‼ CVE-2020-15909 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds N-central through 2020.1 allows session hijacking.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-15910 ‼
📖 Read
via "National Vulnerability Database".
SolarWinds N-central through 12.3 does not include the HTTPOnly flag in the Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13778 ‼
📖 Read
via "National Vulnerability Database".
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.📖 Read
via "National Vulnerability Database".
🦿 Microsoft now the most impersonated brand in phishing attacks 🦿
📖 Read
via "Tech Republic".
Almost 20% of phishing campaigns last quarter spoofed Microsoft as many people continue to work remotely due to the coronavirus pandemic, says Check Point Research.📖 Read
via "Tech Republic".
🕴 Expert Tips to Keep WordPress Safe 🕴
📖 Read
via "Dark Reading".
The most widely used content management system on the Web relies heavily on plug-ins and add-on software, rigorous security measures at every level.📖 Read
via "Dark Reading".
Dark Reading
Expert Tips to Keep WordPress Safe
The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.
❌ Microsoft Exchange, Outlook Under Siege By APTs ❌
📖 Read
via "Threat Post".
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.📖 Read
via "Threat Post".
Threat Post
Microsoft Exchange, Outlook Under Siege By APTs
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.
🕴 A Swift Reminder About Cybersecurity 🕴
📖 Read
via "Dark Reading".
The hackers gonna crack, crack, crack, crack, crack ...📖 Read
via "Dark Reading".
Dark Reading
A Swift Reminder About Cybersecurity
The hackers gonna crack, crack, crack, crack, crack ...
‼ CVE-2020-24265 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24266 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.📖 Read
via "National Vulnerability Database".
🕴 Chart: The Pandemic Reprioritizes Security Projects 🕴
📖 Read
via "Dark Reading".
Responses among IT and security pros reflect concern over vulnerabilities incurred by workers accessing the enterprise network from poorly protected home networks.📖 Read
via "Dark Reading".
❌ Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack ❌
📖 Read
via "Threat Post".
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.📖 Read
via "Threat Post".
Threat Post
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
🕴 7 Tips for Choosing Security Metrics That Matter 🕴
📖 Read
via "Dark Reading".
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.📖 Read
via "Dark Reading".
Dark Reading
7 Tips for Choosing Security Metrics That Matter
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
❌ Overlay Malware Targets Windows Users with a DLL Hijack Twist ❌
📖 Read
via "Threat Post".
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.📖 Read
via "Threat Post".
Threat Post
Overlay Malware Targets Windows Users with a DLL Hijack Twist
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.
❌ GravityRAT Comes Back to Earth with Android, macOS Spyware ❌
📖 Read
via "Threat Post".
The espionage tool masquerades as legitimate applications and robs victims blind of their data.📖 Read
via "Threat Post".
Threat Post
GravityRAT Comes Back to Earth with Android, macOS Spyware
The espionage tool masquerades as legitimate applications and robs victims blind of their data.
🕴 Trickbot, Phishing, Ransomware & Elections 🕴
📖 Read
via "Dark Reading".
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.📖 Read
via "Dark Reading".
Dark Reading
Trickbot, Phishing, Ransomware & Elections
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
‼ CVE-2020-26891 ‼
📖 Read
via "National Vulnerability Database".
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/m.login.recaptcha or /_matrix/client/r0/auth/m.login.terms Synapse 974923.📖 Read
via "National Vulnerability Database".
🦿 State-sponsored hackers and ransomware gangs are diversifying tactics to inflict more harm 🦿
📖 Read
via "Tech Republic".
The groups have been using off-the-shelf tooling and open source penetration testing tools at unprecedented scale, according to Accenture's 2020 Cyber Threatscape Report.📖 Read
via "Tech Republic".
TechRepublic
State-sponsored hackers and ransomware gangs are diversifying tactics to inflict more harm
The groups have been using off-the-shelf tooling and open source penetration testing tools at unprecedented scale, according to Accenture's 2020 Cyber Threatscape Report.
🦿 Why ransomware has become such a huge problem for businesses 🦿
📖 Read
via "Tech Republic".
Ransomware has evolved into a significant threat for all types of organizations. How and why is it such a pervasive issue, and how can organizations better defend themselves against it?📖 Read
via "Tech Republic".
TechRepublic
Why ransomware has become such a huge problem for businesses
Ransomware has evolved into a significant threat for all types of organizations. How and why is it such a pervasive issue, and how can organizations better defend themselves against it?
🔏 DOJ Charges 14 Members of QQAAZZ in International Cybercrime Conspiracy 🔏
📖 Read
via "Digital Guardian".
The latest international law enforcement takedown involves a money laundering ring responsible for doing the dirty work of cybercriminals.📖 Read
via "Digital Guardian".
Digital Guardian
DOJ Charges 14 Members of QQAAZZ in International Cybercrime Conspiracy
The latest international law enforcement takedown involves a money laundering ring responsible for doing the dirty work of cybercriminals.
❌ Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video ❌
📖 Read
via "Threat Post".
"Nuke Bizzle" faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, "EDD."📖 Read
via "Threat Post".
Threat Post
Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video
"Nuke Bizzle" faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, "EDD."
‼ CVE-2020-7156 ‼
📖 Read
via "National Vulnerability Database".
A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".