❌ Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw ❌
📖 Read
via "Threat Post".
The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.📖 Read
via "Threat Post".
Threat Post
Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw
The remote code-execution flaw (CVE-2020-14750) is low-complexity and requires no user interaction to exploit.
🦿 It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads 🦿
📖 Read
via "Tech Republic".
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.📖 Read
via "Tech Republic".
TechRepublic
It's an urgent plea this Election Day: Don't click on ransomware disguised as political ads
Remote work and social media have made it easier for businesses to be impacted by security breaches. Here's why, and how organizations can protect themselves.
🕴 Reworking the Taxonomy for Richer Risk Assessments 🕴
📖 Read
via "Dark Reading".
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.📖 Read
via "Dark Reading".
Dark Reading
Reworking the Taxonomy for Richer Risk Assessments
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.
‼ CVE-2020-4649 ‼
📖 Read
via "National Vulnerability Database".
IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022.📖 Read
via "National Vulnerability Database".
❌ Media Comms Giant Says Ransomware Hit Will Cost Millions ❌
📖 Read
via "Threat Post".
Aussie firm Isentia said "remediation and foregone revenue" could total $8.5 million AUS or more.📖 Read
via "Threat Post".
Threat Post
Media Comms Giant Says Ransomware Hit Will Cost Millions
Aussie firm Isentia said "remediation and foregone revenue" could total $8.5 million AUS or more.
🕴 9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time 🕴
📖 Read
via "Dark Reading".
This year has been the ultimate test of business resilience, and if anything has become clear, it's this: Security pros need to get to work and overhaul their playbooks in preparation for multilayered attacks.📖 Read
via "Dark Reading".
Dark Reading
9 Cyber Disaster-Recovery Planning Tips for a Disaster-Prone Time
This year has been the ultimate test of business resilience, and if anything has become clear, it's this: Security pros need to get to work and overhaul their playbooks in preparation for multilayered attacks.
❌ Two Chrome Browser Updates Plugs Holes Actively Targeted by Exploits ❌
📖 Read
via "Threat Post".
Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.📖 Read
via "Threat Post".
Threat Post
Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.
🔏 What is SOC 2? 🔏
📖 Read
via "Digital Guardian".
SOC 2 is a set of compliance requirements for companies that use cloud-based storage of customer data. Learn about the basics of SOC 2 and best practices in this week's Data Protection 101!📖 Read
via "Digital Guardian".
🕴 Oracle Issues Out-of-Band Update for Remote-Access Vulnerability 🕴
📖 Read
via "Dark Reading".
The exploit could give an attacker complete control of vulnerable WebLogic servers.📖 Read
via "Dark Reading".
Dark Reading
Oracle Issues Out-of-Band Update for Remote-Access Vulnerability
The exploit could give an attacker complete control of vulnerable WebLogic servers.
❌ 34M Records from 17 Companies Up for Sale in Cybercrime Forum ❌
📖 Read
via "Threat Post".
A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove.📖 Read
via "Threat Post".
Threat Post
34M Records from 17 Companies Up for Sale in Cybercrime Forum
A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove.
🕴 Neustar Agrees to Buy Verisign's Public DNS Service 🕴
📖 Read
via "Dark Reading".
The address space for Verisign Public DNS will be incorporated into Neustar's UltraDNS Public service following the acquisition.📖 Read
via "Dark Reading".
Dark Reading
Neustar Agrees to Buy Verisign's Public DNS Service
The address space for Verisign Public DNS will be incorporated into Neustar's UltraDNS Public service following the acquisition.
❌ APT Groups Finding Success with Mix of Old and New Tools ❌
📖 Read
via "Threat Post".
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds.📖 Read
via "Threat Post".
Threat Post
APT Groups Finding Success with Mix of Old and New Tools
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds.
🦿 How to use the limited photos picker in iOS 14 for added privacy 🦿
📖 Read
via "Tech Republic".
Ensure apps can only access the photos and albums that you designate by using the new limited photos picker in iOS 14.📖 Read
via "Tech Republic".
TechRepublic
How to use the limited photos picker in iOS 14 for added privacy
Ensure apps can only access the photos and albums that you designate by using the new limited photos picker in iOS 14.
‼ CVE-2020-1908 ‼
📖 Read
via "National Vulnerability Database".
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-1909 ‼
📖 Read
via "National Vulnerability Database".
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.📖 Read
via "National Vulnerability Database".
❌ Oracle Solaris Zero-Day Attack Revealed ❌
📖 Read
via "Threat Post".
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.📖 Read
via "Threat Post".
Threat Post
Oracle Solaris Zero-Day Attack Revealed
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.
🦿 WinZip Mac 8 Pro: Create backups and encrypt sensitive files 🦿
📖 Read
via "Tech Republic".
Mac users can do more than just compress files using WinZip Mac 8 Pro. The program also assists with creating backups and encrypting sensitive files, among other features.📖 Read
via "Tech Republic".
TechRepublic
WinZip Mac 8 Pro: Create backups and encrypt sensitive files
Mac users can do more than just compress files using WinZip Mac 8 Pro. The program also assists with creating backups and encrypting sensitive files, among other features.
🕴 APT Groups Get Innovative -- and More Dangerous -- in 3Q 🕴
📖 Read
via "Dark Reading".
In "curious" trend, more threat actors diversified their tool sets in third quarter than usual.📖 Read
via "Dark Reading".
Dark Reading
APT Groups Get Innovative -- and More Dangerous -- in 3Q
In curious trend, more threat actors diversified their tool sets in third quarter than usual.
‼ CVE-2020-26211 ‼
📖 Read
via "National Vulnerability Database".
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4.📖 Read
via "National Vulnerability Database".
🕴 Securing the 2020 Election: 'We're Not Out of the Woods Yet' 🕴
📖 Read
via "Dark Reading".
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.📖 Read
via "Dark Reading".
Dark Reading
Securing the 2020 Election: 'We're Not Out of the Woods Yet'
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.
‼ CVE-2020-27346 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".