β How Ready Are You for a Ransomware Attack? β
π Read
via "Threat Post".
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.π Read
via "Threat Post".
Threat Post
How Ready Are You for a Ransomware Attack?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.
β Whatβs Next for T-Mobile and Its Customers? β Podcast β
π Read
via "Threat Post".
Hopefully not a hacked-up hairball of a βno can doβ message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.π Read
via "Threat Post".
Threat Post
Whatβs Next for T-Mobile and Its Customers? β Podcast
Hopefully not a hacked-up hairball of a βno can doβ message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.
βΌ CVE-2020-18900 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18897 βΌ
π Read
via "National Vulnerability Database".
An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18899 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18898 βΌ
π Read
via "National Vulnerability Database".
A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file.π Read
via "National Vulnerability Database".
π¦Ώ How to protect your T-Mobile account in light of the latest data breach π¦Ώ
π Read
via "Tech Republic".
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.π Read
via "Tech Republic".
TechRepublic
How to protect your T-Mobile account in light of the latest data breach
In response to a breach that compromised the personal data of millions of subscribers, T-Mobile customers should change their password and PIN and set up two-step verification.
β Nigerian Threat Actors Solicits Employees to Deploy Ransomware for Cut of Profits β
π Read
via "Threat Post".
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organizationβs network.π Read
via "Threat Post".
Threat Post
Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organizationβs network.
π OpenSSH 8.7p1 π
π Read
via "Packet Storm Security".
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSH 8.7p1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ It's time to retire the Social Security number π¦Ώ
π Read
via "Tech Republic".
With 40 million people having their SSN exposed during the T-Mobile hack, it's time to reconsider the usefulness of the Social Security number.π Read
via "Tech Republic".
TechRepublic
It's time to retire the Social Security number
With 40 million people having their SSN exposed during the T-Mobile hack, it's time to reconsider the usefulness of the Social Security number.
π¦Ώ Great Resignation hits IT departments and companies are switching strategies π¦Ώ
π Read
via "Tech Republic".
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.π Read
via "Tech Republic".
TechRepublic
Great Resignation hits IT departments and companies are switching strategies
To ensure business continuity amid high turnover, many CIOs are planning to alter their strategies to make the company "less dependent on employee institutional knowledge," says PwC.
β Japanese cryptocoin exchange robbed of $100,000,000 β
π Read
via "Naked Security".
Another week, another cryptocurrency catastrophe. This time, it's "only" $100 million's worth...π Read
via "Naked Security".
Naked Security
Japanese cryptocoin exchange robbed of $100,000,000
Another week, another cryptocurrency catastrophe. This time, itβs βonlyβ $100 millionβs worthβ¦
β S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast] β
π Read
via "Naked Security".
Lastest episode - listen, laugh and learn! This week, Chester Wisniewski joins us on the show.π Read
via "Naked Security".
Naked Security
S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast]
Lastest episode β listen, laugh and learn! This week, Chester Wisniewski joins us on the show.
βΌ CVE-2020-36474 βΌ
π Read
via "National Vulnerability Database".
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18886 βΌ
π Read
via "National Vulnerability Database".
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18879 βΌ
π Read
via "National Vulnerability Database".
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18885 βΌ
π Read
via "National Vulnerability Database".
Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'.π Read
via "National Vulnerability Database".
βΌ CVE-2020-18877 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'.π Read
via "National Vulnerability Database".
π Friday Five 8/20 π
π Read
via "".
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 8/20
Exposed web cams, mistakes made when hiring cybersecurity roles, and a $1 million breach settlement - catch up on the week's infosec news with the Friday Five!
βΌ CVE-2021-34228 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34218 βΌ
π Read
via "National Vulnerability Database".
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /add/ , /img/, /js/, and /mobile directories via GET Parameter.π Read
via "National Vulnerability Database".