β SolarWinds Hack Potentially Linked to Turla APT β
π Read
via "Threat Post".
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.π Read
via "Threat Post".
Threat Post
SolarWinds Hack Potentially Linked to Turla APT
Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon.
β Naked Security Live β HTTPS: do we REALLY need it? β
π Read
via "Naked Security".
Here's the latest Naked Security Live video talk - watch now, and please share with your friends!π Read
via "Naked Security".
Naked Security
Naked Security Live β HTTPS: do we REALLY need it?
Hereβs the latest Naked Security Live video talk β watch now, and please share with your friends!
β Researcher Builds Parler Archive Amid Amazon Suspension β
π Read
via "Threat Post".
A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.π Read
via "Threat Post".
Threat Post
Researcher Builds Parler Archive Amid Amazon Suspension
A researcher scraped and archived public Parler posts before the conservative social networking service was taken down by Amazon, Apple and Google.
βΌ CVE-2020-24027 βΌ
π Read
via "National Vulnerability Database".
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.π Read
via "National Vulnerability Database".
βΌ CVE-2020-24025 βΌ
π Read
via "National Vulnerability Database".
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.π Read
via "National Vulnerability Database".
βΌ CVE-2020-13559 βΌ
π Read
via "National Vulnerability Database".
A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23631 βΌ
π Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26298 βΌ
π Read
via "National Vulnerability Database".
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.π Read
via "National Vulnerability Database".
β Millions of Social Profiles Leaked by Chinese Data-Scrapers β
π Read
via "Threat Post".
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.π Read
via "Threat Post".
Threat Post
Millions of Social Profiles Leaked by Chinese Data-Scrapers
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
βΌ CVE-2020-26050 βΌ
π Read
via "National Vulnerability Database".
SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27637 βΌ
π Read
via "National Vulnerability Database".
The R programming languageΓ’β¬β’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3π Read
via "National Vulnerability Database".
βΌ CVE-2020-16146 βΌ
π Read
via "National Vulnerability Database".
Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.π Read
via "National Vulnerability Database".
π΄ Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas π΄
π Read
via "Dark Reading".
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.π Read
via "Dark Reading".
Dark Reading
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
π΄ US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security π΄
π Read
via "Dark Reading".
How two traditionally disparate security disciplines can be united.π Read
via "Dark Reading".
Dark Reading
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
How two traditionally disparate security disciplines can be united.
π΄ New Tool Sheds Light on AppleScript-Obfuscated Malware π΄
π Read
via "Dark Reading".
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.π Read
via "Dark Reading".
Dark Reading
New Tool Sheds Light on AppleScript-Obfuscated Malware
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
π΄ Cartoon: Shakin' It Up at the Office π΄
π Read
via "Dark Reading".
And the winner of our December cartoon caption contest is ...π Read
via "Dark Reading".
Dark Reading
Cartoon: Shakin' It Up at the Office
And the winner of our December cartoon caption contest is ...
π΄ SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack π΄
π Read
via "Dark Reading".
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.π Read
via "Dark Reading".
Dark Reading
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
π΄ Malware Developers Refresh Their Attack Tools π΄
π Read
via "Dark Reading".
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.π Read
via "Dark Reading".
Dark Reading
Malware Developers Refresh Their Attack Tools
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.
π΄ When It Comes To Security Tools, More Isn't More π΄
π Read
via "Dark Reading".
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.π Read
via "Dark Reading".
Dark Reading
When It Comes To Security Tools, More Isn't More
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.