🛡 Cybersecurity & Privacy 🛡 - News

Office 365: A Favorite for Cyberattack Persistence

Bad actors are leveraging legitimate services and tools within Microsoft's productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.

244 views13:27

🕴 Online Voting Is Coming, but How Secure Will It Be? 🕴

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

📖 Read

via "Dark Reading".

Online Voting Is Coming, but How Secure Will It Be?

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

224 views14:40

❌ TrickBot Takedown Disrupts Major Crimeware Apparatus ❌

Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.

📖 Read

via "Threat Post".

TrickBot Takedown Disrupts Major Crimeware Apparatus

Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.

223 views14:57

Cybercriminals use stolen data and hacking tools as prizes in poker games and rap battles

🦿 Cybercriminals use stolen data and hacking tools as prizes in poker games and rap battles 🦿

Prizes for bad actors can be access to stolen data and tools to make hacks easier, according to new research from Trend Micro.

📖 Read

via "Tech Republic".

TechRepublic

Prizes for bad actors can be access to stolen data and tools to make hacks easier, according to new research from Trend Micro.

210 views15:44

‼ CVE-2020-16124 ‼

Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065.

📖 Read

via "National Vulnerability Database".

205 views16:38

❌ Election Systems Under Attack via Microsoft Zerologon Exploits ❌

Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.

📖 Read

via "Threat Post".

Election Systems Under Attack via Microsoft Zerologon Exploits

Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.

199 views16:57

How to improve the cybersecurity of your remote workers

🦿 How to improve the cybersecurity of your remote workers 🦿

Cyberattacks against businesses have spiked since the shift to remote work began in early 2020, says Keeper Security.

📖 Read

via "Tech Republic".

TechRepublic

Cyberattacks against businesses have spiked since the shift to remote work began in early 2020, says Keeper Security.

183 views17:14

Creepy covert camera “feature” found in popular smartwatch for kids

⚠ Creepy covert camera “feature” found in popular smartwatch for kids ⚠

This popular smartwatch aimed at kids had a backdoor that received covert encrypted commands via SMS.

📖 Read

via "Naked Security".

Naked Security

179 views17:20

🕴 Trickbot Botnet Response Highlights Partnerships Preventing U.S. Election Interference 🕴

Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption.

📖 Read

via "Dark Reading".

Omdia

177 views17:40

❌ Critical Flash Player Flaw Opens Adobe Users to RCE ❌

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.

📖 Read

via "Threat Post".

Critical Flash Player Flaw Opens Adobe Users to RCE

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.

183 views17:57

🕴 Where are the 'Great Exits' in the Data Security Market? 🕴

If data security were a student, its report card would read "Not performing to potential." Here's why.

📖 Read

via "Dark Reading".

Where are the 'Great Exits' in the Data Security Market?

If data security were a student, its report card would read Not performing to potential. Here's why.

172 views18:10

‼ CVE-2020-17411 ‼

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190.

📖 Read

via "National Vulnerability Database".

168 views18:38

‼ CVE-2020-17413 ‼

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11226.

📖 Read

via "National Vulnerability Database".

164 views18:38

‼ CVE-2020-17414 ‼

This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229.

📖 Read

via "National Vulnerability Database".

170 views18:38

🕴 25% of BEC Cybercriminals Based in the US 🕴

While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.

📖 Read

via "Dark Reading".

25% of BEC Cybercriminals Based in the US

While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.

164 views18:41

🕴 Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators 🕴

With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.

📖 Read

via "Dark Reading".

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.

172 views19:10

❌ Software AG Data Released After Clop Ransomware Strike – Report ❌

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.

📖 Read

via "Threat Post".

Software AG Data Released After Clop Ransomware Strike – Report

The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.

178 views19:27

🕴 Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections 🕴

The state of email defenses has a role to play in the US presidential election.

📖 Read

via "Dark Reading".

Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections

The state of email defenses has a role to play in the US presidential election.

171 views19:40

50 Colleges Where You Can Get a Cybersecurity Degree Online Now

🔏 50 Colleges Where You Can Get a Cybersecurity Degree Online Now 🔏

You can gain many valuable cybersecurity skills online now. To celebrate National Cyber Security Awareness Month (NCSAM) we put together a list of 50 schools offering cybersecurity degrees online.

📖 Read

via "Digital Guardian".

Digital Guardian

You can gain many valuable cybersecurity skills online now. To celebrate National Cyber Security Awareness Month (NCSAM) we put together a list of 50 schools offering cybersecurity degrees online.

167 views20:20

Raptor WAF 0.61 ≈ Packet Storm

🛠 Raptor WAF 0.61 🛠

Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.

📖 Read

via "Packet Storm Security".

Packetstormsecurity

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

169 views20:35