π Zeek 4.0.4 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.0.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ How phishing-as-a-service operations pose a threat to organizations π¦Ώ
π Read
via "Tech Republic".
Attackers can easily buy, deploy and scale phishing campaigns to steal credentials and other sensitive data, says Microsoft.π Read
via "Tech Republic".
π¦Ώ Ransomware detections dropped by almost half, but the threat is only getting worse, says Trend Micro π¦Ώ
π Read
via "Tech Republic".
Rather than indicating ransomware was a passing fad, the decrease in attack volume shows that attackers are starting to become more opportunistic and smarter about picking targets.π Read
via "Tech Republic".
TechRepublic
Ransomware detections dropped by almost half, but the threat is only getting worse, says Trend Micro
Rather than indicating ransomware was a passing fad, the decrease in attack volume shows that attackers are starting to become more opportunistic and smarter about picking targets.
βΌ CVE-2021-32963 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in SuiteLink server while processing commands 0x03/0x10π Read
via "National Vulnerability Database".
βΌ CVE-2021-32959 βΌ
π Read
via "National Vulnerability Database".
Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06π Read
via "National Vulnerability Database".
βΌ CVE-2021-32979 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in SuiteLink server while processing commands 0x04/0x0aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-41381 βΌ
π Read
via "National Vulnerability Database".
Payara Micro Community 5.2021.6 and below allows Directory Traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26750 βΌ
π Read
via "National Vulnerability Database".
DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32999 βΌ
π Read
via "National Vulnerability Database".
Improper handling of exceptional conditions in SuiteLink server while processing command 0x01π Read
via "National Vulnerability Database".
βΌ CVE-2021-41428 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21913 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32987 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in SuiteLink server while processing command 0x0bπ Read
via "National Vulnerability Database".
βΌ CVE-2021-36872 βΌ
π Read
via "National Vulnerability Database".
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type].π Read
via "National Vulnerability Database".
βΌ CVE-2021-32971 βΌ
π Read
via "National Vulnerability Database".
Null pointer dereference in SuiteLink server while processing command 0x07π Read
via "National Vulnerability Database".
βΌ CVE-2021-3824 βΌ
π Read
via "National Vulnerability Database".
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.π Read
via "National Vulnerability Database".
β How Outlook βautodiscoverβ could leak your passwords β and how to stop it β
π Read
via "Naked Security".
The Microsoft Autodiscover "Great Leak" explained - and how to prevent itπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β VMware patch bulletin warns: βThis needs your immediate attention.β β
π Read
via "Naked Security".
"It is a matter of time before working exploits are available," warns VMware.π Read
via "Naked Security".
Naked Security
VMware patch bulletin warns: βThis needs your immediate attention.β
βIt is a matter of time before working exploits are available,β warns VMware.
π¦Ώ How phishing-as-a-service operations pose a threat to organizations π¦Ώ
π Read
via "Tech Republic".
Attackers can easily buy, deploy and scale phishing campaigns to steal credentials and other sensitive data, says Microsoft.π Read
via "Tech Republic".
π¦Ώ Breached passwords: Popular TV shows don't make for the best security credentials π¦Ώ
π Read
via "Tech Republic".
Specops recently released a roundup of the top 20 TV shows found on breached password lists. These shows offer plenty of entertainment, but aren't ideal for password inspiration. Sorry, "Cheers" fans.π Read
via "Tech Republic".
TechRepublic
Breached passwords: Popular TV shows don't make for the best security credentials
Specops recently released a roundup of the top 20 TV shows found on breached password lists. These shows offer plenty of entertainment, but aren't ideal for password inspiration. Sorry, "Cheers" fans.
βΌ CVE-2020-4941 βΌ
π Read
via "National Vulnerability Database".
IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22276 βΌ
π Read
via "National Vulnerability Database".
The vulnerability allows a successful attacker to bypass the integrity check of FW uploaded to the free@home System Access Point.π Read
via "National Vulnerability Database".