π Insider Threats Poised to Increase in 2021 π
π Read
via "Digital Guardian".
Forrester, citing the persistence of remote work, predicts that internal incidents will be responsible for 33% of breaches in 2021.π Read
via "Digital Guardian".
Digital Guardian
Insider Threats Poised to Increase in 2021
Forrester, citing the persistence of remote work, predicts that internal incidents will be responsible for 33% of breaches in 2021.
π΄ 6 Ways Passwords Fail Basic Security Tests π΄
π Read
via "Dark Reading".
New data shows humans still struggle with password creation and management.π Read
via "Dark Reading".
Dark Reading
6 Ways Passwords Fail Basic Security Tests
New data shows humans still struggle with password creation and management.
βΌ CVE-2020-16262 βΌ
π Read
via "National Vulnerability Database".
Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26132 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary.π Read
via "National Vulnerability Database".
β βCopyright Violationβ Notices Lead to Facebook 2FA Bypass β
π Read
via "Threat Post".
Fraudulent Facebook messages allege copyright infringement and threaten to take down pages, unless users enter logins, passwords and 2FA codes.π Read
via "Threat Post".
Threat Post
βCopyright Violationβ Notices Lead to Facebook 2FA Bypass
Fraudulent Facebook messages allege copyright infringement and threaten to take down pages, unless users enter logins, passwords and 2FA codes.
π΄ US Government Issues Warning on Kimsuky APT Group π΄
π Read
via "Dark Reading".
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.π Read
via "Dark Reading".
Dark Reading
US Government Issues Warning on Kimsuky APT Group
The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
π¦Ώ Don't wait for a breach before implementing cybersecurity, expert says π¦Ώ
π Read
via "Tech Republic".
Professor who specializes in security says we often treat a breach like a home break-in, adding security after the theft. More students are choosing security as a career, she adds.π Read
via "Tech Republic".
TechRepublic
Don't wait for a breach before implementing cybersecurity, expert says
Professor who specializes in security says we often treat a breach like a home break-in, adding security after the theft. More students are choosing security as a career, she adds.
β More Hospitals Hit by Growing Wave of Ransomware Attacks β
π Read
via "Threat Post".
Hospitals in New York and Oregon were targeted on Tuesday by threat actors who crippled systems and forced ambulances with sick patients to be rerouted, in some cases.π Read
via "Threat Post".
Threat Post
2 More Hospitals Hit by Growing Wave of Ransomware Attacks, As Feds Issue Warning
Hospitals in New York and Oregon were targeted on Tuesday by threat actors who crippled systems and forced ambulances with sick patients to be rerouted, in some cases.
π΄ Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color π΄
π Read
via "Dark Reading".
Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.π Read
via "Dark Reading".
Dark Reading
Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color
Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.
βΌ CVE-2020-24712 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24711 βΌ
π Read
via "National Vulnerability Database".
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attackπ Read
via "National Vulnerability Database".
βΌ CVE-2020-24708 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27986 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position is "it is the administrator's responsibility to configure it."π Read
via "National Vulnerability Database".
βΌ CVE-2020-11487 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2020-11488 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.π Read
via "National Vulnerability Database".
β Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns β
π Read
via "Threat Post".
Malicious redirection websites are using typosquatting and impersonation to attack unwary visitors.π Read
via "Threat Post".
Threat Post
Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns
Malicious redirection websites are using typosquatting and impersonation to attack unwary visitors.
βΌ CVE-2020-27655 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7746 βΌ
π Read
via "National Vulnerability Database".
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.π Read
via "National Vulnerability Database".
β Bug-Bounty Awards Spike 26% in 2020 β
π Read
via "Threat Post".
The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify.π Read
via "Threat Post".
Threat Post
Bug-Bounty Awards Spike 26% in 2020
The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify.
π¦Ώ How phishing attacks are targeting schools and colleges π¦Ώ
π Read
via "Tech Republic".
Attackers are exploiting the need for schools to receive critical updates from teachers, principals, and department heads, says Barracuda.π Read
via "Tech Republic".
TechRepublic
How phishing attacks are targeting schools and colleges
Attackers are exploiting the need for schools to receive critical updates from teachers, principals, and department heads, says Barracuda.
π Digital Guardian Debuts Exclusive Offer for Forcepoint DLP Customers π
π Read
via "Digital Guardian".
With news the company will be acquired, Forcepoint DLP customers may be looking for a change.π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Debuts Exclusive Offer for Forcepoint DLP Customers
With news the company will be acquired, Forcepoint DLP customers may be looking for a change.