β When zombie malware leads to big-money ransomware attacks β
π Read
via "Naked Security".
SophosLabs investigates SystemBC, a malware utility for launching fileless malware attacks, including big-money ransomware.π Read
via "Naked Security".
Naked Security
When zombie malware leads to big-money ransomware attacks
SophosLabs investigates SystemBC, a malware utility for launching fileless malware attacks, including big-money ransomware.
π¦Ώ How to protect your organization following the SolarWinds compromise π¦Ώ
π Read
via "Tech Republic".
Whether your organization uses the vulnerable SolarWinds software or you want to defend yourself against similar exploits, here are recommendations from four sources.π Read
via "Tech Republic".
TechRepublic
How to protect your organization following the SolarWinds compromise
Whether your organization uses the vulnerable SolarWinds software or you want to defend yourself against similar exploits, here are recommendations from four sources.
β 3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons β
π Read
via "Threat Post".
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.π Read
via "Threat Post".
Threat Post
3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.
β Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr β
π Read
via "Threat Post".
The massive shift to remote work has turbocharged the shadow IT problem.π Read
via "Threat Post".
Threat Post
Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr
The massive shift to remote work has turbocharged the shadow IT problem.
β Cryptologists Crack Zodiac Killerβs 340 Cipher β
π Read
via "Threat Post".
The Zodiacβs serial killerβs 340 cipher, which couldnβt be solved for 50 years, has been cracked by a remote team of mathematicians.π Read
via "Threat Post".
Threat Post
Cryptologists Crack Zodiac Killerβs 340 Cipher
The Zodiacβs serial killerβs 340 cipher, which couldnβt be solved for 50 years, has been cracked by a remote team of mathematicians.
βΌ CVE-2020-22083 βΌ
π Read
via "National Vulnerability Database".
jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function.π Read
via "National Vulnerability Database".
π¦Ώ The worst bugs in the top programming languages π¦Ώ
π Read
via "Tech Republic".
A heatmap shows PHP has the most flaws followed by C++, then Java, .Net, JavaScript, and Python in Veracode's annual security report.π Read
via "Tech Republic".
TechRepublic
The worst bugs in the top programming languages
A heatmap shows PHP has the most flaws followed by C++, then Java, .Net, JavaScript, and Python in Veracode's annual security report.
π΄ 51% of WFH Parents Say Children Have Accessed Work Accounts π΄
π Read
via "Dark Reading".
In addition, 14% of surveyed parents who are working from home say their children have access to their work devices, new data shows.π Read
via "Dark Reading".
Dark Reading
51% of WFH Parents Say Children Have Accessed Work Accounts
In addition, 14% of surveyed parents who are working from home say their children have access to their work devices, new data shows.
π΄ Rising to the Challenge: Perspectives from Security Leaders on 2020 and Beyond π΄
π Read
via "Dark Reading".
For those who work in the security industry 2020 has been a particularly challenging year. Chris Price talks to five industry leaders from different perspectives in the sector about how they coped with COVID and asks them to look forward to 2021.π Read
via "Dark Reading".
Dark Reading
Rising to the Challenge: Perspectives from Security Leaders on 2020 and Beyond
For those who work in the security industry 2020 has been a particularly challenging year. Chris Price talks to five industry leaders from different perspectives in the sector about how they coped with COVID and asks them to look forward to 2021.
π Zed Attack Proxy 2.10.0 Cross Platform Package π
π Read
via "Packet Storm Security".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.π Read
via "Packet Storm Security".
Packetstormsecurity
Zed Attack Proxy 2.10.0 Cross Platform Package β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π DoppelPaymer Ransomware Gang Threatening Victims π
π Read
via "Digital Guardian".
In a recent FBI note the agency outlined how DoppelPaymer ransomware attacks have impacted critical infrastructure - and the lengths the attackers have gone to get paid.π Read
via "Digital Guardian".
Digital Guardian
DoppelPaymer Ransomware Gang Threatening Victims
In a recent FBI note the agency outlined how DoppelPaymer ransomware attacks have impacted critical infrastructure - and the lengths the attackers have gone to get paid.
π΄ CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach π΄
π Read
via "Dark Reading".
Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software.π Read
via "Dark Reading".
Dark Reading
CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach
Agency says it has evidence of additional initial access vectors besides SolarWinds' Orion software.
π¦Ώ How to quickly encrypt text for Apple Mail π¦Ώ
π Read
via "Tech Republic".
Jack Wallen shows you how easy it can be to encrypt text to be sent via email, using Apple Mail and the GPG Suite.π Read
via "Tech Republic".
TechRepublic
How to quickly encrypt text for Apple Mail
Jack Wallen shows you how easy it can be to encrypt text to be sent via email, using Apple Mail and the GPG Suite.
β RubyGems Packages Laced with Bitcoin-Stealing Malware β
π Read
via "Threat Post".
Two malicious software building blocks that could be baked into web applications prey on unsuspecting users.π Read
via "Threat Post".
Threat Post
RubyGems Packages Laced with Bitcoin-Stealing Malware
Two malicious software building blocks that could be baked into web applications prey on unsuspecting users.
β Air-Gap Attack Turns Memory Modules into Wi-Fi Radios β
π Read
via "Threat Post".
Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers.π Read
via "Threat Post".
Threat Post
Air-Gap Attack Turns Memory Modules into Wi-Fi Radios
Attack turns SDRAM buses into a Wi-Fi radio to leak data from air-gapped computers.
βΌ CVE-2020-15292 βΌ
π Read
via "National Vulnerability Database".
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15294 βΌ
π Read
via "National Vulnerability Database".
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-15293 βΌ
π Read
via "National Vulnerability Database".
Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.π Read
via "National Vulnerability Database".
β Police Vouch for Hacker Who Guessed Trumpβs Twitter Password β
π Read
via "Threat Post".
No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trumpβs Twitter account by guessing his password, βMAGA2020!β last October.π Read
via "Threat Post".
Threat Post
Police Vouch for Hacker Who Guessed Trumpβs Twitter Password
No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trumpβs Twitter account by guessing his password, βMAGA2020!β last October.
π΄ XDR 101: What's the Big Deal About Extended Detection & Response? π΄
π Read
via "Dark Reading".
Extended Detection and Response (XDR) could be the security management technology of your dreams...or not. What makes this technical 'evolution' so interesting to so many companies?π Read
via "Dark Reading".
Dark Reading
XDR 101: What's the Big Deal About Extended Detection & Response?
Extended Detection and Response (XDR) could be the security management technology of your dreams...or not. What makes this technical 'evolution' so interesting to so many companies?
π¦Ώ How using tactical literacy makes it harder for cybercriminals to fool end users π¦Ώ
π Read
via "Tech Republic".
End users just want to do their job, not become cybersecurity experts. When providing users with cybersecurity help, keep these tips in mind.π Read
via "Tech Republic".
TechRepublic
How using tactical literacy makes it harder for cybercriminals to fool end users
End users just want to do their job, not become cybersecurity experts. When providing users with cybersecurity help, keep these tips in mind.