly dependent on technology.
π¦Ώ Cybersecurity best practices: An open letter to end users π¦Ώ
π Read
via "Tech Republic".
In an effort to make IT pros' jobs easier, Jack Wallen offers cybersecurity tips to end users--in particular, what not to do to keep company networks, equipment, and data secure.π Read
via "Tech Republic".
TechRepublic
Cybersecurity best practices: An open letter to end users
In an effort to make IT pros' jobs easier, Jack Wallen offers cybersecurity tips to end users--in particular, what not to do to keep company networks, equipment, and data secure.
βΌ CVE-2020-5787 βΌ
π Read
via "National Vulnerability Database".
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5786 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9486 βΌ
π Read
via "National Vulnerability Database".
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26524 βΌ
π Read
via "National Vulnerability Database".
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26538 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.π Read
via "National Vulnerability Database".
β Serious Security: Phishing without links β when phishers bring along their own web pages β
π Read
via "Naked Security".
How do you "check the URL before you click" if the web page you're visiting is already on your own computer?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2020-7737 βΌ
π Read
via "National Vulnerability Database".
All versions of package safetydance are vulnerable to Prototype Pollution via the set function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7736 βΌ
π Read
via "National Vulnerability Database".
The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8110 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.π Read
via "National Vulnerability Database".
π Friday Five 10/2 π
π Read
via "Digital Guardian".
A legal right to work from home, insensitive phishing, and election disinformation - catch up on the week's news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 10/2
A legal right to work from home, insensitive phishing, and election disinformation - catch up on the week's news with the Friday Five!
β 305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer β
π Read
via "Threat Post".
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he's faced, reporting CVEs since 1994.π Read
via "Threat Post".
Threat Post
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he's faced, reporting CVEs since 1994.
π΄ Truncated URLs Look to Make Big Dent in Phishing π΄
π Read
via "Dark Reading".
The approach is a long time in coming and will test the premise that users can more easily detect a suspicious domain from the name alone.π Read
via "Dark Reading".
Dark Reading
Truncated URLs Look to Make Big Dent in Phishing
The approach is a long time in coming and will test the premise that users can more easily detect a suspicious domain from the name alone.
π¦Ώ Report: Despite more cyberthreats during COVID-19, most businesses confident about cybersecurity π¦Ώ
π Read
via "Tech Republic".
Remote working and phishing attacks spiked during the coronavirus pandemic, but organizations believe they're on track with their cybersecurity plans, according to a new report from CompTIA.π Read
via "Tech Republic".
TechRepublic
Report: Despite more cyberthreats during COVID-19, most businesses are confident about cybersecurity
Remote working and phishing attacks spiked during the coronavirus pandemic, but organizations believe they're on track with their cybersecurity plans, according to a new report from CompTIA.
π΄ 3 Months for the Cybercrime Books π΄
π Read
via "Dark Reading".
From July through September, US law enforcement handed down major indictments or sanctions against foreign threat groups at least six times.π Read
via "Dark Reading".
Dark Reading
3 Months for the Cybercrime Books
From July through September, US law enforcement handed down major indictments or sanctions against foreign threat groups at least six times.
βΌ CVE-2020-25623 βΌ
π Read
via "National Vulnerability Database".
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.π Read
via "National Vulnerability Database".
β Years-Long βSilentFadeβ Attack Drained Facebook Victims of $4M β
π Read
via "Threat Post".
Facebook detailed an ad-fraud cyberattack that's been ongoing since 2016, stealing Facebook credentials and browser cookies.π Read
via "Threat Post".
Threat Post
Years-Long βSilentFadeβ Attack Drained Facebook Victims of $4M
Facebook detailed an ad-fraud cyberattack that's been ongoing since 2016, stealing Facebook credentials and browser cookies.
βΌ CVE-2020-7069 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.π Read
via "National Vulnerability Database".
β LatAm Banking Trojans Collaborate in Never-Before-Seen Effort β
π Read
via "Threat Post".
Eleven different malware families are coordinating on distribution, features, geo-targeting and more.π Read
via "Threat Post".
Threat Post
LatAm Banking Trojans Collaborate in Never-Before-Seen Effort
Eleven different malware families are coordinating on distribution, features, geo-targeting and more.