π΄ Don't Get Stymied by Security Indecision π΄
π Read
via "Dark Reading".
You might be increasing cyber-risk by not actively working to reduce it.π Read
via "Dark Reading".
Dark Reading
Cyber Risk recent news | Dark Reading
Explore the latest news and expert commentary on Cyber Risk, brought to you by the editors of Dark Reading
βΌ CVE-2021-27485 βΌ
π Read
via "National Vulnerability Database".
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31857 βΌ
π Read
via "National Vulnerability Database".
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.π Read
via "National Vulnerability Database".
π¦Ώ Akamai adds automation and machine learning to protect user accounts, APIs and applications π¦Ώ
π Read
via "Tech Republic".
Edge platform cybersecurity enhancements are intended to increase responsiveness and augment decision-making, the company said.π Read
via "Tech Republic".
TechRepublic
Akamai adds automation and machine learning to protect user accounts, APIs and applications
Edge platform cybersecurity enhancements are intended to increase responsiveness and augment decision-making, the company said.
β Euros-Driven Football Fever Nets Dumb Passwords β
π Read
via "Threat Post".
The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: "Football."π Read
via "Threat Post".
Threat Post
Euros-Driven Football Fever Nets Dumb Passwords
The top easy-to-crack, football-inspired password in a database of 1 billion unique, clear-text, breached passwords? You probably guessed it: "Football."
βΌ CVE-2021-21668 βΌ
π Read
via "National Vulnerability Database".
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2020-8299 βΌ
π Read
via "National Vulnerability Database".
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.π Read
via "National Vulnerability Database".
β Takeaways from the Colonial Pipeline Ransomware Attack β
π Read
via "Threat Post".
The incident showcases basic steps that organizations can take to protect themselves as ransomware gangs get smarter.π Read
via "Threat Post".
Threat Post
Takeaways from the Colonial Pipeline Ransomware Attack
Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.
π΄ Keeping Your Organization Secure When Dealing With the Unexpected π΄
π Read
via "Dark Reading".
There's no way to anticipate every possible scenario, but the right approach to business continuity can help you respond effectively in any situation.π Read
via "Dark Reading".
β Ransomware Poll: 80% of Victims Donβt Pay Up β
π Read
via "Threat Post".
Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said were hit by a second attack.π Read
via "Threat Post".
Threat Post
Exclusive Ransomware Poll: 80% of Victims Donβt Pay Up
Meanwhile, in a separate survey, 80 percent of organizations that paid the ransom said they were hit by a second attack.
π΄ Is an Attacker Living Off Your Land? π΄
π Read
via "Dark Reading".
Living-off-the-land attacks pose significant risks to organizations and, on top of that, are difficult to detect. Learn the basics about how these attacks operate and ways to limit their damage.π Read
via "Dark Reading".
Dark Reading
Is an Attacker Living Off Your Land?
Living-off-the-land attacks pose significant risks to organizations and, on top of that, are difficult to detect. Learn the basics about how these attacks operate and ways to limit their damage.
βΌ CVE-2020-20444 βΌ
π Read
via "National Vulnerability Database".
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability .π Read
via "National Vulnerability Database".
βΌ CVE-2020-22199 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.π Read
via "National Vulnerability Database".
β IKEA Fined $1.2M for Elaborate βSpying Systemβ β
π Read
via "Threat Post".
A French court fined the furniture giant for illegal surveillance on 400 customers and staff.π Read
via "Threat Post".
Threat Post
IKEA Fined $1.2M for Elaborate βSpying Systemβ
A French court fined the furniture giant for illegal surveillance on 400 customers and staff.
π΄ Russian National Convicted on Charges Related to Kelihos Botnet π΄
π Read
via "Dark Reading".
Oleg Koshkin was arrested in 2019 and faces a maximum penalty of 15 years in prison, the DoJ reports.π Read
via "Dark Reading".
π΄ Security Flaw Discovered In Peloton Equipment π΄
π Read
via "Dark Reading".
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.π Read
via "Dark Reading".
π΄ Biden Tells Putin Critical Infrastructure Sectors 'Off Limits' to Russian Hacking π΄
π Read
via "Dark Reading".
President Joe Biden said he and Russian President Vladimir Putin agreed to discuss boundaries in cyber activity.π Read
via "Dark Reading".
βΌ CVE-2021-1568 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-1541 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
π΄ Ransomware Operators' Strategies Evolve as Attacks Rise π΄
π Read
via "Dark Reading".
Security researchers find ransomware operators rely less on email and more on criminal groups for initial access into target networks.π Read
via "Dark Reading".
π΄ Ukraine Police Disrupt Cl0p Ransomware Operation π΄
π Read
via "Dark Reading".
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.π Read
via "Dark Reading".
Dark Reading
Ukraine Police Disrupt Cl0p Ransomware Operation
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.