π΄ 6 Best Practices for Using Open Source Software Safely π΄
π Read
via "Dark Reading".
Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.π Read
via "Dark Reading".
Dark Reading
6 Best Practices for Using Open Source Software Safely
Open source software is critical yet potentially dangerous. Here are ways to minimize the risk.
βΌ CVE-2020-25613 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23832 βΌ
π Read
via "National Vulnerability Database".
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.π Read
via "National Vulnerability Database".
π¦Ώ How to defend your organization against the surge in ransomware attacks π¦Ώ
π Read
via "Tech Republic".
Ransomware attacks doubled in the US over the last three months, says Check Point Research.π Read
via "Tech Republic".
TechRepublic
How to defend your organization against the surge in ransomware attacks
Ransomware attacks doubled in the US over the last three months, says Check Point Research.
β APT Attack Injects Malware into Windows Error Reporting β
π Read
via "Threat Post".
The fileless attack uses a phishing campaign that lures victims with information about a workerβs compensation claim.π Read
via "Threat Post".
Threat Post
APT Attack Injects Malware into Windows Error Reporting
The fileless attack uses a phishing campaign that lures victims with information about a workers' compensation claim.
β COVID-19 Clinical Trials Slowed After Ransomware Attack β
π Read
via "Threat Post".
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.π Read
via "Threat Post".
Threat Post
COVID-19 Clinical Trials Slowed After Ransomware Attack
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest it could be a nation-state actor behind the incident.
π What is ITAR Compliance? 2020 ITAR Regulations, Fines, Certifications & More π
π Read
via "Digital Guardian".
Learn about ITAR compliance in Data Protection 101, our series on the fundamentals of information security.π Read
via "Digital Guardian".
Digitalguardian
What is ITAR Compliance? (Regulations, Fines, & More)
Companies must register with the DDTC and know what is required of them to be ITAR compliant and then certify that they possess that knowledge.
π΄ Malware for Ad Fraud Gets More Sophisticated π΄
π Read
via "Dark Reading".
Facebook says SilentFade campaign disabled notifications that could have warned users that their accounts had been compromised.π Read
via "Dark Reading".
Dark Reading
Malware for Ad Fraud Gets More Sophisticated
Facebook says SilentFade campaign disabled notifications that could have warned users that their accounts had been compromised.
β Naked Security Podcast β weβre back for Series 3! β
π Read
via "Naked Security".
Join us weekly for the Naked Security Podcast - back for Series 3 and available wherever good podcasts are found!π Read
via "Naked Security".
Naked Security
Naked Security Podcast β weβre back for Series 3!
Join us weekly for the Naked Security Podcast β back for Series 3 and available wherever good podcasts are found!
β Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors β
π Read
via "Threat Post".
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.π Read
via "Threat Post".
Threat Post
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
βΌ CVE-2020-25742 βΌ
π Read
via "National Vulnerability Database".
pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25803 βΌ
π Read
via "National Vulnerability Database".
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.π Read
via "National Vulnerability Database".
π¦Ώ Wi-Fi security: FBI warns of risks of using wireless hotel networks π¦Ώ
π Read
via "Tech Republic".
Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.π Read
via "Tech Republic".
TechRepublic
Wi-Fi security: FBI warns of risks of using wireless hotel networks
Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.
π Lynis Auditing Tool 3.0.1 π
π Read
via "Packet Storm Security".
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.π Read
via "Packet Storm Security".
Packetstormsecurity
Lynis Auditing Tool 3.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack β
π Read
via "Threat Post".
The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.π Read
via "Threat Post".
Threat Post
Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack
The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.
π¦Ώ How to boost the effectiveness of your cybersecurity operations π¦Ώ
π Read
via "Tech Republic".
Data breaches occur despite tight security. Arctic Wolf explains how to increase your security effectiveness.π Read
via "Tech Republic".
π΄ 10 Years Since Stuxnet: Is Your Operational Technology Safe? π΄
π Read
via "Dark Reading".
The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.π Read
via "Dark Reading".
Dark Reading
10 Years Since Stuxnet: Is Your Operational Technology Safe?
The destructive worm may have debuted a decade ago, but Stuxnet is still making its presence known. Here are steps you can take to stay safer from similar attacks.
βΌ CVE-2020-26582 βΌ
π Read
via "National Vulnerability Database".
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).π Read
via "National Vulnerability Database".
βΌ CVE-2019-4725 βΌ
π Read
via "National Vulnerability Database".
IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.π Read
via "National Vulnerability Database".
π΄ Google Brings Password Protection to iOS, Android in Chrome 86 π΄
π Read
via "Dark Reading".
Chrome 86 will alert users when stored passwords are compromised, and block or warn of insecure downloads, among other security updates.π Read
via "Dark Reading".
Dark Reading
Google Brings Password Protection to iOS, Android in Chrome 86
Chrome 86 will alert users when stored passwords are compromised, and block or warn of insecure downloads, among other security updates.
β Male Chastity Device Comes with Massive Security Flaws β
π Read
via "Threat Post".
Smart sex toy vulnerable to hacks, researchers say -- which could expose usersβ most sensitive bits (of data) to cybercriminals.π Read
via "Threat Post".
Threat Post
Male Chastity Device Comes with Massive Security Flaws
Smart sex toy vulnerable to hacks, researchers say β which could expose usersβ most sensitive bits (of data) to cybercriminals.