🕴 When Will Cybersecurity Operations Adopt the Peter Parker Principle? 🕴
📖 Read
via "Dark Reading".
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.📖 Read
via "Dark Reading".
❌ Pandemic-Bored Attackers Pummeled Gaming Industry ❌
📖 Read
via "Threat Post".
Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.📖 Read
via "Threat Post".
Threat Post
Pandemic-Bored Attackers Pummeled Gaming Industry
Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.
‼ CVE-2021-3526 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33624 ‼
📖 Read
via "National Vulnerability Database".
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.📖 Read
via "National Vulnerability Database".
❌ Iran Media Websites Seized by U.S. in Disinformation Campaign ❌
📖 Read
via "Threat Post".
DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.📖 Read
via "Threat Post".
Threat Post
Iran Media Websites Seized by U.S. in Disinformation Campaign
DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.
🕴 Survey Seeks to Learn How 2020 Changed Security 🕴
📖 Read
via "Dark Reading".
Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.📖 Read
via "Dark Reading".
🕴 New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies 🕴
📖 Read
via "Dark Reading".
Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.📖 Read
via "Dark Reading".
Dark Reading
New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies
Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.
‼ CVE-2020-18657 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.📖 Read
via "National Vulnerability Database".
🕴 Microsoft Tracks New BazaCall Malware Campaign 🕴
📖 Read
via "Dark Reading".
Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.📖 Read
via "Dark Reading".
‼ CVE-2020-18660 ‼
📖 Read
via "National Vulnerability Database".
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.📖 Read
via "National Vulnerability Database".
🕴 VMs Help Ransomware Attackers Evade Detection, But It's Uncommon 🕴
📖 Read
via "Dark Reading".
Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.📖 Read
via "Dark Reading".
Dark Reading
VMs Help Ransomware Attackers Evade Detection, But It's Uncommon
Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.
🕴 79% of Third-Party Libraries in Apps Are Never Updated 🕴
📖 Read
via "Dark Reading".
A lack of contextual information and concerns over application disruption among contributing factors.📖 Read
via "Dark Reading".
Dark Reading
79% of Third-Party Libraries in Apps Are Never Updated
A lack of contextual information and concerns over application disruption among contributing factors.
‼ CVE-2021-21809 ‼
📖 Read
via "National Vulnerability Database".
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32823 ‼
📖 Read
via "National Vulnerability Database".
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35041 ‼
📖 Read
via "National Vulnerability Database".
The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lead to a crash. A malicious node can send a packet continuously. The packet is in an incorrect format and cannot be decoded by the node correctly. As a result, the node may consume the memory sustainably and crash. More details are shown at: https://github.com/FISCO-BCOS/FISCO-BCOS/issues/1951📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25652 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25655 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).📖 Read
via "National Vulnerability Database".
❌ 30M Dell Devices at Risk for Remote BIOS Attacks, RCE ❌
📖 Read
via "Threat Post".
Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.📖 Read
via "Threat Post".
Threat Post
30M Dell Devices at Risk for Remote BIOS Attacks, RCE
Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.
❌ Atlassian Bugs Could Have Led to 1-Click Takeover ❌
📖 Read
via "Threat Post".
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.📖 Read
via "Threat Post".
Threat Post
Atlassian Bugs Could Have Led to 1-Click Takeover
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.
‼ CVE-2021-21737 ‼
📖 Read
via "National Vulnerability Database".
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016📖 Read
via "National Vulnerability Database".
🕴 rMTD: A Deception Method That Throws Attackers Off Their Game 🕴
📖 Read
via "Dark Reading".
Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities exponentially difficult to exploit. Here's how.📖 Read
via "Dark Reading".
Dark Reading
rMTD: A Deception Method That Throws Attackers Off Their Game
Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities difficult to exploit. Here's how.