🕴 Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw 🕴
📖 Read
via "Dark Reading".
A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.📖 Read
via "Dark Reading".
Dark Reading
Targeted Attack Activity Heightens Need for Orgs. to Patch New SolarWinds Flaw
A China-based threat actor -- previously observed targeting US defense industrial base organizations and software companies -- is exploiting the bug in SolarWinds' Serv-U software, Microsoft says.
🕴 Google to Bring HTTPS-First Mode to Chrome Browser 🕴
📖 Read
via "Dark Reading".
Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS.📖 Read
via "Dark Reading".
Dark Reading
Google to Bring HTTPS-First Mode to Chrome Browser
Beginning in M94, Chrome will offer HTTPS-First Mode, which will attempt to upgrade all page loads to HTTPS.
🦿 Tokyo 2020 Olympics must be extra secure to avoid cyberattacks and ransomware 🦿
📖 Read
via "Tech Republic".
Any big event is likely to attract bad actors. Keeping the games safe from attack is a huge undertaking for event planners.📖 Read
via "Tech Republic".
TechRepublic
Cyberattacks are a real concern for planners of the 2020 Tokyo Olympics
Olympic Destroyer was unleashed at Seoul in 2018. It could happen again, cybersecurity expert says.
🦿 Tokyo 2020 Olympics must be extra secure to avoid cyberattacks and ransomware 🦿
📖 Read
via "Tech Republic".
Any big event is likely to attract bad actors. Keeping the games safe from attack is a huge undertaking for event planners.📖 Read
via "Tech Republic".
TechRepublic
Tokyo 2020 Olympics must be extra secure to avoid cyberattacks and ransomware
Any big event is likely to attract bad actors. Keeping the games safe from attack is a huge undertaking for event planners.
🕴 SonicWall: 'Imminent' Ransomware Attack Targets Older Products 🕴
📖 Read
via "Dark Reading".
The attack exploits a known vulnerability that was fixed in new versions of firmware released this year.📖 Read
via "Dark Reading".
Dark Reading
SonicWall: 'Imminent' Ransomware Attack Targets Older Products
The attack exploits a known vulnerability that was fixed in new versions of firmware released this year.
‼ CVE-2020-29157 ‼
📖 Read
via "National Vulnerability Database".
An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22867 ‼
📖 Read
via "National Vulnerability Database".
A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24133 ‼
📖 Read
via "National Vulnerability Database".
A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36420 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1 allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25318 ‼
📖 Read
via "National Vulnerability Database".
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25320 ‼
📖 Read
via "National Vulnerability Database".
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.📖 Read
via "National Vulnerability Database".
❌ Safari Zero-Day Used in Malicious LinkedIn Campaign ❌
📖 Read
via "Threat Post".
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.📖 Read
via "Threat Post".
Threat Post
Safari Zero-Day Used in Malicious LinkedIn Campaign
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.
‼ CVE-2021-33505 ‼
📖 Read
via "National Vulnerability Database".
Falco through 0.28.1 has a Time-of-check Time-of-use (TOCTOU) Race Condition. Issue is fixed in Falco versions >= 0.29.1.📖 Read
via "National Vulnerability Database".
🦿 Ransomware attackers are growing bolder and using new extortion methods 🦿
📖 Read
via "Tech Republic".
IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report.📖 Read
via "Tech Republic".
TechRepublic
Ransomware attackers are growing bolder and using new extortion methods
IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture's 2021 Cyber Threat Intelligence report.
🛠 Wireshark Analyzer 3.4.7 🛠
📖 Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.4.7 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 What to Look for in an Effective Threat Hunter 🕴
📖 Read
via "Dark Reading".
The most important personality traits, skills, and certifications to look for when hiring a threat hunting team.📖 Read
via "Dark Reading".
Dark Reading
Dark Reading | Security | Protect The Business
Dark Reading: Connecting The Cybersecurity Community.
❌ SonicWall Warns Firewall Hardware Bugs Under Attack ❌
📖 Read
via "Threat Post".
SonicWall issued an urgent security alert warning customers that some of its current and legacy firewall appliances were under active attack.📖 Read
via "Threat Post".
Threat Post
SonicWall Warns Secure VPN Hardware Bugs Under Attack
SonicWall issued an urgent security alert warning customers that some of its current and legacy secure VPN appliances were under active attack.
🔏 An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part I 🔏
📖 Read
via "".
In part one of our Q&A with Adam Burns, we discuss his background in security, ransomware in the news, and what traits make for a successful analyst.📖 Read
via "".
Digital Guardian
An Interview with Adam Burns, Manager of Cybersecurity Analysts at Digital Guardian Part I
In part one of our Q&A with Adam Burns, we discuss his background in security, ransomware in the news, and what traits make for a successful analyst.
‼ CVE-2020-12731 ‼
📖 Read
via "National Vulnerability Database".
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25593 ‼
📖 Read
via "National Vulnerability Database".
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34691 ‼
📖 Read
via "National Vulnerability Database".
iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port.📖 Read
via "National Vulnerability Database".