🛡 Cybersecurity & Privacy 🛡 - News

Homebrew: How to install post-exploitation tools on macOS

Learn how to use the Homebrew package manager to install post-exploit security tools on macOS to further assess compromised system vulnerabilities found in your Apple equipment.

290 views18:25

The Most Read Data Insider Blogs of 2020

🔏 The Most Read Data Insider Blogs of 2020 🔏

SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.

📖 Read

via "Digital Guardian".

Digital Guardian

SOX compliance, preventing social engineering attacks, and data classification. In this blog, we count down the most read blogs of 2020.

259 views20:26

🕴 Small Security Teams Have Big Security Fears, CISOs Report 🕴

Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.

📖 Read

via "Dark Reading".

Small Security Teams Have Big Security Fears, CISOs Report

Researchers poll security leaders who are tasked with protecting large organizations but have a small presence and budget.

252 views20:51

❌ 2.28M MeetMindful Daters Compromised in Data Breach ❌

The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.

📖 Read

via "Threat Post".

2.28M MeetMindful Daters Compromised in Data Breach

The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download.

237 views21:14

🦿 Gartner: The future of AI is not as rosy as some might think 🦿

A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.

📖 Read

via "Tech Republic".

Gartner: The future of AI is not as rosy as some might think

A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.

231 views21:25

‼ CVE-2021-21272 ‼

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Users of the affected versions are impacted if they are `oras` CLI users who runs `oras pull`, or if they are Go programs, which invoke `github.com/deislabs/oras/pkg/content.FileStore`. The problem has been fixed in version 0.9.0. For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider. For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider.

📖 Read

via "National Vulnerability Database".

240 views21:34

❌ Outgoing FCC Chair Issues Final Security Salvo Against China ❌

Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.

📖 Read

via "Threat Post".

Outgoing FCC Chair Issues Final Security Salvo Against China

Ajit Pai says Chinese telecom companies ‘biggest national security threat’ for regulators in exit interview.

274 views21:44

🕴 Deloitte & Touche Buys Threat-Hunting Firm 🕴

Root9B (R9B) offers threat hunting and other managed security services.

📖 Read

via "Dark Reading".

Deloitte & Touche Buys Threat-Hunting Firm

Root9B (R9B) offers threat hunting and other managed security services.

331 views21:51

❌ Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’ ❌

Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.

📖 Read

via "Threat Post".

Breaking Down Joe Biden’s $10B Cybersecurity ‘Down Payment’

Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black, talks about the top security challenges facing the US government as a new presidential administration steps in.

397 views22:14

‼ CVE-2021-21275 ‼

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens.

📖 Read

via "National Vulnerability Database".

383 views01:34

🦿 IT leaders see outsourcing cybersecurity as one solution to increased attacks 🦿

A new survey from Syntax found that many decision-makers are not happy with their existing security tools.

📖 Read

via "Tech Republic".

IT leaders see outsourcing cybersecurity as one solution to increased attacks

A new survey from Syntax found that many decision-makers are not happy with their existing security tools and plan to shift from internal teams to MSPs.

350 views13:56

🕴 Startup Offers Free Version of its 'Passwordless' Technology 🕴

Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.

📖 Read

via "Dark Reading".

Startup Offers Free Version of its 'Passwordless' Technology

Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.

290 views14:52

❌ North Korea Targets Security Researchers in Elaborate 0-Day Campaign ❌

Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.

📖 Read

via "Threat Post".

North Korea Targets Security Researchers in Elaborate 0-Day Campaign

Hackers masquerade as security researchers to befriend analysts and eventually infect fully patched systems at multiple firms with a malicious backdoor.

252 views15:15

🕴 Mainframe Security Automation Is Not a Luxury 🕴

As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.

📖 Read

via "Dark Reading".

Mainframe Security Automation Is Not a Luxury

As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.

237 views15:22

🦿 Veritas Technologies adds Flex Scale to NetBackup9 for scale-out functionality 🦿

The data protection company's latest delivers new features on a simplified platform to provide customers with additional choice for deployment across edge, core, and cloud.

📖 Read

via "Tech Republic".

Veritas Technologies adds Flex Scale to NetBackup9 for scale-out functionality

The data protection company's latest delivers new features on a simplified platform to provide customers with additional choice for deployment across edge, core, and cloud.

240 views15:26

🦿 Governors hear about the dangers of a lackluster cybersecurity response, need for FBI coordination 🦿

At a national summit, Louisiana Gov. John Bel Edwards said before his state could test a cyberattack plan, five schools were hit with ransomware.

📖 Read

via "Tech Republic".

Governors hear about the dangers of a lackluster cybersecurity response, need for FBI coordination

At a national summit, Louisiana Gov. John Bel Edwards said before his state could test a cyberattack plan, five schools were hit with ransomware.

249 views15:26

🦿 Bad actors launched an unprecedented wave of DDoS attacks in 2020 🦿

Cybersecurity firm Akamai said in a report that COVID-19 and a newfound reliance on digital tools prompted a spike.

📖 Read

via "Tech Republic".

Bad actors launched an unprecedented wave of DDoS attacks in 2020

Cybersecurity firm Akamai said in a report that COVID-19 and a newfound reliance on digital tools prompted a spike.

264 views15:26

🕴 SAML: The Language You Don't Know You're Speaking 🕴

Security Assertion Markup Language, a protocol most people use daily to log into applications, makes authentication easier for both admins and users.

📖 Read

via "Dark Reading".

Learn SAML: The Language You Don't Know You're Already Speaking

Security Assertion Markup Language, a protocol most people use daily to log into applications, makes authentication easier for both admins and users. Here's what you need to know about SAML (and what it has to do with GoldenSAML).

268 views15:52

🦿 Privacy budgets soared in 2020, doubling to an average of $2.4 million 🦿

93% of organizations turned to privacy teams to help navigate the COVID-19 pandemic, a new Cisco report finds.

📖 Read

via "Tech Republic".

Privacy budgets soared in 2020, doubling to an average of $2.4 million

93% of organizations turned to privacy teams to help navigate the COVID-19 pandemic, a new Cisco report finds.

248 views17:25

‼ CVE-2020-4889 ‼

IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971.

📖 Read

via "National Vulnerability Database".

225 views17:36