π΄ It's in the Game (but It Shouldn't Be) π΄
π Read
via "Dark Reading".
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.π Read
via "Dark Reading".
Darkreading
It's in the Game (but It Shouldn't Be)
Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.
π¦Ώ Warning: 1 in 3 employees are likely to fall for a phishing scam π¦Ώ
π Read
via "Tech Republic".
Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.π Read
via "Tech Republic".
TechRepublic
Warning: 1 in 3 employees are likely to fall for a phishing scam
Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.
βΌ CVE-2021-27035 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TIFF, PDF, PICT or DWF files in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PDF, PICT or DWF files. This vulnerability can be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27036 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30117 βΌ
π Read
via "National Vulnerability Database".
SQL injection exists in Kaseya VSA before 9.5.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32752 βΌ
π Read
via "National Vulnerability Database".
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.π Read
via "National Vulnerability Database".
β Where do all those cybercrime payments go? β
π Read
via "Naked Security".
Yes, the headline is a rhetorical question. But sometimes we get literal answers, and they're well worth remembering.π Read
via "Naked Security".
Naked Security
Where do all those cybercrime payments go?
Yes, the headline is a rhetorical question. But sometimes we get literal answers, and theyβre well worth remembering.
π¦Ώ More sharing, less shame: CompTIA ISAO wants to change the standard response to ransomware attacks π¦Ώ
π Read
via "Tech Republic".
The information sharing organization helps companies deal with security threats and supports more collaboration overall.π Read
via "Tech Republic".
TechRepublic
More sharing, less shame: CompTIA ISAO wants to change the standard response to ransomware attacks
The information sharing organization helps companies deal with security threats and supports more collaboration overall.
β Cisco BPA, WSA Bugs Allow Remote Cyberattacks β
π Read
via "Threat Post".
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more.π Read
via "Threat Post".
Threat Post
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more.
π¦Ώ How to prevent ransomware attacks with a zero-trust security model π¦Ώ
π Read
via "Tech Republic".
Ransomware attacks are rampant, with thousands taking place every single day. Learn how a zero-trust security model can protect your organization.π Read
via "Tech Republic".
TechRepublic
How to prevent ransomware attacks with a zero-trust security model
Ransomware attacks are rampant, with thousands taking place every single day. Learn how a zero-trust security model can protect your organization.
β Microsoft Office Users Warned on New Malware-Protection Bypass β
π Read
via "Threat Post".
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.π Read
via "Threat Post".
Threat Post
Microsoft Office Users Warned on New Malware-Protection Bypass
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.
βΌ CVE-2021-3541 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.π Read
via "National Vulnerability Database".
π΄ CISA Analysis Reveals Successful Attack Techniques of FY 2020 π΄
π Read
via "Dark Reading".
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.π Read
via "Dark Reading".
Dark Reading
CISA Analysis Reveals Successful Attack Techniques of FY 2020
The analysis shows potential attack paths and the most effective techniques for each tactic documented in CISA's Risk and Vulnerability Assessments.
βΌ CVE-2021-24007 βΌ
π Read
via "National Vulnerability Database".
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22129 βΌ
π Read
via "National Vulnerability Database".
Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.π Read
via "National Vulnerability Database".
π΄ How Dangerous is Malware? New Report Finds It's Tough to Tell π΄
π Read
via "Dark Reading".
Determining which malware is most damaging, and worthy of immediate attention, has become difficult in environments filled with alerts and noise.π Read
via "Dark Reading".
βΌ CVE-2021-36367 βΌ
π Read
via "National Vulnerability Database".
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).π Read
via "National Vulnerability Database".
βΌ CVE-2021-36371 βΌ
π Read
via "National Vulnerability Database".
Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25394 βΌ
π Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Content" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25876 βΌ
π Read
via "National Vulnerability Database".
A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.π Read
via "National Vulnerability Database".
β Cyber Polygon 2021: Towards Secure Development of Digital Ecosystems β
π Read
via "Threat Post".
Cybersecurity is one of the most important topics on the global agenda, boosted by the pandemic. As the global digitalisation is further accelerating, the world is becoming ever more interconnected. Digital ecosystems are being created all around us: countries, corporations and individuals are taking advantage of the rapid spread of the Internet and smart devices. In this context, a single vulnerable link is enough to bring down the entire system, just like the domino effect.π Read
via "Threat Post".
Threat Post
Cyber Polygon 2021: Towards Secure Development of Digital Ecosystems
Cybersecurity is one of the most important topics on the global agenda, boosted by the pandemic. As the global digitalisation is further accelerating, the world is becoming ever more interconnected. Digital ecosystems are being created all around us: countriesβ¦