🛡 Cybersecurity & Privacy 🛡 - News

Oracle Solaris Zero-Day Attack Revealed

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.

179 views21:48

WinZip Mac 8 Pro: Create backups and encrypt sensitive files

🦿 WinZip Mac 8 Pro: Create backups and encrypt sensitive files 🦿

Mac users can do more than just compress files using WinZip Mac 8 Pro. The program also assists with creating backups and encrypting sensitive files, among other features.

📖 Read

via "Tech Republic".

TechRepublic

Mac users can do more than just compress files using WinZip Mac 8 Pro. The program also assists with creating backups and encrypting sensitive files, among other features.

186 views22:31

🕴 APT Groups Get Innovative -- and More Dangerous -- in 3Q 🕴

In "curious" trend, more threat actors diversified their tool sets in third quarter than usual.

📖 Read

via "Dark Reading".

APT Groups Get Innovative -- and More Dangerous -- in 3Q

In curious trend, more threat actors diversified their tool sets in third quarter than usual.

178 views23:34

‼ CVE-2020-26211 ‼

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4.

📖 Read

via "National Vulnerability Database".

227 views23:40

🕴 Securing the 2020 Election: 'We're Not Out of the Woods Yet' 🕴

Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.

📖 Read

via "Dark Reading".

Securing the 2020 Election: 'We're Not Out of the Woods Yet'

Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.

233 views00:04

‼ CVE-2020-27346 ‼

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

📖 Read

via "National Vulnerability Database".

221 views06:41

❌ Police to Livestream Ring Camera Footage of Mississippi Residents ❌

Pilot program again sparks privacy fears from ACLU as Amazon takes its partnership with law enforcement to the next level.

📖 Read

via "Threat Post".

Police to Livestream Ring Camera Footage of Mississippi Residents

A Mississippi pilot program that allows police to livestream private camera footage sparks privacy fears from the ACLU.

219 views14:22

Naked Security – Sophos News

⚠ Another Chrome zero-day, this time on Android – check your version! ⚠

Another week, another Chrome zero-day, this time on your phone.

📖 Read

via "Naked Security".

Sophos News

190 views14:22

❌ Code42 Incydr Series: Why Most Companies Can’t Stop Departing Employee Data Theft ❌

According to Code42’s Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.

📖 Read

via "Threat Post".

Code42 Incydr Series: Why Most Companies Can’t Stop Departing Employee Data Theft

According to Code42’s Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.

190 views14:22

🕴 CSA Moves to Redefine Cloud-Based Intelligence 🕴

The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.

📖 Read

via "Dark Reading".

CSA Moves to Redefine Cloud-Based Intelligence

The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.

189 views15:06

Sifter 10.6m ≈ Packet Storm

🛠 Sifter 10.6m 🛠

Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

📖 Read

via "Packet Storm Security".

Packetstormsecurity

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

199 views16:06

❌ VMware Issues Updated Fix For Critical ESXi Flaw ❌

A previous fix for the critical remote code execution bug was "incomplete," according to VMware.

📖 Read

via "Threat Post".

VMware Issues Updated Fix For Critical ESXi Flaw

A previous fix for the critical remote code execution bug was "incomplete," according to VMware.

189 views16:23

❌ Toymaker Mattel Hit by Ransomware Attack ❌

Financial disclosure filings describe a ransomware attack that delivered a weak punch.

📖 Read

via "Threat Post".

Toymaker Mattel Hit by Ransomware Attack

Financial disclosure filings describe a ransomware attack that delivered weak punch.

180 views16:53

🕴 Containers for Data Analysis Are Rife With Vulnerabilities 🕴

Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.

📖 Read

via "Dark Reading".

Containers for Data Analysis Are Rife With Vulnerabilities

Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.

189 views17:06

‼ CVE-2020-2314 ‼

Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

📖 Read

via "National Vulnerability Database".

185 views17:42

🕴 Prepare for the Unexpected: Costs to Consider in Security Budgets 🕴

Organizations that update business models to include cybersecurity as part of a strategic planning process may be able to better withstand unexpected disruptions.

📖 Read

via "Dark Reading".

Prepare for the Unexpected: Costs to Consider in Security Budgets

Organizations that update business models to include cybersecurity as part of a strategic planning process may be able to better withstand unexpected disruptions.

181 views19:37

Logistics Firm Claims Former Exec Took Secrets to Start New Firm

🔏 Logistics Firm Claims Former Exec Took Secrets to Start New Firm 🔏

This US logistics company claims a former board member stole company secrets to set up his own competitor.

📖 Read

via "Digital Guardian".

Digital Guardian

This US logistics company claims a former board member stole company secrets to set up his own competitor.

167 views19:41

‼ CVE-2020-22274 ‼

JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.

📖 Read

via "National Vulnerability Database".

157 views19:44

‼ CVE-2020-22273 ‼

Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)

📖 Read

via "National Vulnerability Database".

159 views19:44

‼ CVE-2020-22276 ‼

WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.

📖 Read

via "National Vulnerability Database".

159 views19:44