🛡 Cybersecurity & Privacy 🛡 - News

The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital

Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.

10 views17:04

Wireshark Analyzer 3.4.1 ≈ Packet Storm

🛠 Wireshark Analyzer 3.4.1 🛠

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

📖 Read

via "Packet Storm Security".

Packetstormsecurity

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

9 views17:04

🕴 85,000 MySQL Servers Hit in Active Ransomware Campaign 🕴

Attackers pressure victims into paying ransom by publishing and offering for sale data stolen in a campaign that dates back to January.

📖 Read

via "Dark Reading".

85,000 MySQL Servers Hit in Active Ransomware Campaign

Attackers pressure victims into paying ransom by publishing and offering for sale data stolen in a campaign that dates back to January.

10 views17:04

❌ Critical Cisco Jabber Bug Gets Updated Fix ❌

A series of bugs, patched in September, still allow remote code execution by attackers.

📖 Read

via "Threat Post".

Zero-Click Wormable RCE Vulnerability in Cisco Jabber Gets Fixed, Again

A series of bugs, patched in September, still allow remote code execution by attackers.

11 views17:04

❌ PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers ❌

Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases.

📖 Read

via "Threat Post".

PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers

Ransomware actors behind the attack have breached at least 85,000 MySQL servers, and are currently selling at least compromised 250,000 databases.

13 views17:04

🕴 Poll: Endpoint Agita 🕴

📖 Read

via "Dark Reading".

Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Poll: Endpoint Agita

19 views17:04

Privacy risks persist with DIY COVID-19 contact tracing apps

🦿 Privacy risks persist with DIY COVID-19 contact tracing apps 🦿

Do-it-yourself apps that don't use the official API from Apple and Google raised privacy concerns due to unsecure design, says Guardsquare.

📖 Read

via "Tech Republic".

TechRepublic

Do-it-yourself apps that don't use the official API from Apple and Google raised privacy concerns due to unsecure design, says Guardsquare.

26 views17:04

‼ CVE-2020-12595 ‼

An information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. This affects SMG prior to 10.7.4.

📖 Read

via "National Vulnerability Database".

24 views17:23

‼ CVE-2020-29668 ‼

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

📖 Read

via "National Vulnerability Database".

23 views17:23

‼ CVE-2020-26407 ‼

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project

📖 Read

via "National Vulnerability Database".

16 views17:23

‼ CVE-2020-12594 ‼

A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4.

📖 Read

via "National Vulnerability Database".

14 views17:23

‼ CVE-2020-24445 ‼

AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimâ€™s browser when they browse to the page containing the vulnerable field.

📖 Read

via "National Vulnerability Database".

11 views17:23

❌ Misery of Ransomware Hits Hospitals the Hardest ❌

Ransomware attacks targeting hospitals have exacted a human cost as well as financial.

📖 Read

via "Threat Post".

Misery of Ransomware Hits Hospitals the Hardest

Ransomware attacks targeting hospitals have exacted a human cost as well as financial.

11 views17:23

‼ CVE-2020-8920 ‼

An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' personal information associated with their accounts.

📖 Read

via "National Vulnerability Database".

11 views17:23

‼ CVE-2020-8919 ‼

An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access.

📖 Read

via "National Vulnerability Database".

11 views17:23

🕴 Black Hat Europe: Dark Reading Video News Desk Coverage 🕴

Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.

📖 Read

via "Dark Reading".

Black Hat Europe: Dark Reading Video News Desk Coverage

Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.

14 views17:23

🕴 Google Shares Cloud Security Tips 🕴

Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.

📖 Read

via "Dark Reading".

Google Shares Cloud Security Tips

Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.

12 views17:23

❌ Cyber Monday is Every Monday: Securing the ‘New Normal’ ❌

From eCommerce threats, to security concerns in connected speakers, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.

📖 Read

via "Threat Post".

Cyber Monday is Every Monday: Securing the ‘New Normal’

From eCommerce threats, to attacks at the smart edge, Fortinet researchers discuss the top evolving threats of 2020, heading into the new year.

13 views17:23

S3 Ep10: Hacking iPhones, sunken Enigmas and double scams [Podcast]

⚠ S3 Ep10: Hacking iPhones, sunken Enigmas and double scams [Podcast] ⚠

Latest episode - listen now, and please tell your friends about our podcast.

📖 Read

via "Naked Security".

Naked Security

Latest episode – listen now, and please tell your friends about our podcast.

15 views17:23

🕴 The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital 🕴

Security teams are being challenged by the connected nature of IP devices, and preventing them from being compromised by cybercriminals has become an essential part of keeping people and property safe.

📖 Read

via "Dark Reading".

The Line Between Physical Security & Cybersecurity Blurs as World Gets More Digital

13 views17:23