β Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape β
π Read
via "Threat Post".
Google Project Zero disclosed the bug before a patch becomes available from Microsoft.π Read
via "Threat Post".
Threat Post
Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
Google Project Zero disclosed the bug before a patch becomes available from Microsoft.
π΄ Fraud Prevention Strategies to Prepare for the Future π΄
π Read
via "Dark Reading".
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.π Read
via "Dark Reading".
Dark Reading
Fraud Prevention Strategies to Prepare for the Future
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.
β Scammers Abuse Google Drive to Send Malicious Links β
π Read
via "Threat Post".
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.π Read
via "Threat Post".
Threat Post
Scammers Abuse Google Drive to Send Malicious Links
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.
β Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach β
π Read
via "Threat Post".
JM Bullion fell victim to a payment-card skimmer, which was in place for five months.π Read
via "Threat Post".
Threat Post
Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach
JM Bullion fell victim to a payment-card skimmer, which was in place for five months.
π SQLMAP - Automatic SQL Injection Tool 1.4.11 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.11 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Samhain File Integrity Checker 4.4.3 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ It's an urgent plea this Election Eve: Don't click on ransomware disguised as political ads π¦Ώ
π Read
via "Tech Republic".
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.π Read
via "Tech Republic".
TechRepublic
It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.
βΌ CVE-2018-19951 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.π Read
via "National Vulnerability Database".
βΌ CVE-2018-19955 βΌ
π Read
via "National Vulnerability Database".
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.π Read
via "National Vulnerability Database".
β WordPress Pushes Out Multiple Flawed Security Updates β
π Read
via "Threat Post".
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.π Read
via "Threat Post".
Threat Post
WordPress Pushes Out Multiple Flawed Security Updates
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.
π Digital Guardian Provides Customers Protection Following Spread of Ryuk Ransomware π
π Read
via "Digital Guardian".
Weβve released a free policy pack to help customers, especially those in the healthcare and public health sector, protect against the latest Ryuk ransomware campaign.π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Provides Customers Protection Following Spread of Ryuk Ransomware
Weβve released a free policy pack to help customers, especially those in the healthcare and public health sector, protect against the latest Ryuk ransomware campaign.
π΄ Windows Zero-Day Used with Chrome Flaw in Targeted Attacks π΄
π Read
via "Dark Reading".
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.π Read
via "Dark Reading".
Darkreading
Windows Zero-Day Used with Chrome Flaw in Targeted Attacks
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.
β Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope β
π Read
via "Threat Post".
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.π Read
via "Threat Post".
Threat Post
Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.
β $100M Botnet Scheme Lands Cybercriminal 8 Years in Jail β
π Read
via "Threat Post".
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.π Read
via "Threat Post".
Threat Post
$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.
π΄ Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation π΄
π Read
via "Dark Reading".
Cybercrime scheme netted more than $100 million.π Read
via "Dark Reading".
Dark Reading
Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation
Cybercrime scheme netted more than $100 million.
π¦Ώ Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021. π¦Ώ
π Read
via "Tech Republic".
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.π Read
via "Tech Republic".
TechRepublic
Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021.
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.
π΄ New Tools Make North Korea's Kimsuky Group More Dangerous π΄
π Read
via "Dark Reading".
Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.π Read
via "Dark Reading".
Dark Reading
New Tools Make North Korea's Kimsuky Group More Dangerous
Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.
βΌ CVE-2020-26939 βΌ
π Read
via "National Vulnerability Database".
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27982 βΌ
π Read
via "National Vulnerability Database".
IceWarp 11.4.5.0 allows XSS via the language parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7758 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9368 βΌ
π Read
via "National Vulnerability Database".
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.π Read
via "National Vulnerability Database".