β Two Chrome Browser Updates Plugs Holes Actively Targeted by Exploits β
π Read
via "Threat Post".
Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.π Read
via "Threat Post".
Threat Post
Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits
Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.
π What is SOC 2? π
π Read
via "Digital Guardian".
SOC 2 is a set of compliance requirements for companies that use cloud-based storage of customer data. Learn about the basics of SOC 2 and best practices in this week's Data Protection 101!π Read
via "Digital Guardian".
π΄ Oracle Issues Out-of-Band Update for Remote-Access Vulnerability π΄
π Read
via "Dark Reading".
The exploit could give an attacker complete control of vulnerable WebLogic servers.π Read
via "Dark Reading".
Dark Reading
Oracle Issues Out-of-Band Update for Remote-Access Vulnerability
The exploit could give an attacker complete control of vulnerable WebLogic servers.
β 34M Records from 17 Companies Up for Sale in Cybercrime Forum β
π Read
via "Threat Post".
A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove.π Read
via "Threat Post".
Threat Post
34M Records from 17 Companies Up for Sale in Cybercrime Forum
A diverse set of companies, including an adaptive-learning platform in Brazil, an online grocery service in Singapore and a cold-brew coffee-maker company, are caught up in the large data trove.
π΄ Neustar Agrees to Buy Verisign's Public DNS Service π΄
π Read
via "Dark Reading".
The address space for Verisign Public DNS will be incorporated into Neustar's UltraDNS Public service following the acquisition.π Read
via "Dark Reading".
Dark Reading
Neustar Agrees to Buy Verisign's Public DNS Service
The address space for Verisign Public DNS will be incorporated into Neustar's UltraDNS Public service following the acquisition.
β APT Groups Finding Success with Mix of Old and New Tools β
π Read
via "Threat Post".
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds.π Read
via "Threat Post".
Threat Post
APT Groups Finding Success with Mix of Old and New Tools
The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds.
π¦Ώ How to use the limited photos picker in iOS 14 for added privacy π¦Ώ
π Read
via "Tech Republic".
Ensure apps can only access the photos and albums that you designate by using the new limited photos picker in iOS 14.π Read
via "Tech Republic".
TechRepublic
How to use the limited photos picker in iOS 14 for added privacy
Ensure apps can only access the photos and albums that you designate by using the new limited photos picker in iOS 14.
βΌ CVE-2020-1908 βΌ
π Read
via "National Vulnerability Database".
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.π Read
via "National Vulnerability Database".
βΌ CVE-2020-1909 βΌ
π Read
via "National Vulnerability Database".
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.π Read
via "National Vulnerability Database".
β Oracle Solaris Zero-Day Attack Revealed β
π Read
via "Threat Post".
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.π Read
via "Threat Post".
Threat Post
Oracle Solaris Zero-Day Attack Revealed
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.
π¦Ώ WinZip Mac 8 Pro: Create backups and encrypt sensitive files π¦Ώ
π Read
via "Tech Republic".
Mac users can do more than just compress files using WinZip Mac 8 Pro. The program also assists with creating backups and encrypting sensitive files, among other features.π Read
via "Tech Republic".
TechRepublic
WinZip Mac 8 Pro: Create backups and encrypt sensitive files
Mac users can do more than just compress files using WinZip Mac 8 Pro. The program also assists with creating backups and encrypting sensitive files, among other features.
π΄ APT Groups Get Innovative -- and More Dangerous -- in 3Q π΄
π Read
via "Dark Reading".
In "curious" trend, more threat actors diversified their tool sets in third quarter than usual.π Read
via "Dark Reading".
Dark Reading
APT Groups Get Innovative -- and More Dangerous -- in 3Q
In curious trend, more threat actors diversified their tool sets in third quarter than usual.
βΌ CVE-2020-26211 βΌ
π Read
via "National Vulnerability Database".
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4.π Read
via "National Vulnerability Database".
π΄ Securing the 2020 Election: 'We're Not Out of the Woods Yet' π΄
π Read
via "Dark Reading".
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.π Read
via "Dark Reading".
Dark Reading
Securing the 2020 Election: 'We're Not Out of the Woods Yet'
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.
βΌ CVE-2020-27346 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
β Police to Livestream Ring Camera Footage of Mississippi Residents β
π Read
via "Threat Post".
Pilot program again sparks privacy fears from ACLU as Amazon takes its partnership with law enforcement to the next level.π Read
via "Threat Post".
Threat Post
Police to Livestream Ring Camera Footage of Mississippi Residents
A Mississippi pilot program that allows police to livestream private camera footage sparks privacy fears from the ACLU.
β Another Chrome zero-day, this time on Android β check your version! β
π Read
via "Naked Security".
Another week, another Chrome zero-day, this time on your phone.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Code42 Incydr Series: Why Most Companies Canβt Stop Departing Employee Data Theft β
π Read
via "Threat Post".
According to Code42βs Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.π Read
via "Threat Post".
Threat Post
Code42 Incydr Series: Why Most Companies Canβt Stop Departing Employee Data Theft
According to Code42βs Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.
π΄ CSA Moves to Redefine Cloud-Based Intelligence π΄
π Read
via "Dark Reading".
The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.π Read
via "Dark Reading".
Dark Reading
CSA Moves to Redefine Cloud-Based Intelligence
The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.
π Sifter 10.6m π
π Read
via "Packet Storm Security".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Read
via "Packet Storm Security".
Packetstormsecurity
Sifter 10.6m β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β VMware Issues Updated Fix For Critical ESXi Flaw β
π Read
via "Threat Post".
A previous fix for the critical remote code execution bug was "incomplete," according to VMware.π Read
via "Threat Post".
Threat Post
VMware Issues Updated Fix For Critical ESXi Flaw
A previous fix for the critical remote code execution bug was "incomplete," according to VMware.