๐ด Where are the 'Great Exits' in the Data Security Market? ๐ด
๐ Read
via "Dark Reading".
If data security were a student, its report card would read "Not performing to potential." Here's why.๐ Read
via "Dark Reading".
Dark Reading
Where are the 'Great Exits' in the Data Security Market?
If data security were a student, its report card would read Not performing to potential. Here's why.
โผ CVE-2020-17411 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-11190.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-17413 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11226.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-17414 โผ
๐ Read
via "National Vulnerability Database".
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229.๐ Read
via "National Vulnerability Database".
๐ด 25% of BEC Cybercriminals Based in the US ๐ด
๐ Read
via "Dark Reading".
While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.๐ Read
via "Dark Reading".
Dark Reading
25% of BEC Cybercriminals Based in the US
While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.
๐ด Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators ๐ด
๐ Read
via "Dark Reading".
With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.๐ Read
via "Dark Reading".
Dark Reading
Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators
With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.
โ Software AG Data Released After Clop Ransomware Strike โ Report โ
๐ Read
via "Threat Post".
The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isnโt paid.๐ Read
via "Threat Post".
Threat Post
Software AG Data Released After Clop Ransomware Strike โ Report
The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isnโt paid.
๐ด Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections ๐ด
๐ Read
via "Dark Reading".
The state of email defenses has a role to play in the US presidential election.๐ Read
via "Dark Reading".
Dark Reading
Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections
The state of email defenses has a role to play in the US presidential election.
๐ 50 Colleges Where You Can Get a Cybersecurity Degree Online Now ๐
๐ Read
via "Digital Guardian".
You can gain many valuable cybersecurity skills online now. To celebrate National Cyber Security Awareness Month (NCSAM) we put together a list of 50 schools offering cybersecurity degrees online.๐ Read
via "Digital Guardian".
Digital Guardian
50 Colleges Where You Can Get a Cybersecurity Degree Online Now
You can gain many valuable cybersecurity skills online now. To celebrate National Cyber Security Awareness Month (NCSAM) we put together a list of 50 schools offering cybersecurity degrees online.
๐ Raptor WAF 0.61 ๐
๐ Read
via "Packet Storm Security".
Raptor is a web application firewall written in C that uses DFA to block SQL injection, cross site scripting, and path traversals.๐ Read
via "Packet Storm Security".
Packetstormsecurity
Raptor WAF 0.61 โ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
โผ CVE-2018-20243 โผ
๐ Read
via "National Vulnerability Database".
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.๐ Read
via "National Vulnerability Database".
โผ CVE-2020-15251 โผ
๐ Read
via "National Vulnerability Database".
In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability.๐ Read
via "National Vulnerability Database".
โ Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes โ
๐ Read
via "Threat Post".
Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.๐ Read
via "Threat Post".
Threat Post
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes
Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.
๐ด Coalition Pokes Five Eyes on Call for Backdoors ๐ด
๐ Read
via "Dark Reading".
The Five Eyes international law enforcement group had called for implementing backdoors for law enforcement in all encryption implementations.๐ Read
via "Dark Reading".
Dark Reading
Coalition Pokes Five Eyes on Call for Backdoors
The Five Eyes international law enforcement group had called for implementing backdoors for law enforcement in all encryption implementations.
๐ด Microsoft Fixes Critical Windows TCP/IP Flaw in Patch Rollout ๐ด
๐ Read
via "Dark Reading".
The October 2020 Patch Tuesday fixed 87 vulnerabilities, including 21 remote code execution flaws, in Microsoft products and services.๐ Read
via "Dark Reading".
Darkreading
Microsoft Fixes Critical Windows TCP/IP Flaw in Patch Rollout
The October 2020 Patch Tuesday fixed 87 vulnerabilities, including 21 remote code execution flaws, in Microsoft products and services.
โผ CVE-2020-25645 โผ
๐ Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.๐ Read
via "National Vulnerability Database".
โโโ ๏ธ ======================= โ ๏ธ
๐ LOOK! It's amazingโผ๏ธ
โ ๏ธ ======================= โ ๏ธ
๐ LOOK! It's amazingโผ๏ธ
โ ๏ธ ======================= โ ๏ธ
โผ CVE-2020-12911 โผ
๐ Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS (e.g. version 26.20.15029.27017). A specially crafted D3DKMTCreateAllocation API request can cause an out-of-bounds read and denial of service (BSOD). This vulnerability can be triggered from a non-privileged account.๐ Read
via "National Vulnerability Database".
โ Windows โPing of Deathโ bug revealed โ patch now! โ
๐ Read
via "Naked Security".
No one has figured out how to run code with this bug yet - but if they do, you can bet that someone will turn it into a computer worm.๐ Read
via "Naked Security".
Naked Security
Windows โPing of Deathโ bug revealed โ patch now!
No one has figured out how to run code with this bug yet โ but if they do, you can bet that someone will turn it into a computer worm.
โผ CVE-2020-7330 โผ
๐ Read
via "National Vulnerability Database".
Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables๐ Read
via "National Vulnerability Database".
โ Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm โ
๐ Read
via "Threat Post".
Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack.๐ Read
via "Threat Post".
Threat Post
Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm
Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack.