π΄ 75K Email Inboxes Hit in New Credential Phishing Campaign π΄
π Read
via "Dark Reading".
Attacker used a legitimate β but likely deprecated β domain to sneak malicious emails past security filters, vendor says.π Read
via "Dark Reading".
Dark Reading
75K Email Inboxes Hit in New Credential Phishing Campaign
Attacker used a legitimate β but likely deprecated β domain to sneak malicious emails past security filters, vendor says.
βΌ CVE-2020-20122 βΌ
π Read
via "National Vulnerability Database".
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20124 βΌ
π Read
via "National Vulnerability Database".
Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20120 βΌ
π Read
via "National Vulnerability Database".
ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which is triggered when the array is not passed to the "where" and "query" methods.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20125 βΌ
π Read
via "National Vulnerability Database".
EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php.π Read
via "National Vulnerability Database".
π’ What makes a password secure? π’
π Read
via "ITPro".
IT security is constantly evolving to counter threats, but the password remains a key part of our security arsenalπ Read
via "ITPro".
IT PRO
What makes a password secure? | IT PRO
IT security is constantly evolving to counter threats, but the password remains a key part of our security arsenal
π’ Amazon to offer cyber insurance to UK SMBs π’
π Read
via "ITPro".
The insurance will cover risks such as accidental privacy breaches, extortion and ransomwareπ Read
via "ITPro".
IT PRO
Amazon to offer cyber insurance to UK SMBs | IT PRO
The insurance will cover risks such as accidental privacy breaches, extortion and ransomware
π’ Women and BAME individuals are hardest hit by cyber crime π’
π Read
via "ITPro".
Malwarebytes calls on the technology industry to do more to provide secure internet access to everyoneπ Read
via "ITPro".
IT PRO
Women and BAME individuals are hardest hit by cyber crime | IT PRO
Malwarebytes calls on the technology industry to do more to provide secure internet access to everyone
π’ UKβs next National Cyber Strategy to reflect need for security industrial base π’
π Read
via "ITPro".
The countryβs upcoming National Cyber Security Strategy will 'hopefully' be released later this yearπ Read
via "ITPro".
IT PRO
UKβs next National Cyber Strategy to reflect need for security industrial base | IT PRO
The countryβs upcoming National Cyber Security Strategy will 'hopefully' be released later this year
π’ Hackers spoof Zix in credential phishing attack π’
π Read
via "ITPro".
The attack has impacted around 75,000 Office 365, Google Workspace and Exchange usersπ Read
via "ITPro".
IT PRO
Hackers spoof Zix in credential phishing attack | IT PRO
The attack has impacted around 75,000 Office 365, Google Workspace and Exchange users
π’ Large companies fall short on domain security π’
π Read
via "ITPro".
Most large businesses still need to implement enterprise-level controlsπ Read
via "ITPro".
IT PRO
Large companies fall short on domain security | IT PRO
Most large businesses still need to implement enterprise-level controls
βΌ CVE-2021-32466 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35028 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36745 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33923 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).π Read
via "National Vulnerability Database".
βΌ CVE-2021-33924 βΌ
π Read
via "National Vulnerability Database".
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35027 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.π Read
via "National Vulnerability Database".
βοΈ The Rise of One-Time Password Interception Bots βοΈ
π Read
via "Krebs on Security".
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.π Read
via "Krebs on Security".
Krebs on Security
The Rise of One-Time Password Interception Bots
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, butβ¦
π¦Ώ Top 5 tips for using password managers π¦Ώ
π Read
via "Tech Republic".
Password managers are a good way to keep your passwords unique, strong and safe. Tom Merritt gives us five tips on how to use them correctly.π Read
via "Tech Republic".
TechRepublic
Top 5 tips for using password managers
Password managers are a good way to keep your passwords unique, strong and safe. Tom Merritt gives us five tips on how to use them correctly.
π¦Ώ How to use password managers: 5 tips π¦Ώ
π Read
via "Tech Republic".
Tom Merritt gives tips for staying safe with password managers.π Read
via "Tech Republic".
TechRepublic
How to use password managers: 5 tips - TechRepublic
Tom Merritt gives tips for staying safe with password managers.
ποΈ What does the future hold for browser security? Check out the latest features destined for mobile and desktop ποΈ
π Read
via "The Daily Swig".
A rundown of leading web browsersβ privacy and security features β both in place and in the pipelineπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
What does the future hold for browser security? Check out the latest features destined for mobile and desktop
A rundown of leading web browsersβ privacy and security features β both in place and in the pipeline