β Googleβs Waze Can Allow Hackers to Identify and Track Users β
π Read
via "Threat Post".
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.π Read
via "Threat Post".
Threat Post
Googleβs Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
βΌ CVE-2020-7748 βΌ
π Read
via "National Vulnerability Database".
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.π Read
via "National Vulnerability Database".
β Mobile Browser Bugs Open Safari, Opera Users to Malware β
π Read
via "Threat Post".
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.π Read
via "Threat Post".
Threat Post
Mobile Browser Bugs Open Safari, Opera Users to Malware
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
π΄ Trickbot Tenacity Shows Infrastructure Resistant to Takedowns π΄
π Read
via "Dark Reading".
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π¦Ώ Homebrew: How to install reconnaissance tools on macOS π¦Ώ
π Read
via "Tech Republic".
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.π Read
via "Tech Republic".
TechRepublic
Homebrew: How to install reconnaissance tools on macOS
We'll guide you through the process of using Homebrew package manager to install security tools on macOS to perform reconnaissance, discovery, and fingerprinting of the devices on your network.
π΄ Building the Human Firewall π΄
π Read
via "Dark Reading".
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?π Read
via "Dark Reading".
Dark Reading
Building the Human Firewall
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
β Office 365 OAuth Attack Targets Coinbase Users β
π Read
via "Threat Post".
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.π Read
via "Threat Post".
Threat Post
Office 365 OAuth Attack Targets Coinbase Users
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.
π΄ Businesses Rethink Endpoint Security for 2021 π΄
π Read
via "Dark Reading".
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?π Read
via "Dark Reading".
Dark Reading
Businesses Rethink Endpoint Security for 2021
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
β Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts β
π Read
via "Threat Post".
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.π Read
via "Threat Post".
Threat Post
Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.
βΌ CVE-2020-4748 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6367 βΌ
π Read
via "National Vulnerability Database".
There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50. An unauthenticated attacker can trick an unsuspecting authenticated user to click on a malicious link. The end users browser has no way to know that the script should not be trusted, and will execute the script, resulting in sensitive information being disclosed or modified.π Read
via "National Vulnerability Database".
β Facebook: A Top Launching Pad For Phishing Attacks β
π Read
via "Threat Post".
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.π Read
via "Threat Post".
Threat Post
Facebook: A Top Launching Pad For Phishing Attacks
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.
π΄ Farsight Labs Launched as Security Collaboration Platform π΄
π Read
via "Dark Reading".
Farsight Security's platform will offer no-cost access to certain tools and services.π Read
via "Dark Reading".
Dark Reading
Farsight Labs Launched as Security Collaboration Platform
Farsight Security's platform will offer no-cost access to certain tools and services.
β Naked Security Live β Ping of Death: are you at risk? β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Ping of Death: are you at risk?
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!
β Russian βgovernment hackersβ charged with cybercrimes by the US β
π Read
via "Naked Security".
What can we learn from the US DOJ indictments against the "Sandworm Team"?π Read
via "Naked Security".
Naked Security
Russian βgovernment hackersβ charged with cybercrimes by the US
What can we learn from the US DOJ indictments against the βSandworm Teamβ?
π΄ The Cybersecurity Maturity Model Certification: Are You in Compliance? π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
β Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio β
π Read
via "Threat Post".
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.π Read
via "Threat Post".
Threat Post
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.
βΌ CVE-2020-3992 βΌ
π Read
via "National Vulnerability Database".
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7370 βΌ
π Read
via "National Vulnerability Database".
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects the Bolt Browser version 1.4 and prior versions.π Read
via "National Vulnerability Database".
π΄ NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers π΄
π Read
via "Dark Reading".
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.π Read
via "Dark Reading".
Dark Reading
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
π΄ Do Standards Exist That Certify Secure IoT Systems? π΄
π Read
via "Dark Reading".
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.π Read
via "Dark Reading".
Dark Reading
Do Standards Exist That Certify Secure IoT Systems?
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.