β State-sponsored Threat Groups Target Telcos, Steal 5G Secrets β
π Read
via "Threat Post".
Researchers say China-linked APTs lure victims with bogus Huawei career pages in what they dub βOperation DiΓ nxΓΉnβ.π Read
via "Threat Post".
Threat Post
State-sponsored Threat Groups Target Telcos, Steal 5G Secrets
Researchers say China-linked APTs lure victims with bogus Huawei career pages in what they dub βOperation DiΓ nxΓΉnβ.
βΌ CVE-2020-14358 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35456 βΌ
π Read
via "National Vulnerability Database".
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35455 βΌ
π Read
via "National Vulnerability Database".
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28660 βΌ
π Read
via "National Vulnerability Database".
rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35454 βΌ
π Read
via "National Vulnerability Database".
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20200 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
β Mimecast: SolarWinds Attackers Stole Source Code β
π Read
via "Threat Post".
A new Mimecast update reveals the SolarWinds hackers accessed several "limited" source code repositories.π Read
via "Threat Post".
Threat Post
Mimecast: SolarWinds Attackers Stole Source Code
A new Mimecast update reveals the SolarWinds hackers accessed several "limited" source code repositories.
π΄ COVID, Healthcare Data & the Dark Web: A Toxic Stew π΄
π Read
via "Dark Reading".
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.π Read
via "Dark Reading".
Dark Reading
COVID, Healthcare Data & the Dark Web: A Toxic Stew
The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.
β Bitcoin scammer who hacked celeb Twitter accounts gets 3 years β
π Read
via "Naked Security".
Youngster behind blue-flag Twitter hack of Elon Musk, Bill Gates, Apple Inc. and many others will do three years in prison.π Read
via "Naked Security".
Naked Security
Bitcoin scammer who hacked celeb Twitter accounts gets 3 years
Youngster behind blue-flag Twitter hack of Elon Musk, Bill Gates, Apple Inc. and many others will do three years in prison.
β $4,000 COVID-19 βRelief Checksβ Cloak Dridex Malware β
π Read
via "Threat Post".
The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign.π Read
via "Threat Post".
Threat Post
$4,000 COVID-19 βRelief Checksβ Cloak Dridex Malware
The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign.
π FBI Warns of PYSA Ransomware Targeting Educational Sector π
π Read
via "Digital Guardian".
The FBI provided technical details on the ransomware strain along with indicators of compromise and domains associated with its activity on Tuesday.π Read
via "Digital Guardian".
Digital Guardian
FBI Warns of PYSA Ransomware Targeting Educational Sector
The FBI provided technical details on the ransomware strain along with indicators of compromise and domains associated with its activity on Tuesday.
π΄ Teen Behind Twitter Hack Agrees to Three Years in Prison π΄
π Read
via "Dark Reading".
Graham Ivan Clark was 17 when accused of the attack that targeted several high-profile Twitter accounts.π Read
via "Dark Reading".
Dark Reading
Teen Behind Twitter Hack Agrees to Three Years in Prison
Graham Ivan Clark was 17 when accused of the attack that targeted several high-profile Twitter accounts.
π΄ CISA Urges Caution on Trickbot Campaigns π΄
π Read
via "Dark Reading".
Advisory warns security teams to guard against advanced Trojan malware.π Read
via "Dark Reading".
Dark Reading
CISA Urges Caution on Trickbot Campaigns
Advisory warns security teams to guard against advanced Trojan malware.
π¦Ώ Beware of stalkerware: Stalkers use it to track your every move π¦Ώ
π Read
via "Tech Republic".
Kaspersky warns that with a stalkerware app, another person can spy on your activities and view your personal information.π Read
via "Tech Republic".
TechRepublic
Beware of stalkerware: Stalkers use it to track your every move
Kaspersky warns that with a stalkerware app, another person can spy on your activities and view your personal information.
π¦Ώ Crimeware-as-a-service is the latest ransomware threat π¦Ώ
π Read
via "Tech Republic".
BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.π Read
via "Tech Republic".
TechRepublic
Crimeware-as-a-service is the latest ransomware threat
BlackBerry researchers see more double-extortion ransomware attacks, attackers demanding ransom from healthcare patients, and rising bitcoin prices driving the growth of ransomware.
βΌ CVE-2020-17457 βΌ
π Read
via "National Vulnerability Database".
Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticated attacker can store an XSS payload in the PSCU_FILE_INIT field of a Save Configuration XML document. The payload is triggered in the HTTP error response pages.π Read
via "National Vulnerability Database".
π¦Ώ What consumers really think of the upcoming IDFA opt-in, protecting privacy and smartphone data π¦Ώ
π Read
via "Tech Republic".
App developers need to implement workarounds and create an understanding of the benefits of shared data, according to a new survey from AppsFlyer and Mobile Marketing Association.π Read
via "Tech Republic".
TechRepublic
What consumers really think of the upcoming IDFA opt-in, protecting privacy and smartphone data
App developers need to implement workarounds and create an understanding of the benefits of shared data, according to a new survey from AppsFlyer and Mobile Marketing Association.
π¦Ώ More than 16 million COVID-themed cyberattacks launched in 2020 π¦Ώ
π Read
via "Tech Republic".
A Trend Micro report found that its system dealt with 16.4 million threats that used COVID-19 as a hook.π Read
via "Tech Republic".
TechRepublic
More than 16 million COVID-themed cyberattacks launched in 2020
A Trend Micro report found that its system dealt with 16.4 million threats that used COVID-19 as a hook.
π¦Ώ Eternal Terminal: How to install for persistent SSH connections π¦Ώ
π Read
via "Tech Republic".
If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.π Read
via "Tech Republic".
TechRepublic
How to install Eternal Terminal for persistent SSH connections
If you have trouble with SSH connections breaking, Jack Wallen shows you how you can enjoy a bit more persistence with the help of Eternal Terminal.
βΌ CVE-2019-18235 βΌ
π Read
via "National Vulnerability Database".
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.π Read
via "National Vulnerability Database".