βΌ CVE-2020-26298 βΌ
π Read
via "National Vulnerability Database".
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.π Read
via "National Vulnerability Database".
β Millions of Social Profiles Leaked by Chinese Data-Scrapers β
π Read
via "Threat Post".
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.π Read
via "Threat Post".
Threat Post
Millions of Social Profiles Leaked by Chinese Data-Scrapers
A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
π¦Ώ CES 2021: All of the business tech news you need to know π¦Ώ
π Read
via "Tech Republic".
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.π Read
via "Tech Republic".
TechRepublic
CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
βΌ CVE-2020-26050 βΌ
π Read
via "National Vulnerability Database".
SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27637 βΌ
π Read
via "National Vulnerability Database".
The R programming languageΓ’β¬β’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3π Read
via "National Vulnerability Database".
βΌ CVE-2020-16146 βΌ
π Read
via "National Vulnerability Database".
Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btc_blufi_recv_handler function in blufi_prf.c. An attacker can send a crafted BluFi protocol Write Attribute command to characteristic 0xFF01. With manipulated packet fields, there is a buffer overflow.π Read
via "National Vulnerability Database".
π΄ Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas π΄
π Read
via "Dark Reading".
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.π Read
via "Dark Reading".
Dark Reading
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
π΄ US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security π΄
π Read
via "Dark Reading".
How two traditionally disparate security disciplines can be united.π Read
via "Dark Reading".
Dark Reading
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
How two traditionally disparate security disciplines can be united.
π΄ New Tool Sheds Light on AppleScript-Obfuscated Malware π΄
π Read
via "Dark Reading".
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.π Read
via "Dark Reading".
Dark Reading
New Tool Sheds Light on AppleScript-Obfuscated Malware
The AEVT decompiler helped researchers analyze a cryptominer campaign that used AppleScript for obfuscation and will help reverse engineers focused on other Mac OS malware.
π΄ Cartoon: Shakin' It Up at the Office π΄
π Read
via "Dark Reading".
And the winner of our December cartoon caption contest is ...π Read
via "Dark Reading".
Dark Reading
Cartoon: Shakin' It Up at the Office
And the winner of our December cartoon caption contest is ...
π΄ SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack π΄
π Read
via "Dark Reading".
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.π Read
via "Dark Reading".
Dark Reading
SolarWinds Hack Lessons Learned: Finding the Next Supply Chain Attack
The SolarWinds supply chain compromise won't be the last of its kind. Vendors and enterprises alike must learn and refine their detection efforts to find the next such attack.
π΄ Malware Developers Refresh Their Attack Tools π΄
π Read
via "Dark Reading".
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.π Read
via "Dark Reading".
Dark Reading
Malware Developers Refresh Their Attack Tools
Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.
π΄ When It Comes To Security Tools, More Isn't More π΄
π Read
via "Dark Reading".
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.π Read
via "Dark Reading".
Dark Reading
When It Comes To Security Tools, More Isn't More
Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.
π΄ IoT Vendor Ubiquiti Suffers Data Breach π΄
π Read
via "Dark Reading".
Cloud provider hosting "certain" IT systems attacked, company says.π Read
via "Dark Reading".
Dark Reading
IoT Vendor Ubiquiti Suffers Data Breach
Cloud provider hosting certain IT systems attacked, company says.
π΄ Intel's New vPro Processors Aim to Help Defend Against Ransomware π΄
π Read
via "Dark Reading".
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.π Read
via "Dark Reading".
Dark Reading
Intel's New vPro Processors Aim to Help Defend Against Ransomware
The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
π΄ Russian Hacker Sentenced to 12 Years for Role in Breaches of JP Morgan, Others π΄
π Read
via "Dark Reading".
Crimes netted him $19 million overall.π Read
via "Dark Reading".
Dark Reading
Russian Hacker Sentenced to 12 Years for Role in Breaches of JP Morgan, Others
Crimes netted him $19 million overall.
π΄ SolarWinds Hires Chris Krebs and Alex Stamos for Breach Recovery π΄
π Read
via "Dark Reading".
The former US cybersecurity official and former Facebook security chief will help SolarWinds respond to its recent attack and improve security.π Read
via "Dark Reading".
Dark Reading
SolarWinds Hires Chris Krebs and Alex Stamos for Breach Recovery
The former US cybersecurity official and former Facebook security chief will help SolarWinds respond to its recent attack and improve security.
β Ethical Hackers Breach U.N., Access 100,000 Private Records β
π Read
via "Threat Post".
Researchers informed organization of a flaw that exposed GitHub credentials through the organizationβs vulnerability disclosure program.π Read
via "Threat Post".
Threat Post
Ethical Hackers Breach U.N., Access 100,000 Private Records
Researchers informed organization of a flaw that exposed GitHub credentials through the organizationβs vulnerability disclosure program.
β Europol Reveals Dismantling of βLargestβ Underground Marketplace β
π Read
via "Threat Post".
Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace's infrastructure, including more than 20 servers.π Read
via "Threat Post".
Threat Post
Europol Reveals Dismantling of βLargestβ Underground Marketplace
Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace's infrastructure, including more than 20 servers.
π΄ Security Operations Struggle to Defend Value, Keep Workers π΄
π Read
via "Dark Reading".
Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.π Read
via "Dark Reading".
Dark Reading
Security Operations Struggle to Defend Value, Keep Workers
Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.