π΄ Microsoft Warns of Ongoing Attacks Exploiting Zerologon π΄
π Read
via "Dark Reading".
The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Adobe Flash β itβs the end of the end of the end of the road at last β
π Read
via "Naked Security".
The journey to the end of Flash. Are we there yet?π Read
via "Naked Security".
Naked Security
Adobe Flash β itβs the end of the end of the end of the road at last
The journey to the end of Flash. Are we there yet?
π¦Ώ AWS releases Nitro Enclaves, making it easier to process highly sensitive data π¦Ώ
π Read
via "Tech Republic".
According to Amazon, Nitro Enclaves will help customers reduce attack surfaces for their applications by providing a highly isolated and hardened environment for data processing.π Read
via "Tech Republic".
TechRepublic
AWS releases Nitro Enclaves, making it easier to process highly sensitive data
According to Amazon, Nitro Enclaves will help customers reduce attack surfaces for their applications by providing a highly isolated and hardened environment for data processing.
β Wroba Mobile Banking Trojan Spreads to the U.S. via Texts β
π Read
via "Threat Post".
The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate.π Read
via "Threat Post".
Threat Post
Wroba Mobile Banking Trojan Spreads to the U.S. via Texts
The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate.
β Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories β
π Read
via "Threat Post".
Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry -- including bugs that just won't die.π Read
via "Threat Post".
Threat Post
Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories
Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry β including bugs that just won't die.
β Wisc. GOPβs $2.3M MAGA Hat Debacle Showcases Fraud Concerns β
π Read
via "Threat Post".
Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam β and anyone working on the upcoming election needs to pay attention. π Read
via "Threat Post".
Threat Post
Wisc. GOPβs $2.3M MAGA Hat Debacle Showcases Fraud Concerns
Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam β and anyone working on the upcoming election needs to pay attention.
π΄ New Wroba Campaign Is Latest Sign of Growing Mobile Threats π΄
π Read
via "Dark Reading".
After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.π Read
via "Dark Reading".
Dark Reading
New Wroba Campaign Is Latest Sign of Growing Mobile Threats
After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
β Firestarter Android Malware Abuses Google Firebase Cloud Messaging β
π Read
via "Threat Post".
The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism.π Read
via "Threat Post".
Threat Post
Firestarter Android Malware Abuses Google Firebase Cloud Messaging
The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism.
π Wireshark Analyzer 3.4.0 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β WordPress Patches 3-Year-Old High-Severity RCE Bug β
π Read
via "Threat Post".
In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software.π Read
via "Threat Post".
Threat Post
WordPress Patches 3-Year-Old High-Severity RCE Bug
In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software.
β Crippling Cyberattacks, Disinformation Top Concerns for Election Day β
π Read
via "Threat Post".
Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election -- and they also highlight the positives.π Read
via "Threat Post".
Threat Post
Crippling Cyberattacks, Disinformation Top Concerns for Election Day
Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election β and they also highlight the positives.
π΄ Rising Ransomware Breaches Underscore Cybersecurity Failures π΄
π Read
via "Dark Reading".
Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.π Read
via "Dark Reading".
Dark Reading
Rising Ransomware Breaches Underscore Cybersecurity Failures
Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.
βΌ CVE-2020-7373 βΌ
π Read
via "National Vulnerability Database".
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5934 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27886 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).π Read
via "National Vulnerability Database".
βΌ CVE-2020-15703 βΌ
π Read
via "National Vulnerability Database".
There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5933 βΌ
π Read
via "National Vulnerability Database".
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5932 βΌ
π Read
via "National Vulnerability Database".
On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25849 βΌ
π Read
via "National Vulnerability Database".
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the userΓΒ’Γ’β¬ÒβΒ’s access token.π Read
via "National Vulnerability Database".
β Adobe Flash β itβs the end of the end of the end of the road at last β
π Read
via "Naked Security".
The journey to the end of Flash. Are we there yet?π Read
via "Naked Security".
Naked Security
Adobe Flash β itβs the end of the end of the end of the road at last
The journey to the end of Flash. Are we there yet?
β Naked Security Live β Ransomware: what to do? β
π Read
via "Naked Security".
Here's the latest Naked Security Live video - enjoy (and please share with your friends)!π Read
via "Naked Security".
Naked Security
Naked Security Live β Ransomware: what to do?
Hereβs the latest Naked Security Live video β enjoy (and please share with your friends)!