🛡 Cybersecurity & Privacy 🛡 - News

Emotet Spoofs DNC In New Attack Campaign

Thousands of Emotet emails contain a message body pulled directly from the Democratic National Committee website, researchers report.

191 views17:46

❌ Researchers Mixed on Sanctions for Ransomware Negotiators ❌

Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Department of the Treasury.

📖 Read

via "Threat Post".

Researchers Mixed on Sanctions for Ransomware Negotiators

Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Department of the Treasury.

187 views18:13

Vulnerable supply chains introduce increasingly interconnected attack surfaces

🦿 Vulnerable supply chains introduce increasingly interconnected attack surfaces 🦿

Accenture Security lists five other "extreme but plausible threat scenarios in financial services" in a new report.

📖 Read

via "Tech Republic".

TechRepublic

Accenture Security lists five other "extreme but plausible threat scenarios in financial services" in a new report.

186 views18:43

‼ CVE-2020-5422 ‼

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details).

📖 Read

via "National Vulnerability Database".

186 views18:54

Bing.com Hostname / IP Enumerator 1.0.4 ≈ Packet Storm

🛠 Bing.com Hostname / IP Enumerator 1.0.4 🛠

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

📖 Read

via "Packet Storm Security".

Packetstormsecurity

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

180 views20:12

❌ Account Takeover Fraud Losses Total Billions Across Online Retailers ❌

Account takeover fraud (ATO) attacks are on the rise, up nearly 300 percent since last year.

📖 Read

via "Threat Post".

Account Takeover Fraud Losses Total Billions Across Online Retailers

Account takeover fraud (ATO) attacks are on the rise, up nearly 300 percent since last year.

184 views20:12

❌ Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy ❌

Phishing emails tell recipients that their voter's registration applications are incomplete - but instead steal their social security numbers, license data and more.

📖 Read

via "Threat Post".

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy

Phishing emails tell recipients that their voter's registration applications are incomplete - but instead steal their social security numbers, license data and more.

170 views20:43

‼ CVE-2020-24568 ‼

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.

📖 Read

via "National Vulnerability Database".

172 views20:54

‼ CVE-2020-24627 ‼

A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.

📖 Read

via "National Vulnerability Database".

176 views20:54

‼ CVE-2020-5979 ‼

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.

📖 Read

via "National Vulnerability Database".

180 views20:54

🕴 Biometric Data Collection Demands Scrutiny of Privacy Law 🕴

An IT lawyer digs into the implications of collecting biometric data, why it can't be anonymized, and what nations are doing about it.

📖 Read

via "Dark Reading".

Biometric Data Collection Demands Scrutiny of Privacy Law

An IT lawyer digs into the implications of collecting biometric data, why it can't be anonymized, and what nations are doing about it.

186 views21:16

❌ Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data ❌

The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company.

📖 Read

via "Threat Post".

Egregor Ransomware Threatens ‘Mass-Media’ Release of Corporate Data

The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company.

208 views21:43

🕴 Researchers Adapt AI With Aim to Identify Anonymous Authors 🕴

At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting.

📖 Read

via "Dark Reading".

Researchers Adapt AI With Aim to Identify Anonymous Authors

At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting.

227 views21:46

‼ CVE-2020-5984 ‼

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0.

📖 Read

via "National Vulnerability Database".

241 views22:54

‼ CVE-2020-15231 ‼

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting.

📖 Read

via "National Vulnerability Database".

273 views22:54

‼ CVE-2020-26526 ‼

An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password").

📖 Read

via "National Vulnerability Database".

356 views22:54

‼ CVE-2020-25776 ‼

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

📖 Read

via "National Vulnerability Database".

434 views00:54

‼ CVE-2017-18924 ‼

** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC 6749 compliant" is valid and not misleading and I also therefore wouldn't describe this as a "vulnerability" with the library per se.'

📖 Read

via "National Vulnerability Database".

363 views10:55

🕴 test chunk server 🕴

Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.

📖 Read

via "Dark Reading".

Dark Reading | Security | Protect The Business - Enable Access

Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

328 views05:53

Naked Security – Sophos News

⚠ Serious Security: Phishing without links – when phishers bring along their own web pages ⚠

How do you "check the URL before you click" if the web page you're visiting is already on your own computer?

📖 Read

via "Naked Security".

Sophos News

310 views08:46