π΄ Breach Data Highlights a Pivot to Orgs Over Individuals π΄
π Read
via "Dark Reading".
In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.π Read
via "Dark Reading".
Dark Reading
Breach Data Highlights a Pivot to Orgs Over Individuals
In 2020, breaches were down by 19%, while the impact of those compromises -- measured in people affected -- fell by nearly two-thirds.
β LogoKit Simplifies Office 365, SharePoint βLoginβ Phishing Pages β
π Read
via "Threat Post".
A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals.π Read
via "Threat Post".
Threat Post
LogoKit Simplifies Office 365, SharePoint βLoginβ Phishing Pages
A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals.
β Utah Ponders Making Online βCatfishingβ a Crime β
π Read
via "Threat Post".
Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow.π Read
via "Threat Post".
Threat Post
Utah Ponders Making Online βCatfishingβ a Crime
Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow.
β Cybersecurity tips for university students β
π Read
via "Naked Security".
An informal survey of 15 students suggested that most were unconcerned about cybersecurity. Don't be one of them!π Read
via "Naked Security".
Naked Security
Cybersecurity tips for university students
An informal survey of 15 students suggested that most were unconcerned about cybersecurity. Donβt be one of them!
π¦Ώ The top 5 reasons data privacy should be practiced every day π¦Ώ
π Read
via "Tech Republic".
Working from home because of the pandemic has led to sensitive corporate information being stored on private devices, and experts say protecting data must become a business imperative.π Read
via "Tech Republic".
TechRepublic
The top 5 reasons data privacy should be practiced every day
Working from home because of the pandemic has led to sensitive corporate information being stored on private devices, and experts say protecting data must become a business imperative.
π¦Ώ How to protect your organization's remote endpoints against ransomware π¦Ώ
π Read
via "Tech Republic".
A lack of visibility into remote endpoints can leave your organization vulnerable to ransomware attacks, says security provider Illumio.π Read
via "Tech Republic".
TechRepublic
How to protect your organization's remote endpoints against ransomware
A lack of visibility into remote endpoints can leave your organization vulnerable to ransomware attacks, says security provider Illumio.
βΌ CVE-2021-22875 βΌ
π Read
via "National Vulnerability Database".
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22874 βΌ
π Read
via "National Vulnerability Database".
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.π Read
via "National Vulnerability Database".
π¦Ώ Data Privacy Day: 10 experts give advice for protecting your business π¦Ώ
π Read
via "Tech Republic".
Data Privacy Day is dedicated to achieving sound privacy practices to protect businesses and customers. Learn insights from 10 experts in the field to help safeguard your company.π Read
via "Tech Republic".
TechRepublic
Data Privacy Day: 10 experts give advice for protecting your business
Data Privacy Day is dedicated to achieving sound privacy practices to protect businesses and customers. Learn insights from 10 experts in the field to help safeguard your company.
π¦Ώ How to install and use ClamAV on Ubuntu Server 20.04 π¦Ώ
π Read
via "Tech Republic".
Your Linux servers could use a system to scan for malicious files. Jack Wallen shows you how with the help of ClamAV.π Read
via "Tech Republic".
TechRepublic
How to install and use ClamAV on Ubuntu Server 20.04
Your Linux servers could use a system to scan for malicious files. Jack Wallen shows you how with the help of ClamAV.
β Rocke Groupβs Malware Now Has Worm Capabilities β
π Read
via "Threat Post".
The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.π Read
via "Threat Post".
Threat Post
Rocke Groupβs Malware Now Has Worm Capabilities
The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.
βΌ CVE-2020-1723 βΌ
π Read
via "National Vulnerability Database".
The logout endpoint /oauth/logout?redirect=url can be abused to redirect logged in users to arbitrary web pages. This vulnerability could be used in phishing attacks. Versions shipped with Red Hat Mobile Aplication Platform 4 are believed to be vulnerable.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20183 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20187 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25016 βΌ
π Read
via "National Vulnerability Database".
There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3160 βΌ
π Read
via "National Vulnerability Database".
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26272 βΌ
π Read
via "National Vulnerability Database".
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35517 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36115 βΌ
π Read
via "National Vulnerability Database".
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25647 βΌ
π Read
via "National Vulnerability Database".
Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20184 βΌ
π Read
via "National Vulnerability Database".
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.π Read
via "National Vulnerability Database".