🦿 Top 5 tech skills to master in 2021 🦿
📖 Read
via "Tech Republic".
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.📖 Read
via "Tech Republic".
TechRepublic
Top 5 tech skills to master in 2021
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
❌ Defending Against State and State-Sponsored Threat Actors ❌
📖 Read
via "Threat Post".
State and state-sponsored threat actors are the apex predators of the cybersecurity world. 📖 Read
via "Threat Post".
Threat Post
Defending Against State and State-Sponsored Threat Actors
Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world.
🛠 GNU Privacy Guard 2.2.26 🛠
📖 Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.📖 Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.26 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 jSQL Injection 0.82 🛠
📖 Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the pre-built jar release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.82 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 jSQL Injection 0.82 Source Code Release 🛠
📖 Read
via "Packet Storm Security".
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
jSQL Injection 0.82 Source Code Release ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Wireshark Analyzer 3.4.2 🛠
📖 Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.2 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 NSA, CISA Warn of Attacks on Federated Authentication 🕴
📖 Read
via "Dark Reading".
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.📖 Read
via "Dark Reading".
Dark Reading
NSA, CISA Warn of Attacks on Federated Authentication
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
❌ Smart Doorbell Disaster: Many Brands Vulnerable to Attack ❌
📖 Read
via "Threat Post".
Investigation reveals device sector is problem plagued when it comes to security bugs.📖 Read
via "Threat Post".
Threat Post
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
Investigation reveals device sector is problem plagued when it comes to security bugs.
‼ CVE-2020-35604 ‼
📖 Read
via "National Vulnerability Database".
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21378 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35605 ‼
📖 Read
via "National Vulnerability Database".
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-21377 ‼
📖 Read
via "National Vulnerability Database".
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35606 ‼
📖 Read
via "National Vulnerability Database".
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.📖 Read
via "National Vulnerability Database".
❌ Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat ❌
📖 Read
via "Threat Post".
A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge.📖 Read
via "Threat Post".
Threat Post
Nosy Ex-Partners Armed with Instagram Passwords Pose a Serious Threat
A survey of single people found almost a third are still logging into their ex’s social-media accounts, some for revenge.
🦿 Cybersecurity pros: Are humans really the weakest link? 🦿
📖 Read
via "Tech Republic".
Some experts argue that users might actually be the most vital link when it comes to certain types of cyberattacks.📖 Read
via "Tech Republic".
TechRepublic
Cybersecurity pros: Are humans really the weakest link?
Some experts argue that users might actually be the most vital link when it comes to certain types of cyberattacks.
🕴 Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report 🕴
📖 Read
via "Dark Reading".
The Wall Street Journal identified 24 businesses so far that have downloaded the SolarWinds software infected with malicious code.📖 Read
via "Dark Reading".
Dark Reading
Cisco, Intel, Deloitte Among Victims of SolarWinds Breach: Report
The Wall Street Journal identified 24 businesses so far that have downloaded the SolarWinds software infected with malicious code.
‼ CVE-2020-8995 ‼
📖 Read
via "National Vulnerability Database".
Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-11717 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2018-7580 ‼
📖 Read
via "National Vulnerability Database".
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26281 ‼
📖 Read
via "National Vulnerability Database".
async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content starting at that offset into the body. One way to exploit this vulnerability would be for an adversary to craft a request such that the body contains a request that would not be noticed by a reverse proxy, allowing it to forge forwarded/x-forwarded headers. If an application trusted the authenticity of these headers, it could be misled by the smuggled request. Another potential concern with this vulnerability is that if a reverse proxy is sending multiple http clients' requests along the same keep-alive connection, it would be possible for the smuggled request to specify a long content and capture another user's request in its body. This content could be captured in a post request to an endpoint that allows the content to be subsequently retrieved by the adversary. This has been addressed in async-h1 2.3.0 and previous versions have been yanked.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35151 ‼
📖 Read
via "National Vulnerability Database".
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.📖 Read
via "National Vulnerability Database".