β Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm β
π Read
via "Threat Post".
Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack.π Read
via "Threat Post".
Threat Post
Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm
Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack.
β Google, Intel Warn on βZero-Clickβ Kernel Bug in Linux-Based IoT Devices β
π Read
via "Threat Post".
Intel and Google are urging users to update the Linux kernel to version 5.9 or later.π Read
via "Threat Post".
Threat Post
Google, Intel Warn on βZero-Clickβ Kernel Bug in Linux-Based IoT Devices
Intel and Google are urging users to update the Linux kernel to version 5.9 or later.
π΄ NIST Quantum Cryptography Program Nears Completion π΄
π Read
via "Dark Reading".
The National Institute of Standards and Technology's first post-quantum cryptography standard will address key issues, approaches, an arms race, and the technology's uncertain future.π Read
via "Dark Reading".
Dark Reading
NIST Quantum Cryptography Program Nears Completion
The National Institute of Standards and Technology's first post-quantum cryptography standard will address key issues, approaches, an arms race, and the technol
π¦Ώ Survey finds that IT departments victimized by ransomware forever changed π¦Ώ
π Read
via "Tech Republic".
IT managers at organizations hit by ransomware are nearly three times as likely to feel "significantly behind" when it comes to understanding cyberthreats, compared to their peers that have never been hit.π Read
via "Tech Republic".
TechRepublic
Survey finds that IT departments victimized by ransomware forever changed
IT managers at organizations hit by ransomware are nearly three times as likely to feel "significantly behind" when it comes to understanding cyberthreats, compared to their peers that have never been hit.
βΌ CVE-2020-6087 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6083 βΌ
π Read
via "National Vulnerability Database".
An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
β Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips β
π Read
via "Threat Post".
Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.π Read
via "Threat Post".
Threat Post
Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips
Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.
βΌ CVE-2020-0415 βΌ
π Read
via "National Vulnerability Database".
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795π Read
via "National Vulnerability Database".
βΌ CVE-2020-0414 βΌ
π Read
via "National Vulnerability Database".
In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122π Read
via "National Vulnerability Database".
π¦Ώ Zoom announces end-to-end encryption, customizable SDKs and more at Zoomtopia π¦Ώ
π Read
via "Tech Republic".
Zoom's two-day online conference kicked off with a bevy of new product announcements around security and developer enhancements.π Read
via "Tech Republic".
TechRepublic
Zoom announces end-to-end encryption, customizable SDKs and more at Zoomtopia
Zoom's two-day online conference kicked off with a bevy of new product announcements around security and developer enhancements.
π¦Ώ IoT security: University creates new labels for devices to increase awareness for consumers π¦Ώ
π Read
via "Tech Republic".
What if you could compare security on IoT devices, similar to nutrition labels, before you buy them? One organization is trying to make that happen.π Read
via "Tech Republic".
TechRepublic
IoT security: University creates new labels for devices to increase awareness for consumers
What if you could compare security on IoT devices, similar to nutrition labels, before you buy them? One organization is trying to make that happen.
β Silent Librarian Goes Back to School with Global Research-Stealing Effort β
π Read
via "Threat Post".
The Iranian hacker group is targeting universities in 12 countries.π Read
via "Threat Post".
Threat Post
Silent Librarian Goes Back to School with Global Research-Stealing Effort
The Iranian hacker group is targeting universities in 12 countries.
π΄ Intel's Ice Lake Beefs Up CPU Security for Cloud Workloads π΄
π Read
via "Dark Reading".
The third-generation Xeon processors build in hardware security features to provide extra protection to data in transit, at rest, and in use.π Read
via "Dark Reading".
Dark Reading
Intel's Ice Lake Beefs Up CPU Security for Cloud Workloads
The third-generation Xeon processors build in hardware security features to provide extra protection to data in transit, at rest, and in use.
π΄ Assuring Business Continuity by Reducing Malware Dwell Time π΄
π Read
via "Dark Reading".
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.π Read
via "Dark Reading".
Dark Reading
Assuring Business Continuity by Reducing Malware Dwell Time
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
βΌ CVE-2020-4395 βΌ
π Read
via "National Vulnerability Database".
IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.π Read
via "National Vulnerability Database".
π Microsoft Fixes Critical TCP/IP Vulnerability π
π Read
via "Digital Guardian".
A new, potentially wormable remote code execution vulnerability in the Windows TCP/IP stack was patched this week.π Read
via "Digital Guardian".
Digital Guardian
Microsoft Fixes Critical TCP/IP Vulnerability
A new, potentially wormable remote code execution vulnerability in the Windows TCP/IP stack was patched this week.
β Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE β
π Read
via "Threat Post".
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in.π Read
via "Threat Post".
Threat Post
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in.
π΄ What's Really Happening in Infosec Hiring Now? π΄
π Read
via "Dark Reading".
As the pandemic continues, security teams still need help they can't get. But the "skills shortage" is only part of the story.π Read
via "Dark Reading".
Dark Reading
What's Really Happening in Infosec Hiring Now?
As the pandemic continues, security teams still need help they can't get. But the skills shortage is only part of the story.
π See-SURF 2.0 π
π Read
via "Packet Storm Security".
See-SURF is a python-based scanner to find potential SSRF parameters in a web application.π Read
via "Packet Storm Security".
Packetstormsecurity
See-SURF 2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-15224 βΌ
π Read
via "National Vulnerability Database".
In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7318 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.π Read
via "National Vulnerability Database".