🕴 Breaking Down the Threat of Going All-In With Microsoft Security 🕴
📖 Read
via "Dark Reading".
Limit risk by dividing responsibility for infrastructure, tools, and security.📖 Read
via "Dark Reading".
Dark Reading
Breaking Down the Threat of Going All-In With Microsoft Security
Limit risk by dividing responsibility for infrastructure, tools, and security.
🕴 7 Ways AI and ML Are Helping and Hurting Cybersecurity 🕴
📖 Read
via "Dark Reading".
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.📖 Read
via "Dark Reading".
Dark Reading
7 Ways AI and ML Are Helping and Hurting Cybersecurity
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
‼ CVE-2021-35967 ‼
📖 Read
via "National Vulnerability Database".
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33501 ‼
📖 Read
via "National Vulnerability Database".
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-31216 ‼
📖 Read
via "National Vulnerability Database".
Siren Investigate before 11.1.1 contains a server side request forgery (SSRF) defect in the built-in image proxy route (which is enabled by default). An attacker with access to the Investigate installation can specify an arbitrary URL in the parameters of the image proxy route and fetch external URLs as the Investigate process on the host.📖 Read
via "National Vulnerability Database".
🛠 American Fuzzy Lop plus plus 3.14c 🛠
📖 Read
via "Packet Storm Security".
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.📖 Read
via "Packet Storm Security".
Packetstormsecurity
American Fuzzy Lop plus plus 3.14c ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Hashcat Advanced Password Recovery 6.2.3 Source Code 🛠
📖 Read
via "Packet Storm Security".
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Hashcat Advanced Password Recovery 6.2.3 Source Code ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
❌ Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections ❌
📖 Read
via "Threat Post".
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians -- possible targets of iPhone and Android hacking.📖 Read
via "Threat Post".
Threat Post
Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections
The secretive Israeli firm was allegedly storing 50,000+ mobile phone numbers for activists, journalists, business executives and politicians — possible targets of iPhone and Android hacking.
‼ CVE-2021-34817 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32014 ‼
📖 Read
via "National Vulnerability Database".
SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js.📖 Read
via "National Vulnerability Database".
🕴 When Ransomware Comes to (Your) Town 🕴
📖 Read
via "Dark Reading".
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.📖 Read
via "Dark Reading".
Darkreading
When Ransomware Comes to (Your) Town
While steps for defending against a ransomware attack vary based on the size of the government entity and the resources available to each one, rooting out ransomware ultimately will come down to two things: system architecture and partnerships.
❌ Protecting Phones From Pegasus-Like Spyware Attacks ❌
📖 Read
via "Threat Post".
Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.📖 Read
via "Threat Post".
Threat Post
Protecting Phones From Pegasus-Like Spyware Attacks
Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks.
‼ CVE-2020-36423 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-29707 ‼
📖 Read
via "National Vulnerability Database".
IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.📖 Read
via "National Vulnerability Database".
🦿 US and allies finger China in Microsoft Exchange hack 🦿
📖 Read
via "Tech Republic".
The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes.📖 Read
via "Tech Republic".
❌ Ruthless Attackers Target Florida Condo Collapse Victims ❌
📖 Read
via "Threat Post".
Hackers are stealing the identities of those lost in the condo-collapse tragedy.📖 Read
via "Threat Post".
Threat Post
Ruthless Attackers Target Florida Condo Collapse Victims
Hackers are stealing the identities of those lost in the condo-collapse tragedy.
🕴 NSO Group Spyware Used On Journalists & Activists Worldwide 🕴
📖 Read
via "Dark Reading".
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.📖 Read
via "Dark Reading".
Dark Reading
NSO Group Spyware Used On Journalists & Activists Worldwide
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
🔏 What is HITECH Compliance? Understanding and Meeting HITECH Requirements 🔏
📖 Read
via "".
Learn about the requirements for HITECH compliance and how to meet them in Data Protection 101, our series on the fundamentals of information security.📖 Read
via "".
Digital Guardian
What is HITECH Compliance? Understanding and Meeting HITECH Requirements
Learn about the requirements for HITECH compliance and how to meet them in Data Protection 101, our series on the fundamentals of information security.
‼ CVE-2020-20248 ‼
📖 Read
via "National Vulnerability Database".
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.📖 Read
via "National Vulnerability Database".
🕴 How Gaming Attack Data Aids Defenders Across Industries 🕴
📖 Read
via "Dark Reading".
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.📖 Read
via "Dark Reading".
Dark Reading
How Gaming Attack Data Aids Defenders Across Industries
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
🕴 US Accuses China of Using Criminal Hackers in Cyber Espionage Operations 🕴
📖 Read
via "Dark Reading".
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.📖 Read
via "Dark Reading".
Dark Reading
US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.