β Ruthless Attackers Target Florida Condo Collapse Victims β
π Read
via "Threat Post".
Hackers are stealing the identities of those lost in the condo-collapse tragedy.π Read
via "Threat Post".
Threat Post
Ruthless Attackers Target Florida Condo Collapse Victims
Hackers are stealing the identities of those lost in the condo-collapse tragedy.
π΄ NSO Group Spyware Used On Journalists & Activists Worldwide π΄
π Read
via "Dark Reading".
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.π Read
via "Dark Reading".
Dark Reading
NSO Group Spyware Used On Journalists & Activists Worldwide
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
π What is HITECH Compliance? Understanding and Meeting HITECH Requirements π
π Read
via "".
Learn about the requirements for HITECH compliance and how to meet them in Data Protection 101, our series on the fundamentals of information security.π Read
via "".
Digital Guardian
What is HITECH Compliance? Understanding and Meeting HITECH Requirements
Learn about the requirements for HITECH compliance and how to meet them in Data Protection 101, our series on the fundamentals of information security.
βΌ CVE-2020-20248 βΌ
π Read
via "National Vulnerability Database".
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.π Read
via "National Vulnerability Database".
π΄ How Gaming Attack Data Aids Defenders Across Industries π΄
π Read
via "Dark Reading".
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.π Read
via "Dark Reading".
Dark Reading
How Gaming Attack Data Aids Defenders Across Industries
Web application attacks against the video game industry quadrupled in 2020 compared to the previous year, but companies outside entertainment can learn from the data.
π΄ US Accuses China of Using Criminal Hackers in Cyber Espionage Operations π΄
π Read
via "Dark Reading".
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.π Read
via "Dark Reading".
Dark Reading
US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
π¦Ώ How to activate virtualization-based security and core isolation in Windows 10 π¦Ώ
π Read
via "Tech Republic".
Give your PC a little extra security. HVCI and VBS are available in 64-bit versions of Windows 10, but you must turn them on manually. We show you how.π Read
via "Tech Republic".
TechRepublic
How to activate virtualization-based security and core isolation in Windows 10
Give your PC a little extra security. HVCI and VBS are available in 64-bit versions of Windows 10, but you must turn them on manually. We show you how.
β Unpatched iPhone Bug Allows Remote Device Takeover β
π Read
via "Threat Post".
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected.π Read
via "Threat Post".
Threat Post
Unpatched iPhone Bug Allows Remote Device Takeover
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected.
π΄ Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack π΄
π Read
via "Dark Reading".
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.π Read
via "Dark Reading".
Dark Reading
Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
βΌ CVE-2021-34618 βΌ
π Read
via "National Vulnerability Database".
A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.4.x: All versions; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.π Read
via "National Vulnerability Database".
β Whatβs Next for REvilβs Victims? β
π Read
via "Threat Post".
Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil's servers went up in smoke.π Read
via "Threat Post".
βΌ CVE-2020-5321 βΌ
π Read
via "National Vulnerability Database".
Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an improper input validation vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to spawn tasks with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29499 βΌ
π Read
via "National Vulnerability Database".
Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in PowerStore X environment . A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26081 βΌ
π Read
via "National Vulnerability Database".
REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via a Sensitive Data Exposure vulnerability in the `/rest/api/latest/user/avatar/temporary` endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26082 βΌ
π Read
via "National Vulnerability Database".
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25051 βΌ
π Read
via "National Vulnerability Database".
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).π Read
via "National Vulnerability Database".
βΌ CVE-2021-36979 βΌ
π Read
via "National Vulnerability Database".
Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).π Read
via "National Vulnerability Database".
βΌ CVE-2021-26095 βΌ
π Read
via "National Vulnerability Database".
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27021 βΌ
π Read
via "National Vulnerability Database".
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.π Read
via "National Vulnerability Database".
β MosaicLoader Malware Delivers Facebook Stealers, RATs β
π Read
via "Threat Post".
The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads.π Read
via "Threat Post".
Threat Post
MosaicLoader Malware Delivers Facebook Stealers, RATs
The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads.
π¦Ώ Companies are losing the war against phishing as attacks increase in number and sophistication π¦Ώ
π Read
via "Tech Republic".
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.π Read
via "Tech Republic".
TechRepublic
Companies are losing the war against phishing as attacks increase in number and sophistication
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.