❌ Overlay Malware Targets Windows Users with a DLL Hijack Twist ❌
📖 Read
via "Threat Post".
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.📖 Read
via "Threat Post".
Threat Post
Overlay Malware Targets Windows Users with a DLL Hijack Twist
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.
❌ GravityRAT Comes Back to Earth with Android, macOS Spyware ❌
📖 Read
via "Threat Post".
The espionage tool masquerades as legitimate applications and robs victims blind of their data.📖 Read
via "Threat Post".
Threat Post
GravityRAT Comes Back to Earth with Android, macOS Spyware
The espionage tool masquerades as legitimate applications and robs victims blind of their data.
🕴 Trickbot, Phishing, Ransomware & Elections 🕴
📖 Read
via "Dark Reading".
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.📖 Read
via "Dark Reading".
Dark Reading
Trickbot, Phishing, Ransomware & Elections
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
‼ CVE-2020-26891 ‼
📖 Read
via "National Vulnerability Database".
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/m.login.recaptcha or /_matrix/client/r0/auth/m.login.terms Synapse 974923.📖 Read
via "National Vulnerability Database".
🦿 State-sponsored hackers and ransomware gangs are diversifying tactics to inflict more harm 🦿
📖 Read
via "Tech Republic".
The groups have been using off-the-shelf tooling and open source penetration testing tools at unprecedented scale, according to Accenture's 2020 Cyber Threatscape Report.📖 Read
via "Tech Republic".
TechRepublic
State-sponsored hackers and ransomware gangs are diversifying tactics to inflict more harm
The groups have been using off-the-shelf tooling and open source penetration testing tools at unprecedented scale, according to Accenture's 2020 Cyber Threatscape Report.
🦿 Why ransomware has become such a huge problem for businesses 🦿
📖 Read
via "Tech Republic".
Ransomware has evolved into a significant threat for all types of organizations. How and why is it such a pervasive issue, and how can organizations better defend themselves against it?📖 Read
via "Tech Republic".
TechRepublic
Why ransomware has become such a huge problem for businesses
Ransomware has evolved into a significant threat for all types of organizations. How and why is it such a pervasive issue, and how can organizations better defend themselves against it?
🔏 DOJ Charges 14 Members of QQAAZZ in International Cybercrime Conspiracy 🔏
📖 Read
via "Digital Guardian".
The latest international law enforcement takedown involves a money laundering ring responsible for doing the dirty work of cybercriminals.📖 Read
via "Digital Guardian".
Digital Guardian
DOJ Charges 14 Members of QQAAZZ in International Cybercrime Conspiracy
The latest international law enforcement takedown involves a money laundering ring responsible for doing the dirty work of cybercriminals.
❌ Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video ❌
📖 Read
via "Threat Post".
"Nuke Bizzle" faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, "EDD."📖 Read
via "Threat Post".
Threat Post
Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video
"Nuke Bizzle" faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, "EDD."
‼ CVE-2020-7156 ‼
📖 Read
via "National Vulnerability Database".
A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7193 ‼
📖 Read
via "National Vulnerability Database".
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24649 ‼
📖 Read
via "National Vulnerability Database".
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24647 ‼
📖 Read
via "National Vulnerability Database".
A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7145 ‼
📖 Read
via "National Vulnerability Database".
A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7153 ‼
📖 Read
via "National Vulnerability Database".
A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-16160 ‼
📖 Read
via "National Vulnerability Database".
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24651 ‼
📖 Read
via "National Vulnerability Database".
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7159 ‼
📖 Read
via "National Vulnerability Database".
A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).📖 Read
via "National Vulnerability Database".
🕴 Microsoft Tops Q3 List of Most-Impersonated Brands 🕴
📖 Read
via "Dark Reading".
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.📖 Read
via "Dark Reading".
Darkreading
Microsoft Tops Q3 List of Most-Impersonated Brands
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
🕴 GravityRAT Spyware Targets Android & MacOS in India 🕴
📖 Read
via "Dark Reading".
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.📖 Read
via "Dark Reading".
Dark Reading
GravityRAT Spyware Targets Android & MacOS in India
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
‼ CVE-2020-15262 ‼
📖 Read
via "National Vulnerability Database".
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-9263 ‼
📖 Read
via "National Vulnerability Database".
HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.📖 Read
via "National Vulnerability Database".