β Scammers Abuse Google Drive to Send Malicious Links β
π Read
via "Threat Post".
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.π Read
via "Threat Post".
Threat Post
Scammers Abuse Google Drive to Send Malicious Links
Cybercriminals are sending malicious links to hundreds of thousands of users via Google Drive notifications.
β Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach β
π Read
via "Threat Post".
JM Bullion fell victim to a payment-card skimmer, which was in place for five months.π Read
via "Threat Post".
Threat Post
Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach
JM Bullion fell victim to a payment-card skimmer, which was in place for five months.
π SQLMAP - Automatic SQL Injection Tool 1.4.11 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.4.11 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Samhain File Integrity Checker 4.4.3 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ It's an urgent plea this Election Eve: Don't click on ransomware disguised as political ads π¦Ώ
π Read
via "Tech Republic".
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.π Read
via "Tech Republic".
TechRepublic
It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.
βΌ CVE-2018-19951 βΌ
π Read
via "National Vulnerability Database".
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.π Read
via "National Vulnerability Database".
βΌ CVE-2018-19955 βΌ
π Read
via "National Vulnerability Database".
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions prior to 5.7.11; versions prior to 6.0.10.π Read
via "National Vulnerability Database".
β WordPress Pushes Out Multiple Flawed Security Updates β
π Read
via "Threat Post".
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.π Read
via "Threat Post".
Threat Post
WordPress Pushes Out Multiple Flawed Security Updates
WordPress bungles critical security 5.5.2 fix and saves face next day with 5.5.3 update.
π Digital Guardian Provides Customers Protection Following Spread of Ryuk Ransomware π
π Read
via "Digital Guardian".
Weβve released a free policy pack to help customers, especially those in the healthcare and public health sector, protect against the latest Ryuk ransomware campaign.π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Provides Customers Protection Following Spread of Ryuk Ransomware
Weβve released a free policy pack to help customers, especially those in the healthcare and public health sector, protect against the latest Ryuk ransomware campaign.
π΄ Windows Zero-Day Used with Chrome Flaw in Targeted Attacks π΄
π Read
via "Dark Reading".
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.π Read
via "Dark Reading".
Darkreading
Windows Zero-Day Used with Chrome Flaw in Targeted Attacks
Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.
β Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope β
π Read
via "Threat Post".
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.π Read
via "Threat Post".
Threat Post
Survey: Cybersecurity Skills Shortage is βBad,β But Thereβs Hope
Automation, strategic process design and an investment in training are the keys to managing the cybersecurity skills gap, according to a recent survey from Trustwave.
β $100M Botnet Scheme Lands Cybercriminal 8 Years in Jail β
π Read
via "Threat Post".
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.π Read
via "Threat Post".
Threat Post
$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail
Aleksandr Brovko faces jail time after stealing $100 million worth of personal identifiable information (PII) and financial data over the course of more than 10 years.
π΄ Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation π΄
π Read
via "Dark Reading".
Cybercrime scheme netted more than $100 million.π Read
via "Dark Reading".
Dark Reading
Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation
Cybercrime scheme netted more than $100 million.
π¦Ώ Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021. π¦Ώ
π Read
via "Tech Republic".
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.π Read
via "Tech Republic".
TechRepublic
Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021.
The COVID-19 pandemic provided a huge opening for bad actors this year, thanks to remote work. Security experts expect more advanced cybersecurity threats in the coming year.
π΄ New Tools Make North Korea's Kimsuky Group More Dangerous π΄
π Read
via "Dark Reading".
Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.π Read
via "Dark Reading".
Dark Reading
New Tools Make North Korea's Kimsuky Group More Dangerous
Threat actor actively targeting US organizations in global intelligence-gathering campaign, government says.
βΌ CVE-2020-26939 βΌ
π Read
via "National Vulnerability Database".
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27982 βΌ
π Read
via "National Vulnerability Database".
IceWarp 11.4.5.0 allows XSS via the language parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7758 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package browserless-chrome. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9368 βΌ
π Read
via "National Vulnerability Database".
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8183 βΌ
π Read
via "National Vulnerability Database".
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.π Read
via "National Vulnerability Database".
βΌ CVE-2020-6014 βΌ
π Read
via "National Vulnerability Database".
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.π Read
via "National Vulnerability Database".