β Carnival Corp. Ransomware Attack Affected Three Cruise Lines β
π Read
via "Threat Post".
Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.π Read
via "Threat Post".
Threat Post
Carnival Corp. Ransomware Attack Affects Three Cruise Lines
Hackers accessed personal information of guests, employees and crew for Carnival Cruise, Holland America and Seabourn as well as casino operations.
βΌ CVE-2020-7327 βΌ
π Read
via "National Vulnerability Database".
Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closedπ Read
via "National Vulnerability Database".
βΌ CVE-2020-7326 βΌ
π Read
via "National Vulnerability Database".
Improperly implemented security check in McAfee Active Response (MAR) prior to 2.4.4 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MAR failing open rather than closedπ Read
via "National Vulnerability Database".
β Barnes & Noble Hack: A Reading List for Phishers and Crooks β
π Read
via "Threat Post".
Customers' lists of book purchases along with email addresses and more could have been exposed -- and that's a problem.π Read
via "Threat Post".
Threat Post
Barnes & Noble Hack: A Reading List for Phishers and Crooks
Customers' lists of book purchases along with email addresses and more could have been exposed during a (ransomware?) attack β and that's a problem.
π΄ The Ruthless Cyber Chaos of Business Recovery π΄
π Read
via "Dark Reading".
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.π Read
via "Dark Reading".
Dark Reading
The Ruthless Cyber Chaos of Business Recovery
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
π¦Ώ Ransomware campaign threatens organizations with DDoS attacks π¦Ώ
π Read
via "Tech Republic".
All the organizations that contacted security provider Radware after receiving an extortion letter were hit by Distributed Denial of Service attacks.π Read
via "Tech Republic".
TechRepublic
Ransom campaign threatens organizations with DDoS attacks
All the organizations that contacted security provider Radware after receiving an extortion letter were hit by Distributed Denial of Service attacks.
βΌ CVE-2020-4499 βΌ
π Read
via "National Vulnerability Database".
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an unauthorized public Oauth client to bypass some or all of the authentication checks and gain access to applications. IBM X-Force ID: 182216.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7744 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com or comes from a Google app (the com.android.vending package) b. Ends with .apk for apk downloads In both cases, the module sends the captured data back to Mintegral's servers. Note that the malicious functionality keeps running even if the app is currently not in focus (running in the background).π Read
via "National Vulnerability Database".
β Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts β
π Read
via "Threat Post".
Companies that use Broadvoice's cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure.π Read
via "Threat Post".
Threat Post
Broadvoice Leak Exposes 350M Records, Personal Voicemail Transcripts
Companies that use Broadvoice's cloud-based VoIP platform may find their patients, customers, suppliers and partners to be impacted by a massive data exposure.
β Zoom Rolls Out End-to-End Encryption After Setbacks β
π Read
via "Threat Post".
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.π Read
via "Threat Post".
Threat Post
Zoom Rolls Out End-to-End Encryption After Setbacks
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.
π¦Ώ Survey: 53% of young cybersecurity professionals fear replacement by automation π¦Ώ
π Read
via "Tech Republic".
Cybersecurity professionals largely embrace automation, but half of younger employees worry that technology could make their roles obsolete, according to a new survey by Exabeam.π Read
via "Tech Republic".
TechRepublic
Survey: 53% of young cybersecurity professionals fear replacement by automation
Cybersecurity professionals largely embrace automation, but half of younger employees worry that technology could make their roles obsolete, according to a new survey by Exabeam.
βΌ CVE-2020-6107 βΌ
π Read
via "National Vulnerability Database".
An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6105 βΌ
π Read
via "National Vulnerability Database".
An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
π΄ Overcoming the Challenge of Shorter Certificate Lifespans π΄
π Read
via "Dark Reading".
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.π Read
via "Dark Reading".
Dark Reading
Overcoming the Challenge of Shorter Certificate Lifespans
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
βΌ CVE-2019-12411 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13939 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
π Proposed Modifications to the CCPA Issued π
π Read
via "Digital Guardian".
Potential modifications to the CCPA include would change βDo Not Sell My Personal Informationβ requests and how companies provide notice when they collect information offline.π Read
via "Digital Guardian".
Digital Guardian
Proposed Modifications to the CCPA Issued
Potential modifications to the CCPA include would change βDo Not Sell My Personal Informationβ requests and how companies provide notice when they collect information offline.
π΄ Barnes & Noble Warns Customers About Data Breach π΄
π Read
via "Dark Reading".
Famed bookseller says non-financial data was exposed in a new attack.π Read
via "Dark Reading".
Dark Reading
Barnes & Noble Warns Customers About Data Breach
Famed bookseller says non-financial data was exposed in a new attack.
π GRR 3.4.2.4 π
π Read
via "Packet Storm Security".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Read
via "Packet Storm Security".
Packetstormsecurity
GRR 3.4.2.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Twitter Hack Analysis Drives Calls for Greater Security Regulation π΄
π Read
via "Dark Reading".
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.π Read
via "Dark Reading".
Dark Reading
Twitter Hack Analysis Drives Calls for Greater Security Regulation
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the jarringly easy Twitter breach.
β FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft β
π Read
via "Threat Post".
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.π Read
via "Threat Post".
Threat Post
FIFA 21 Blockbuster Release Gives Fraudsters an Open Field for Theft
In-game features of the just-released FIFA 21 title give scammers easy access its vast audience.