🛡 Cybersecurity & Privacy 🛡 - News

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs — together they have 66,000 installs.

186 views21:20

🕴 Android Camera Bug Under the Microscope 🕴

Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location.

📖 Read

via "Dark Reading".

Android Camera Bug Under the Microscope

Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location.

201 views21:23

🕴 Meet 'Egregor,' a New Ransomware Family to Watch 🕴

Egregor's operators promise to decrypt victims' files and provide security recommendations in exchange for ransom payment.

📖 Read

via "Dark Reading".

Meet 'Egregor,' a New Ransomware Family to Watch

Egregor's operators promise to decrypt victims' files and provide security recommendations in exchange for ransom payment.

227 views21:53

🕴 John McAfee Indicted on Tax Charges 🕴

The indictment alleging tax evasion and failure to file returns was unsealed after his arrest in Spain.

📖 Read

via "Dark Reading".

John McAfee Indicted on Tax Charges

The indictment alleging tax evasion and failure to file returns was unsealed after his arrest in Spain.

253 views22:53

‼ CVE-2020-26572 ‼

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

📖 Read

via "National Vulnerability Database".

249 views05:27

‼ CVE-2020-26571 ‼

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

📖 Read

via "National Vulnerability Database".

266 views05:27

‼ CVE-2020-5632 ‼

InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files.

📖 Read

via "National Vulnerability Database".

265 views10:28

Recon Informer 1.2 ≈ Packet Storm

🛠 Recon Informer 1.2 🛠

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

📖 Read

via "Packet Storm Security".

Packetstormsecurity

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

251 views13:22

Gone phishing: workplace email security in five steps

⚠ Gone phishing: workplace email security in five steps ⚠

David Mitchell, Senior Director of Email Product Management at Sophos, shares his top tips to optimize workplace email security.

📖 Read

via "Naked Security".

Naked Security

David Mitchell, Senior Director of Email Product Management at Sophos, shares his top tips to optimize workplace email security.

202 views14:16

❌ Unpatched Apple T2 Chip Flaw Plagues Macs ❌

A researcher claims that the issue can be exploited by attackers in order to gain root access.

📖 Read

via "Threat Post".

Unpatched Apple T2 Chip Flaw Plagues Macs

A researcher claims, the issue can be exploited by attackers with physical access to to a Mac, in order to gain root access.

172 views14:20

🕴 6 Best Practices for Using Open Source Software Safely 🕴

Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.

📖 Read

via "Dark Reading".

6 Best Practices for Using Open Source Software Safely

Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.

158 views14:24

‼ CVE-2020-25613 ‼

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

📖 Read

via "National Vulnerability Database".

157 views14:27

‼ CVE-2020-23832 ‼

A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.

📖 Read

via "National Vulnerability Database".

155 views14:27

How to defend your organization against the surge in ransomware attacks

🦿 How to defend your organization against the surge in ransomware attacks 🦿

Ransomware attacks doubled in the US over the last three months, says Check Point Research.

📖 Read

via "Tech Republic".

TechRepublic

Ransomware attacks doubled in the US over the last three months, says Check Point Research.

150 views15:09

❌ APT Attack Injects Malware into Windows Error Reporting ❌

The fileless attack uses a phishing campaign that lures victims with information about a worker’s compensation claim.

📖 Read

via "Threat Post".

APT Attack Injects Malware into Windows Error Reporting

The fileless attack uses a phishing campaign that lures victims with information about a workers' compensation claim.

159 views15:20

❌ COVID-19 Clinical Trials Slowed After Ransomware Attack ❌

The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.

📖 Read

via "Threat Post".

COVID-19 Clinical Trials Slowed After Ransomware Attack

The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest it could be a nation-state actor behind the incident.

169 views15:21

What is ITAR Compliance? (Regulations, Fines, & More)

🔏 What is ITAR Compliance? 2020 ITAR Regulations, Fines, Certifications & More 🔏

Learn about ITAR compliance in Data Protection 101, our series on the fundamentals of information security.

📖 Read

via "Digital Guardian".

Digitalguardian

Companies must register with the DDTC and know what is required of them to be ITAR compliant and then certify that they possess that knowledge.

162 views15:44

🕴 Malware for Ad Fraud Gets More Sophisticated 🕴

Facebook says SilentFade campaign disabled notifications that could have warned users that their accounts had been compromised.

📖 Read

via "Dark Reading".

Malware for Ad Fraud Gets More Sophisticated

Facebook says SilentFade campaign disabled notifications that could have warned users that their accounts had been compromised.

160 views15:54

Naked Security Podcast – we’re back for Series 3!

⚠ Naked Security Podcast – we’re back for Series 3! ⚠

Join us weekly for the Naked Security Podcast - back for Series 3 and available wherever good podcasts are found!

📖 Read

via "Naked Security".

Naked Security

Join us weekly for the Naked Security Podcast – back for Series 3 and available wherever good podcasts are found!

152 views16:16

❌ Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors ❌

Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.

📖 Read

via "Threat Post".

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.

146 views16:20