π΄ What You Need to Know About California's New Privacy Rules π΄
π Read
via "Dark Reading".
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.π Read
via "Dark Reading".
Dark Reading
What You Need to Know About California's New Privacy Rules
Proposition 24 will change Californians' rights and business's responsibilities regarding consumer data protection.
β Chrome browser has a New Yearβs resolution: HTTPS by default β
π Read
via "Naked Security".
If snooping and falsifying web traffic is so easy when plain old HTTP is used, why do we still have HTTP at all?π Read
via "Naked Security".
Naked Security
Chrome browser has a New Yearβs resolution: HTTPS by default
If snooping and falsifying web traffic is so easy when plain old HTTP is used, why do we still have HTTP at all?
β ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands β
π Read
via "Threat Post".
At least 6,500 cryptocurrency users have been infected by new, 'extremely intrusive' malware that's spread via trojanized macOS, Windows and Linux apps.π Read
via "Threat Post".
Threat Post
ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands
At least 6,500 cryptocurrency users have been infected by new, 'extremely intrusive' malware that's spread via trojanized macOS, Windows and Linux apps.
β Major Gaming Companies Hit with Ransomware Linked to APT27 β
π Read
via "Threat Post".
Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamous APT27 threat group.π Read
via "Threat Post".
Threat Post
Major Gaming Companies Hit with Ransomware Linked to APT27
Researchers say a recent attack targeting videogaming developers has 'strong links' to the infamous APT27 threat group.
π ZyXEL Godmode Backdoor Account Scanner π
π Read
via "Packet Storm Security".
zyHell is a perl script that scans for the ZyXEL godmode backdoor account.π Read
via "Packet Storm Security".
Packetstormsecurity
ZyXEL Godmode Backdoor Account Scanner β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π URLCrazy Domain Name Typo Tool 0.7.2 π
π Read
via "Packet Storm Security".
URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.π Read
via "Packet Storm Security".
Packetstormsecurity
URLCrazy Domain Name Typo Tool 0.7.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-13541 βΌ
π Read
via "National Vulnerability Database".
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2020-7202 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35488 βΌ
π Read
via "National Vulnerability Database".
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)π Read
via "National Vulnerability Database".
βΌ CVE-2020-4761 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26046 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3021 βΌ
π Read
via "National Vulnerability Database".
ISPConfig before 3.2.2 allows SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13539 βΌ
π Read
via "National Vulnerability Database".
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via Γ’β¬œWIN-911 Mobile RuntimeΓ’β¬οΏ½ service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4899 βΌ
π Read
via "National Vulnerability Database".
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26045 βΌ
π Read
via "National Vulnerability Database".
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13540 βΌ
π Read
via "National Vulnerability Database".
An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.π Read
via "National Vulnerability Database".
βΌ CVE-2019-4728 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with SYSTEM privileges. IBM X-Force ID: 172452.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4762 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896.π Read
via "National Vulnerability Database".
π¦Ώ How to enable biometric login with Bitwarden π¦Ώ
π Read
via "Tech Republic".
If you'd rather not have to enter your password every time you open the Bitwarden password manager on your mobile device, Jack Wallen shows you how to enable biometric login.π Read
via "Tech Republic".
TechRepublic
How to enable biometric login with Bitwarden
If you'd rather not have to enter your password every time you open the Bitwarden password manager on your mobile device, Jack Wallen shows you how to enable biometric login.
π¦Ώ Why you should use SCP to securely transfer files π¦Ώ
π Read
via "Tech Republic".
If you're still using unsecured copy methods to transfer data to and from client devices, there's no better time to learn SCP. Here's why it's beneficial to encrypt your transfers.π Read
via "Tech Republic".
TechRepublic
Why you should use SCP to securely transfer files
If you're still using unsecured copy methods to transfer data to and from client devices, there's no better time to learn SCP. Here's why it's beneficial to encrypt your transfers.
π¦Ώ Cybercriminals use psychology--cybersecurity pros should, too π¦Ώ
π Read
via "Tech Republic".
Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.π Read
via "Tech Republic".
TechRepublic
Cybercriminals use psychology--cybersecurity pros should, too
Most successful cybercrimes leverage known human weaknesses. Isn't it time we stop getting psyched by the bad guys? Here are five steps cybersecurity pros can take now.