βΌ CVE-2020-26893 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.π Read
via "National Vulnerability Database".
π¦Ώ 5 ways to manage computers securely (and remotely) using PowerShell π¦Ώ
π Read
via "Tech Republic".
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.π Read
via "Tech Republic".
TechRepublic
5 ways to manage computers securely and remotely using PowerShell
Being able to secure communications between remote resources is just as important as being able to access the device. Using PowerShell, IT can do both when accessing off-site devices cross-platform.
β S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast β
π Read
via "Naked Security".
Listen to the latest episode of the Naked Security Podcastπ Read
via "Naked Security".
Naked Security
S3 Ep2: Creepy smartwatches, botnets and Pings of Death β Podcast
Listen to the latest episode of the Naked Security Podcast
π΄ Academia Adopts Mitre ATT&CK Framework π΄
π Read
via "Dark Reading".
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.π Read
via "Dark Reading".
Dark Reading
Academia Adopts Mitre ATT&CK Framework
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
β Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash β
π Read
via "Threat Post".
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.π Read
via "Threat Post".
Threat Post
Dickeyβs BBQ Breach: Meaty 3M Payment Card Upload Drops on Jokerβs Stash
After cybercriminals smoked out 3 million compromised payment cards on the Jokerβs Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.
βΌ CVE-2020-26682 βΌ
π Read
via "National Vulnerability Database".
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15867 βΌ
π Read
via "National Vulnerability Database".
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-14299 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.π Read
via "National Vulnerability Database".
π¦Ώ Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley π¦Ώ
π Read
via "Tech Republic".
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuss testing, is and how you can use it to improve application security and speed up your software development.π Read
via "Tech Republic".
TechRepublic
Fuzzing (fuzz testing) 101: Lessons from cyber security expert Dr. David Brumley
Dr. David Brumley, Carnegie Mellon University professor and CEO of ForAllSecure, explains what fuzzing, or fuss testing, is and how you can use it to improve application security and speed up your software development.
βΌ CVE-2020-9878 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9885 βΌ
π Read
via "National Vulnerability Database".
An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group.π Read
via "National Vulnerability Database".
π¦Ώ How to view website trackers in mobile Safari π¦Ώ
π Read
via "Tech Republic".
Learn how to use Apple's Privacy Report in Safari so you can see which websites attempted to track you on your iPhone or iPad.π Read
via "Tech Republic".
TechRepublic
How to view website trackers in mobile Safari from your iPhone or iPad
Learn how to use Apple's Privacy Report in Safari so you can see which websites attempted to track you on your iPhone or iPad.
π¦Ώ How to recover deleted files in Linux with testdisk π¦Ώ
π Read
via "Tech Republic".
If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.π Read
via "Tech Republic".
TechRepublic
How to recover deleted files in Linux with testdisk
If you've had files deleted by a hacker or you've accidentally removed them, Jack Wallen shows you how to recover that missing data with a handy tool called testdisk.
βΌ CVE-2020-9948 βΌ
π Read
via "National Vulnerability Database".
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9959 βΌ
π Read
via "National Vulnerability Database".
A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.π Read
via "National Vulnerability Database".
β Phishing Lures Shift from COVID-19 to Job Opportunities β
π Read
via "Threat Post".
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.π Read
via "Threat Post".
Threat Post
Phishing Lures Shift from COVID-19 to Job Opportunities
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
π΄ An Uncommon 20 Years of Commonly Enumerating Vulns π΄
π Read
via "Dark Reading".
Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).π Read
via "Dark Reading".
Dark Reading
An Uncommon 20 Years of Commonly Enumerating Vulns
Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
π΄ US Counterintelligence Director & Fmr. Europol Leader Talk Election Security π΄
π Read
via "Dark Reading".
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.π Read
via "Dark Reading".
Dark Reading
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.
π¦Ώ Leading more girls to STEM careers drives professor to create cybersecurity camp π¦Ώ
π Read
via "Tech Republic".
Teaching students around the world has become easier, thanks to Zoom classes, one college professor says. She's still trying to find a way to teach robotics, though.π Read
via "Tech Republic".
TechRepublic
Leading more girls to STEM careers drives professor to create cybersecurity camp
Teaching students around the world has become easier, thanks to Zoom classes, one college professor says. She's still trying to find a way to teach robotics, though.
π¦Ώ Professor creates cybersecurity camp to inspire girls to choose STEM careers π¦Ώ
π Read
via "Tech Republic".
Teaching via Zoom has had some unexpected benefits, college professor says, though robotics class is still a challenge. Her real passion is inspiring young women and girls to go into computer science.π Read
via "Tech Republic".
TechRepublic
Professor creates cybersecurity camp to inspire girls to choose STEM careers
Teaching via Zoom has had some unexpected benefits, college professor says, though robotics class is still a challenge. Her real passion is inspiring young women and girls to go into computer science.
β Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy β
π Read
via "Threat Post".
Google's Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden's presidential campaign.π Read
via "Threat Post".
Threat Post
Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy
Googleβs Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Bidenβs presidential campaign.