β Lazarus Affiliate βZINCβ Blamed for Campaign Against Security Researcher β
π Read
via "Threat Post".
New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with βComebackerβ malware.π Read
via "Threat Post".
Threat Post
Lazarus Affiliate βZINCβ Blamed for Campaign Against Security Researcher
New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with βComebackerβ malware.
β The mystery of the missing Perl website β
π Read
via "Naked Security".
A long-running domain supporting the popular programming language Perl has suddenly vanished. We don't yet know how or why.π Read
via "Naked Security".
Naked Security
The mystery of the missing Perl website
A long-running domain supporting the popular programming language Perl has suddenly vanished. We donβt yet know how or why.
π Digital Guardian Named a Top Place to Work in the US π
π Read
via "Digital Guardian".
Digital Guardian was named a top place to work in the United States in 2021!π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Named a Top Place to Work in the US
Digital Guardian was named a top place to work in the United States in 2021!
π΄ Is the Web Supply Chain Next in Line for State-Sponsored Attacks? π΄
π Read
via "Dark Reading".
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.π Read
via "Dark Reading".
Dark Reading
Is the Web Supply Chain Next in Line for State-Sponsored Attacks?
Attackers go after the weak links first, and the Web supply chain provides an abundance of weak links to target.
π Friday Five 1/29 π
π Read
via "Digital Guardian".
Linux bugs, hacker personas, and the Emotet botnet disrupted - catch up on all of the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 1/29
Linux bugs, hacker personas, and the Emotet botnet disrupted - catch up on all of the week's infosec news with the Friday Five!
βΌ CVE-2021-25909 βΌ
π Read
via "National Vulnerability Database".
ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25910 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in the cookie parameter of ZIV AUTOMATION 4CCT-EA6-334126BF allows a local attacker to perform modifications in several parameters of the affected device as an authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25123 βΌ
π Read
via "National Vulnerability Database".
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice addlicense_func function.π Read
via "National Vulnerability Database".
π¦Ώ 6 data categories to learn for faster cybersecurity responses π¦Ώ
π Read
via "Tech Republic".
By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack.π Read
via "Tech Republic".
TechRepublic
5 data categories to learn for faster cybersecurity responses
By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack.
π Friday Five 1/29 π
π Read
via "Digital Guardian".
Linux bugs, hacker personas, and the Emotet botnet disrupted - catch up on all of the week's infosec news with the Friday Five!π Read
via "Digital Guardian".
Digital Guardian
Friday Five 1/29
Linux bugs, hacker personas, and the Emotet botnet disrupted - catch up on all of the week's infosec news with the Friday Five!
π Digital Guardian Named a Top Place to Work in the US π
π Read
via "Digital Guardian".
Digital Guardian was named a top place to work in the United States in 2021!π Read
via "Digital Guardian".
Digital Guardian
Digital Guardian Named a Top Place to Work in the US
Digital Guardian was named a top place to work in the United States in 2021!
π¦Ώ Identifying data terms can improve cybersecurity efficiency π¦Ώ
π Read
via "Tech Republic".
The term "data" is vague. Knowing the types of data helps companies protect themselves and better recover from a cyberattack.π Read
via "Tech Republic".
TechRepublic
5 data categories to learn for faster cybersecurity responses
By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack.
β Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System β
π Read
via "Threat Post".
Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits.π Read
via "Threat Post".
Threat Post
Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System
Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits.
π¦Ώ CISA warns of attacks on cloud-based services π¦Ώ
π Read
via "Tech Republic".
Companies are most vulnerable when employees work from home or use a combination of company and personal devices.π Read
via "Tech Republic".
TechRepublic
CISA warns of attacks on cloud-based services
Companies are most vulnerable when employees work from home or use a combination of company and personal devices.
π¦Ώ SolarWinds attack: Cybersecurity experts share lessons learned and how to protect your business π¦Ώ
π Read
via "Tech Republic".
The highly sophisticated SolarWinds attack was designed to circumvent threat detectionβand it did, for much too long. Two cybersecurity experts share some valuable lessons learned from the attack.π Read
via "Tech Republic".
π¦Ώ Is your boss spying on you? It's possible, and privacy laws aren't there yet π¦Ώ
π Read
via "Tech Republic".
Some companies are using monitoring software to keep tabs on employees working from home. Some organizations are crying foul.π Read
via "Tech Republic".
TechRepublic
Is your boss spying on you? It's possible, and privacy laws aren't there yet
Some companies are using monitoring software to keep tabs on employees working from home. Some organizations are crying foul.
π¦Ώ Vishing: FBI says beware of voice phishing at large organizations π¦Ώ
π Read
via "Tech Republic".
Attackers are tricking employees into logging into phishing sites.π Read
via "Tech Republic".
TechRepublic
Vishing: FBI says beware of voice phishing at large organizations
Attackers are tricking employees into logging into phishing sites.
βΌ CVE-2021-3345 βΌ
π Read
via "National Vulnerability Database".
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt before 1.9.1 has a heap-based buffer overflow when the digest final function sets a large count value.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20586 βΌ
π Read
via "National Vulnerability Database".
Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-*V*D" of RV-*FR***-D-* all versions, controller "CR800-*HD" of RH-*FRH***-D-* all versions, controller "CR800-*HRD" of RH-*FRHR***-D-* all versions, controller "CR800-*V*R with R16RTCPU" of RV-*FR***-R-* all versions, controller "CR800-*HR with R16RTCPU" of RH-*FRH***-R-* all versions, controller "CR800-*HRR with R16RTCPU" of RH-*FRHR***-R-* all versions, controller "CR800-*V*Q with Q172DSRCPU" of RV-*FR***-Q-* all versions, controller "CR800-*HQ with Q172DSRCPU" of RH-*FRH***-Q-* all versions, controller "CR800-*HRQ with Q172DSRCPU" of RH-*FRHR***-Q-* all versions) and a robot controller of MELFA CR Series(controller "CR800-CVD" of RV-8CRL-D-* all versions, controller "CR800-CHD" of RH-*CRH**-D-* all versions) as well as a cooperative robot ASSISTA(controller "CR800-05VD" of RV-5AS-D-* all versions) allows a remote unauthenticated attacker to cause a DoS of the execution of the robot program and the Ethernet communication by sending a large amount of packets in burst over a short period of time. As a result of DoS, an error may occur. A reset is required to recover it if the error occurs.π Read
via "National Vulnerability Database".
β Industrial Gear at Risk from Fuji Code-Execution Bugs β
π Read
via "Threat Post".
Fuji Electricβs Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.π Read
via "Threat Post".
Threat Post
Industrial Gear at Risk from Fuji Code-Execution Bugs
Fuji Electricβs Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.
βΌ CVE-2021-3346 βΌ
π Read
via "National Vulnerability Database".
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.π Read
via "National Vulnerability Database".