π΄ Our Eye Is on the SPARROW π΄
π Read
via "Dark Reading".
How unauthorized users can exploit wireless infrastructures for covert communication.π Read
via "Dark Reading".
Dark Reading
Our Eye Is on the SPARROW
How unauthorized users can exploit wireless infrastructures for covert communication.
π΄ Contrast Application Security Platform Scales to Support OWASP Risks π΄
π Read
via "Dark Reading".
Contrast's platform detects and prevents against OWASP Top Ten risks from development to production with out-of-the-box policy rules and automated compliance reporting.π Read
via "Dark Reading".
Dark Reading
Contrast Application Security Platform Scales to Support OWASP Risks
Contrast's platform detects and prevents against OWASP Top Ten risks from development to production with out-of-the-box policy rules and automated compliance reporting.
π¦Ώ 10,000 employees at Stanley Black & Decker go passwordless π¦Ώ
π Read
via "Tech Republic".
Here's how TruU's Passwordless Protection could make hybrid work easier and beef up security in the enterprise.π Read
via "Tech Republic".
TechRepublic
10,000 employees at Stanley Black & Decker go passwordless
Here's how TruU's Passwordless Protection could make hybrid work easier and beef up security in the enterprise.
ποΈ Meet TruffleHog β a browser extension for finding secret keys in JavaScript code ποΈ
π Read
via "The Daily Swig".
API keys are accidentally being leaked by websites. Hereβs how to find themπ Read
via "The Daily Swig".
β S3 Ep51: OMIGOD a gaping hole, waybill scams, and Face ID hacked [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep51: OMIGOD a gaping hole, waybill scams, and Face ID hacked [Podcast]
Latest episode β listen now!
ποΈ Developers fix multitude of vulnerabilities in Apache HTTP Server ποΈ
π Read
via "The Daily Swig".
High-impact SSRF and request smuggling bugs among flaws addressed in bumper patch cycleπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Developers fix multitude of vulnerabilities in Apache HTTP Server
High-impact SSRF and request smuggling bugs among flaws addressed in bumper patch cycle
β TangleBot Malware Reaches Deep into Android Device Functions β
π Read
via "Threat Post".
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.π Read
via "Threat Post".
Threat Post
TangleBot Malware Reaches Deep into Android Device Functions
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks β among others.
π¦Ώ iOS 15: How to enable Mail Privacy Protection π¦Ώ
π Read
via "Tech Republic".
Learn how to use the new iOS 15 security feature called Mail Privacy Protection, which can hide your IP address and other tracking data often sent to marketers without your knowledge.π Read
via "Tech Republic".
TechRepublic
iOS 15: How to enable Mail Privacy Protection
Learn how to use the new iOS 15 security feature called Mail Privacy Protection, which can hide your IP address and other tracking data often sent to marketers without your knowledge.
βΌ CVE-2021-41587 βΌ
π Read
via "National Vulnerability Database".
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40099 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41586 βΌ
π Read
via "National Vulnerability Database".
In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40102 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).π Read
via "National Vulnerability Database".
βΌ CVE-2021-40100 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41588 βΌ
π Read
via "National Vulnerability Database".
In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.π Read
via "National Vulnerability Database".
π΄ TangleBot Campaign Underscores SMS Threat π΄
π Read
via "Dark Reading".
The attack targets Android devices and starts with a malicious SMS message that aims to bring malware onto compromised devices.π Read
via "Dark Reading".
Dark Reading
TangleBot Campaign Underscores SMS Threat
The attack targets Android devices and starts with a malicious SMS message that aims to bring malware onto compromised devices.
π1
π Friday Five 9/24 π
π Read
via "".
New iOS privacy settings, the Exchange autodiscover bug, and subsidiary risk - catch up on the week's infosec news with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 9/24
New iOS privacy settings, the Exchange autodiscover bug, and subsidiary risk - catch up on the week's infosec news with the Friday Five!
βΌ CVE-2021-28130 βΌ
π Read
via "National Vulnerability Database".
Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40309 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40310 βΌ
π Read
via "National Vulnerability Database".
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.π Read
via "National Vulnerability Database".
β Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords β
π Read
via "Threat Post".
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.π Read
via "Threat Post".
Threat Post
Exchange/Outlook Autodiscover Bug Spills 100K+ Email Passwords
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
π¦Ώ Are VPNs still the best solution for security? π¦Ώ
π Read
via "Tech Republic".
Cybersecurity professionals rely on VPNs to secure remote endpoints with an organization's home network. One expert suggests there is a better, simpler and safer approach to accomplish the same thing.π Read
via "Tech Republic".
TechRepublic
Are VPNs still the best solution for security?
Cybersecurity professionals rely on VPNs to secure remote endpoints with an organization's home network. One expert suggests there is a better, simpler and safer approach to accomplish the same thing.