🛡 Cybersecurity & Privacy 🛡 - News

Simplifying Proactive Defense With Threat Playbooks

FortiGuard Labs’ Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.

158 views17:12

❌ Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data ❌

Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.

📖 Read

via "Threat Post".

Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data

Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.

154 views17:12

🛠 Erlang Bytecode String Converter 🛠

estr2bc is a python script to convert arbitrary string input to Erlang bytecode.

📖 Read

via "Packet Storm Security".

Erlang Bytecode String Converter ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

155 views17:43

‼ CVE-2020-3999 ‼

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

📖 Read

via "National Vulnerability Database".

153 views17:52

‼ CVE-2020-27846 ‼

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

📖 Read

via "National Vulnerability Database".

144 views17:52

‼ CVE-2019-16959 ‼

SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket.

📖 Read

via "National Vulnerability Database".

131 views17:52

‼ CVE-2020-26049 ‼

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution.

📖 Read

via "National Vulnerability Database".

133 views17:52

‼ CVE-2020-35274 ‼

DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.

📖 Read

via "National Vulnerability Database".

132 views17:52

‼ CVE-2020-35276 ‼

EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user.

📖 Read

via "National Vulnerability Database".

135 views17:52

‼ CVE-2020-35275 ‼

Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.

📖 Read

via "National Vulnerability Database".

147 views17:52

‼ CVE-2020-35273 ‼

EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.

📖 Read

via "National Vulnerability Database".

143 views17:52

7 Infamous Moments in Adobe Flash's Security History

🕴 7 Infamous Moments in Adobe Flash's Security History 🕴

End-of-life is here: Adobe's support for Flash is gone as of Jan. 1. Here's what we won't miss about the multimedia software platform.

📖 Read

via "Dark Reading".

Dark Reading

End-of-life is here: Adobe's support for Flash is gone as of Jan. 1. Here's what we won't miss about the multimedia software platform.

133 views20:01

Top 5 tech skills to master in 2021

🦿 The 5 tech skills should you master in 2021 🦿

If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.

📖 Read

via "Tech Republic".

TechRepublic

If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.

172 views20:09

Top 5 tech skills to master in 2021

🦿 Top 5 tech skills to master in 2021 🦿

If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.

📖 Read

via "Tech Republic".

TechRepublic

If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.

121 views20:09

❌ Defending Against State and State-Sponsored Threat Actors ❌

State and state-sponsored threat actors are the apex predators of the cybersecurity world.

📖 Read

via "Threat Post".

Defending Against State and State-Sponsored Threat Actors

Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world.

103 views21:12

🛠 GNU Privacy Guard 2.2.26 🛠

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

📖 Read

via "Packet Storm Security".

GNU Privacy Guard 2.2.26 ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

106 views21:12

🛠 jSQL Injection 0.82 🛠

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the pre-built jar release.

📖 Read

via "Packet Storm Security".

jSQL Injection 0.82 ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

101 views21:12

🛠 jSQL Injection 0.82 Source Code Release 🛠

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

📖 Read

via "Packet Storm Security".

jSQL Injection 0.82 Source Code Release ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

109 views21:12

🛠 Wireshark Analyzer 3.4.2 🛠

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

📖 Read

via "Packet Storm Security".

Wireshark Analyzer 3.4.2 ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

115 views21:12

NSA, CISA Warn of Attacks on Federated Authentication

🕴 NSA, CISA Warn of Attacks on Federated Authentication 🕴

While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.

📖 Read

via "Dark Reading".

Dark Reading

While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.

116 views21:32

❌ Smart Doorbell Disaster: Many Brands Vulnerable to Attack ❌

Investigation reveals device sector is problem plagued when it comes to security bugs.

📖 Read

via "Threat Post".