π΄ Key Considerations & Best Practices for Establishing a Secure Remote Workforce π΄
π Read
via "Dark Reading".
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.π Read
via "Dark Reading".
Dark Reading
Key Considerations & Best Practices for Establishing a Secure Remote Workforce
Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.
βΌ CVE-2020-25262 βΌ
π Read
via "National Vulnerability Database".
PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2289 βΌ
π Read
via "National Vulnerability Database".
Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2020-2296 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.π Read
via "National Vulnerability Database".
π¦Ώ Buyers beware: Hackers poised to make Amazon Prime Day into a prime phishing day π¦Ώ
π Read
via "Tech Republic".
Analysis of hundreds of millions of web pages found phishing and fraudulent sites using the Amazon brand and logos poised for big Prime Day sales, according to Bolster Research.π Read
via "Tech Republic".
TechRepublic
Buyers beware: Hackers poised to make Amazon Prime Day into a prime phishing day
Analysis of hundreds of millions of web pages found phishing and fraudulent sites using the Amazon brand and logos poised for big Prime Day sales, according to Bolster Research.
β Microsoft Azure Flaws Open Admin Servers to Takeover β
π Read
via "Threat Post".
Two flaws in Microsoft's cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.π Read
via "Threat Post".
Threat Post
Microsoft Azure Flaws Open Admin Servers to Takeover
Two flaws in Microsoft's cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.
π΄ Kaspersky Researchers Spot Russia-on-Russia Cyber-Espionage Campaign π΄
π Read
via "Dark Reading".
Steganography-borne malware used to spy on industrial targets in Russia.π Read
via "Dark Reading".
Dark Reading
Kaspersky Researchers Spot Russia-on-Russia Cyber-Espionage Campaign
Steganography-borne malware used to spy on industrial targets in Russia.
π΄ US Election-Related Websites Vulnerable to Fraud, Abuse π΄
π Read
via "Dark Reading".
New research finds the vast majority of reputable news, political, and donor-oriented sites don't use registry locks.π Read
via "Dark Reading".
Dark Reading
US Election-Related Websites Vulnerable to Fraud, Abuse
New research finds the vast majority of reputable news, political, and donor-oriented sites don't use registry locks.
βΌ CVE-2020-5389 βΌ
π Read
via "National Vulnerability Database".
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13344 βΌ
π Read
via "National Vulnerability Database".
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Sessions keys are stored in plain-text in Redis which allows attacker with Redis access to authenticate as any user that has a session stored in Redisπ Read
via "National Vulnerability Database".
π¦Ώ Security pros: Cyber threats to industrial enterprises increase due to pandemic π¦Ώ
π Read
via "Tech Republic".
86% polled said their organization made cybersecurity a priority during the COVID-19 crisis and implemented appropriate training for remote workers, according to a report.π Read
via "Tech Republic".
TechRepublic
Security pros: Cyber threats to industrial enterprises increase due to pandemic
86% polled said their organization made cybersecurity a priority during the COVID-19 crisis and implemented appropriate training for remote workers, according to a report.
β Naked Security Podcast β weβre back for Series 3! β
π Read
via "Naked Security".
Join us weekly for the Naked Security Podcast - back for Series 3 and available wherever good podcasts are found!π Read
via "Naked Security".
Naked Security
Naked Security Podcast β weβre back for Series 3!
Join us weekly for the Naked Security Podcast β back for Series 3 and available wherever good podcasts are found!
π Zeek 3.2.2 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 3.2.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β 8 tips to tighten up your work-from-home network β
π Read
via "Naked Security".
You don't have to be an IT guru to beef up your cybersecurity at home. Sometimes it's enough to ask yourself, "Which bits can I turn off?"π Read
via "Naked Security".
Naked Security
8 tips to tighten up your workβfromβhome network
You donβt have to be an IT guru to beef up your cybersecurity at home. Sometimes itβs enough to ask yourself, βWhich bits can I turn off?β
β Cisco Fixes High-Severity Webex, Security Camera Flaws β
π Read
via "Threat Post".
Three high-severity flaws exist in Cisco's Webex video conferencing system, Ciscoβs Video Surveillance 8000 Series IP Cameras and Identity Services Engine.π Read
via "Threat Post".
Threat Post
Cisco Fixes High-Severity Webex, Security Camera Flaws
Three high-severity flaws exist in Cisco's Webex video conferencing system, Ciscoβs Video Surveillance 8000 Series IP Cameras and Identity Services Engine.
π¦Ώ How SMBs can better protect their data from cyberattacks π¦Ώ
π Read
via "Tech Republic".
SMBs compromised by an effective cyberattack can not only lose data and suffer financially but go out of business entirely, says Infrascale.π Read
via "Tech Republic".
TechRepublic
How SMBs can better protect their data from cyberattacks
SMBs compromised by an effective cyberattack can not only lose data and suffer financially but go out of business entirely, says Infrascale.
π΄ Scale Up Threat Hunting to Skill Up Analysts π΄
π Read
via "Dark Reading".
Security operation centers need to move beyond the simplicity of good and bad software to having levels of "badness," as well as better defining what is good. Here's why.π Read
via "Dark Reading".
Dark Reading
Scale Up Threat Hunting to Skill Up Analysts
Security operation centers need to move beyond the simplicity of good and bad software to having levels of badness, as well as better defining what is good. Here's why.
βΌ CVE-2020-10816 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.π Read
via "National Vulnerability Database".
π What is HIPAA Compliance? π
π Read
via "Digital Guardian".
Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security.π Read
via "Digital Guardian".
Digitalguardian
What is HIPAA Compliance?
Learn about the Health Insurance Portability and Accountability Act (HIPAA) and the requirements for HIPAA compliance in Data Protection 101, our series on the fundamentals of information security.
π¦Ώ Cloud and remote work support strengthened US market performance π¦Ώ
π Read
via "Tech Republic".
The IT outlook for 2021, top trends and guidance as the enterprise prepares for "the next normal," according to a new report from IDC.π Read
via "Tech Republic".
TechRepublic
Cloud and remote work support strengthened US market performance
The IT outlook for 2021, top trends and guidance as the enterprise prepares for "the next normal," according to a new report from IDC.
β RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims β
π Read
via "Threat Post".
Collectively, 240 fraudulent Android apps -- masquerading as retro game emulators -- account for 14 million installs.π Read
via "Threat Post".
Threat Post
RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims
Collectively, 240 fraudulent Android apps β masquerading as retro game emulators β account for 14 million installs.