π΄ How to Avoid Getting Killed by Ransomware π΄
π Read
via "Dark Reading".
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.π Read
via "Dark Reading".
Dark Reading
How to Avoid Getting Killed by Ransomware
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
βΌ CVE-2020-4685 βΌ
π Read
via "National Vulnerability Database".
A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625.π Read
via "National Vulnerability Database".
π nfstream 6.2.2 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.2.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-15275 βΌ
π Read
via "National Vulnerability Database".
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27523 βΌ
π Read
via "National Vulnerability Database".
Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27524 βΌ
π Read
via "National Vulnerability Database".
On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services.π Read
via "National Vulnerability Database".
π΄ Former Microsoft Software Engineer Sentenced to 9 Years in Prison π΄
π Read
via "Dark Reading".
The 26-year-old was convicted earlier this year of wire fraud, money laundering, and filing false tax returns, among other charges.π Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
β βInstant bank fraudβ hoax is back β donβt spread fake news! β
π Read
via "Naked Security".
You need to spread the word to your family and friends NOT to spread the word to their family and friendsπ Read
via "Naked Security".
Naked Security
βInstant bank fraudβ hoax is back β donβt spread fake news!
You need to spread the word to your family and friends NOT to spread the word to their family and friends
β Smishing attack tells you βmobile payment problemβ β donβt fall for it! β
π Read
via "Naked Security".
Don't be fooled by a website that looks OK - it's easy for crooks to make an exact copy. (This time, they got just one letter wrong.)π Read
via "Naked Security".
Naked Security
Smishing attack tells you βmobile payment problemβ β donβt fall for it!
Donβt be fooled by a website that looks OK β itβs easy for crooks to make an exact copy. (This time, they got just one letter wrong.)
β Minecraft Apps on Google Play Fleece Players Out of Big Money β
π Read
via "Threat Post".
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.π Read
via "Threat Post".
Threat Post
Minecraft Apps on Google Play Fleece Players Out of Big Money
Seven mobile apps for Android sneakily charge fans of Minecraft and Roblox hundreds of dollars per month.
β Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic β
π Read
via "Threat Post".
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.π Read
via "Threat Post".
Threat Post
Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic
Following a Nov. 3 ransomware attack against Campari, Ragnar Locker group took out public Facebook ads threatening to release stolen data.
β Nvidia Warns Windows Gamers of GeForce NOW Flaw β
π Read
via "Threat Post".
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW.π Read
via "Threat Post".
Threat Post
Nvidia Warns Windows Gamers of GeForce NOW Flaw
Both Nvidia and Intel faced severe security issues this week - including a high-severity bug in Nvidia's GeForce NOW.
βΌ CVE-2020-8353 βΌ
π Read
via "National Vulnerability Database".
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8354 βΌ
π Read
via "National Vulnerability Database".
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8352 βΌ
π Read
via "National Vulnerability Database".
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.π Read
via "National Vulnerability Database".
βΌ CVE-2020-5426 βΌ
π Read
via "National Vulnerability Database".
Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller.π Read
via "National Vulnerability Database".
π΄ 9 New Tactics to Spread Security Awareness π΄
π Read
via "Dark Reading".
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.π Read
via "Dark Reading".
Dark Reading
9 New Tactics to Spread Security Awareness
Employees are often your first line of security defense when the bad guys come calling -- providing your workers are properly trained. Security leaders share how they're raising awareness.
π΄ Barracuda to Acquire Fyde for Zero-Trust Capabilities π΄
π Read
via "Dark Reading".
Plans call for expanding the Barracuda CloudGen SASE platform.π Read
via "Dark Reading".
Dark Reading
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Plans call for expanding the Barracuda CloudGen SASE platform.
π Best Practices for Organizations to Mitigate Risks in Collaboration Software π
π Read
via "Digital Guardian".
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.π Read
via "Digital Guardian".
Digital Guardian
Best Practices for Organizations to Mitigate Risks in Collaboration Software
Many companies are requiring employees to work from home and use collaboration software to communicate. What are the best ways to mitigate risks in collaboration software? We asked 27 experts their best practices.
β Silver Peak SD-WAN Bugs Allow for Network Takeover β
π Read
via "Threat Post".
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.π Read
via "Threat Post".
Threat Post
Silver Peak SD-WAN Bugs Allow for Network Takeover
Three security vulnerabilities can be chained to enable unauthenticated remote code execution.
π΄ 3 Tips For Successfully Running Tech Outside the IT Department π΄
π Read
via "Dark Reading".
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.π Read
via "Dark Reading".
Dark Reading
3 Tips For Successfully Running Tech Outside the IT Department
When marketing opts for extra-departmental IT, coordination and communication are required to keep things secured.