🛡 Cybersecurity & Privacy 🛡 - News

Microsoft President urges tech leaders to follow lessons from Apollo missions and "War Games"

President Brad Smith said that national security is threatened by the industry's inability to learn lessons from the past.

461 views22:54

🕴 Intel Confirms Unauthorized Access of Earnings-Related Data 🕴

News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.

📖 Read

via "Dark Reading".

Intel Confirms Unauthorized Access of Earnings-Related Data

News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.

503 views23:18

🕴 Comparing Different AI Approaches to Email Security 🕴

Get to know the difference between "supervised" and "unsupervised" machine learning.

📖 Read

via "Dark Reading".

Comparing Different AI Approaches to Email Security

Get to know the difference between supervised and unsupervised machine learning.

367 views12:20

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

🛠 AIDE 0.17 🛠

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

📖 Read

via "Packet Storm Security".

Packetstormsecurity

AIDE 0.17 ≈ Packet Storm

368 views15:03

Logwatch 7.5.5 ≈ Packet Storm

🛠 Logwatch 7.5.5 🛠

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

📖 Read

via "Packet Storm Security".

Packetstormsecurity

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

295 views15:03

US administration adds “subliminal” ad to White House website

⚠ US administration adds “subliminal” ad to White House website ⚠

Hiding digital "secrets" where they're supposed to be found is good fun. Just don't hide actual secrets and hope no one will notice!

📖 Read

via "Naked Security".

Naked Security

Hiding digital “secrets” where they’re supposed to be found is good fun. Just don’t hide actual secrets and hope no one will notice!

260 views15:24

How to Better Secure Your Microsoft 365 Environment

🕴 How to Better Secure Your Microsoft 365 Environment 🕴

Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.

📖 Read

via "Dark Reading".

Darkreading

Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.

251 views15:50

Naked Security Live – Don’t let digital jokes turn into digital disasters

⚠ Naked Security Live – Don’t let digital jokes turn into digital disasters ⚠

Here's the latest Naked Security Live video - watch and enjoy!

📖 Read

via "Naked Security".

Naked Security

Here’s the latest Naked Security Live video – watch and enjoy!

239 views15:54

🦿 2021 predictions: Quantifying and prioritizing cyber and business risk 🦿

Every new year brings new challenges surrounding risk management. Learn how to protect your company and its assets with these tips from an industry insider.

📖 Read

via "Tech Republic".

2021 predictions: Quantifying and prioritizing cyber and business risk

Every new year brings new challenges surrounding risk management. Learn how to protect your company and its assets with these tips from an industry insider.

237 views16:55

🦿 Analysts question viability of last-minute executive order from Trump on IaaS companies' foreign users 🦿

In response to the Solar Winds attack, the order forces cloud companies to keep the names, addresses, emails, credit card numbers, and more, any time cloud services are used.

📖 Read

via "Tech Republic".

Analysts question viability of last-minute executive order from Trump on IaaS companies' foreign users

In response to the Solar Winds attack, the order forces cloud companies to keep the names, addresses, emails, credit card numbers, and more, any time cloud services are used.

248 views16:55

❌ SonicWall Breach Stems from ‘Probable’ Zero-Days ❌

The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series.

📖 Read

via "Threat Post".

SonicWall Breach Stems from ‘Probable’ Zero-Days

The security vendor is investigating potential zero-day vulnerabilities in its Secure Mobile Access (SMA) 100 series.

257 views17:13

❌ Cisco DNA Center Bug Opens Enterprises to Remote Attack ❌

The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.

📖 Read

via "Threat Post".

Cisco DNA Center Bug Opens Enterprises to Remote Attack

The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks.

258 views18:13

🦿 Homebrew: How to install post-exploitation tools on macOS 🦿

We'll guide you through the process of using Homebrew package manager to install post-exploit security tools on macOS to further assess compromised system vulnerabilities found in your Apple equipment.

📖 Read

via "Tech Republic".

Homebrew: How to install post-exploitation tools on macOS

Learn how to use the Homebrew package manager to install post-exploit security tools on macOS to further assess compromised system vulnerabilities found in your Apple equipment.

290 views18:25

The Most Read Data Insider Blogs of 2020

🔏 The Most Read Data Insider Blogs of 2020 🔏

SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.

📖 Read

via "Digital Guardian".

Digital Guardian

SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.

259 views20:26

🕴 Small Security Teams Have Big Security Fears, CISOs Report 🕴

Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.

📖 Read

via "Dark Reading".

Small Security Teams Have Big Security Fears, CISOs Report

Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.

252 views20:51

❌ 2.28M MeetMindful Daters Compromised in Data Breach ❌

The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.

📖 Read

via "Threat Post".

2.28M MeetMindful Daters Compromised in Data Breach

The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.

238 views21:14

🦿 Gartner: The future of AI is not as rosy as some might think 🦿

A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.

📖 Read

via "Tech Republic".

Gartner: The future of AI is not as rosy as some might think

A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.

231 views21:25

‼ CVE-2021-21272 ‼

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.

📖 Read

via "National Vulnerability Database".

240 views21:34

❌ Outgoing FCC Chair Issues Final Security Salvo Against China ❌

Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.

📖 Read

via "Threat Post".

Outgoing FCC Chair Issues Final Security Salvo Against China

Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.

274 views21:44

🕴 Deloitte & Touche Buys Threat-Hunting Firm 🕴

Root9B (R9B) offers threat hunting and other managed security services.

📖 Read

via "Dark Reading".

Deloitte & Touche Buys Threat-Hunting Firm

Root9B (R9B) offers threat hunting and other managed security services.

331 views21:51

❌ Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’ ❌

Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.

📖 Read

via "Threat Post".