π΄ Do Standards Exist That Certify Secure IoT Systems? π΄
π Read
via "Dark Reading".
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.π Read
via "Dark Reading".
Dark Reading
Do Standards Exist That Certify Secure IoT Systems?
The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.
π DOJ Charges Sandworm, The Group Behind Destructive NotPetya Attack π
π Read
via "Digital Guardian".
That Russians were behind the attacks has always been a forgone conclusion to many experts but this is the first time that the U.S. has formally made the accusation.π Read
via "Digital Guardian".
Digital Guardian
DOJ Charges Sandworm, The Group Behind Destructive NotPetya Attack
That Russians were behind the attacks has always been a forgone conclusion to many experts but this is the first time that the U.S. has formally made the accusation.
π Sifter 10.4g π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 10.4g β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Ransomware Group Makes Splashy $20K Donation to Charities β
π Read
via "Threat Post".
Cybercriminal gang Darkside sent $20K in donations to charities in a βRobin Hoodβ effort thatβs likely intended to draw attention to future data dumps, according to experts.π Read
via "Threat Post".
Threat Post
Ransomware Group Makes Splashy $20K Donation to Charities
Cybercriminal gang Darkside sent $20K in donations to charities in a βRobin Hoodβ effort thatβs likely intended to draw attention to future data dumps, according to experts.
π΄ Ransomware Attacks Show Little Sign of Slowing in 2021 π΄
π Read
via "Dark Reading".
Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.π Read
via "Dark Reading".
Dark Reading
Ransomware Attacks Show Little Sign of Slowing in 2021
Attackers have little motivation to stop when businesses are paying increasingly larger ransoms, say security experts who foresee a rise in attacks.
βΌ CVE-2020-9417 βΌ
π Read
via "National Vulnerability Database".
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2019-9080 βΌ
π Read
via "National Vulnerability Database".
DomainMOD before 4.14.0 uses MD5 without a salt for password storage.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5790 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25648 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26895 βΌ
π Read
via "National Vulnerability Database".
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations.π Read
via "National Vulnerability Database".
β Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser β
π Read
via "Threat Post".
The memory-corruption vulnerability exists in the browserβs FreeType font rendering library.π Read
via "Threat Post".
Threat Post
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
The memory-corruption vulnerability exists in the browserβs FreeType font rendering library.
π¦Ώ Cisco reports highlight widespread desire for data privacy and fears over remote work security π¦Ώ
π Read
via "Tech Republic".
Workers are increasingly concerned about the ability of enterprises to keep them protected as they work from home.π Read
via "Tech Republic".
TechRepublic
Cisco reports highlight widespread desire for data privacy and fears over remote work security
Workers are increasingly concerned about the ability of enterprises to keep them protected as they work from home.
β Cybercriminals Step Up Their Game Ahead of U.S. Elections β
π Read
via "Threat Post".
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media giants, the government and citizens are more prepared.π Read
via "Threat Post".
Threat Post
Cybercriminals Step Up Their Game Ahead of U.S. Elections
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media giants, the government and citizens are more prepared.
π΄ Modern Day Insider Threat: Network Bugs That Are Stealing Your Data π΄
π Read
via "Dark Reading".
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.π Read
via "Dark Reading".
Dark Reading
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
βΌ CVE-2020-25820 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.π Read
via "National Vulnerability Database".
β Chrome zero-day in the wild β patch now! β
π Read
via "Naked Security".
Exploitable bug in Chrome - patch now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data β
π Read
via "Threat Post".
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data."π Read
via "Threat Post".
Threat Post
Egregor Claims Responsibility for Barnes & Noble Attack, Leaks Data
The ransomware gang claims to have bought network access to the bookseller's systems before encrypting the networks and stealing "financial and audit data."
π¦Ώ How to protect your privacy when selling your phone π¦Ώ
π Read
via "Tech Republic".
If your currrent phone is ready for retirement or you need to sell your current phone to upgrade to a new model, follow these steps to keep your data private.π Read
via "Tech Republic".
TechRepublic
How to protect your privacy when selling your phone
If your current phone is ready for retirement or you need to sell your current phone to upgrade to a new model, follow these steps to keep your data private.
π΄ Are You One COVID-19 Test Away From a Cybersecurity Disaster? π΄
π Read
via "Dark Reading".
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.π Read
via "Dark Reading".
Dark Reading
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
π΄ Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets π΄
π Read
via "Dark Reading".
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.π Read
via "Dark Reading".
Dark Reading
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
π nfstream 6.2.0 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers