π¦Ώ Why employees need counterespionage training π¦Ώ
π Read
via "Tech Republic".
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.π Read
via "Tech Republic".
TechRepublic
Why employees need counterespionage training
Two experts are concerned that employees are no match for nation-state spy services tasked with obtaining a company's vital intellectual property.
βΌ CVE-2021-32682 βΌ
π Read
via "National Vulnerability Database".
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.π Read
via "National Vulnerability Database".
π΄ New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards' π΄
π Read
via "Dark Reading".
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.π Read
via "Dark Reading".
Dark Reading
New Top 20 Secure-Coding List Positions PLCs as Plant 'Bodyguards'
Best practices guide encompasses integrity, hardening, resilience, and monitoring of PLCs in industrial networks.
π Colorado Passes State Privacy Act, Poised to Become Law π
π Read
via "".
Once it's signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.π Read
via "".
Digital Guardian
Colorado Passes State Privacy Act, Poised to Become Law
Once it's signed into law, the bill will become the third comprehensive state privacy law in the U.S. after California and Virginia.
π΄ Google Workspace Adds Client-Side Encryption π΄
π Read
via "Dark Reading".
Users given control over encryption keys, Google says.π Read
via "Dark Reading".
Dark Reading
Google Workspace Adds Client-Side Encryption
Users given control over encryption keys, Google says.
βΌ CVE-2021-21556 βΌ
π Read
via "National Vulnerability Database".
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.π Read
via "National Vulnerability Database".
β Utilities βConcerninglyβ at Risk from Active Exploits β
π Read
via "Threat Post".
Utilitiesβ vulnerability to application exploits goes from bad to worse in just weeks. π Read
via "Threat Post".
Threat Post
Utilities βConcerninglyβ at Risk from Active Exploits
Utilitiesβ vulnerability to application exploits goes from bad to worse in just weeks.
π΄ Cyber Analytics Database Exposed 5 Billion Records Online π΄
π Read
via "Dark Reading".
In an ironic twist, Cognyte's data alerts customers to third-party data exposures.π Read
via "Dark Reading".
βΌ CVE-2021-0324 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android SoCAndroid ID: A-175402462π Read
via "National Vulnerability Database".
βΌ CVE-2021-0467 βΌ
π Read
via "National Vulnerability Database".
In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700π Read
via "National Vulnerability Database".
π΄ VPN Attacks Surged in First Quarter π΄
π Read
via "Dark Reading".
But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.π Read
via "Dark Reading".
Dark Reading
VPN Attacks Surged in First Quarter
But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.
βΌ CVE-2021-34693 βΌ
π Read
via "National Vulnerability Database".
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27887 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victimΓ’β¬β’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31618 βΌ
π Read
via "National Vulnerability Database".
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.π Read
via "National Vulnerability Database".
β Apple Hurries Patches for Safari Bugs Under Active Attack β
π Read
via "Threat Post".
Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.π Read
via "Threat Post".
Threat Post
Apple Hurries Patches for Safari Bugs Under Active Attack
Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.
β βFace of Anonymousβ suspect deported from Mexico to face US hacking charges β
π Read
via "Naked Security".
After nearly a decade as a US expat dubbed "The Face of Anoynmous", he's back in the US facing cybercrime charges from almost a decade ago.π Read
via "Naked Security".
Naked Security
βFace of Anonymousβ suspect deported from Mexico to face US hacking charges
After nearly a decade as a US expat dubbed βThe Face of Anoynmousβ, heβs back in the US facing cybercrime charges from almost a decade ago.
β Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data β
π Read
via "Threat Post".
Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoftβs business networking platform to forbid the company from harvesting public info from user profiles.π Read
via "Threat Post".
Threat Post
Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data
Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoftβs business networking platform to forbid the company from harvesting public info from user profiles.
π¦Ώ Microsoft product vulnerabilities reached a new high of 1,268 in 2020 π¦Ώ
π Read
via "Tech Republic".
56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report.π Read
via "Tech Republic".
π΄ How Does the Government Buy Its Cybersecurity? π΄
π Read
via "Dark Reading".
The federal government is emphasizing cybersecurity regulation, education, and defense strategies this year.π Read
via "Dark Reading".
β SASE & Zero Trust: The Dream Team β
π Read
via "Threat Post".
Forcepointβs Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.π Read
via "Threat Post".
π Hashcat Advanced Password Recovery 6.2.2 Source Code π
π Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.2 Source Code β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers