π’ Women and BAME individuals are hardest hit by cyber crime π’
π Read
via "ITPro".
Malwarebytes calls on the technology industry to do more to provide secure internet access to everyoneπ Read
via "ITPro".
IT PRO
Women and BAME individuals are hardest hit by cyber crime | IT PRO
Malwarebytes calls on the technology industry to do more to provide secure internet access to everyone
π’ UKβs next National Cyber Strategy to reflect need for security industrial base π’
π Read
via "ITPro".
The countryβs upcoming National Cyber Security Strategy will 'hopefully' be released later this yearπ Read
via "ITPro".
IT PRO
UKβs next National Cyber Strategy to reflect need for security industrial base | IT PRO
The countryβs upcoming National Cyber Security Strategy will 'hopefully' be released later this year
π’ Hackers spoof Zix in credential phishing attack π’
π Read
via "ITPro".
The attack has impacted around 75,000 Office 365, Google Workspace and Exchange usersπ Read
via "ITPro".
IT PRO
Hackers spoof Zix in credential phishing attack | IT PRO
The attack has impacted around 75,000 Office 365, Google Workspace and Exchange users
π’ Large companies fall short on domain security π’
π Read
via "ITPro".
Most large businesses still need to implement enterprise-level controlsπ Read
via "ITPro".
IT PRO
Large companies fall short on domain security | IT PRO
Most large businesses still need to implement enterprise-level controls
βΌ CVE-2021-32466 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35028 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36745 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33923 βΌ
π Read
via "National Vulnerability Database".
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).π Read
via "National Vulnerability Database".
βΌ CVE-2021-33924 βΌ
π Read
via "National Vulnerability Database".
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35027 βΌ
π Read
via "National Vulnerability Database".
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.π Read
via "National Vulnerability Database".
βοΈ The Rise of One-Time Password Interception Bots βοΈ
π Read
via "Krebs on Security".
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.π Read
via "Krebs on Security".
Krebs on Security
The Rise of One-Time Password Interception Bots
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, butβ¦
π¦Ώ Top 5 tips for using password managers π¦Ώ
π Read
via "Tech Republic".
Password managers are a good way to keep your passwords unique, strong and safe. Tom Merritt gives us five tips on how to use them correctly.π Read
via "Tech Republic".
TechRepublic
Top 5 tips for using password managers
Password managers are a good way to keep your passwords unique, strong and safe. Tom Merritt gives us five tips on how to use them correctly.
π¦Ώ How to use password managers: 5 tips π¦Ώ
π Read
via "Tech Republic".
Tom Merritt gives tips for staying safe with password managers.π Read
via "Tech Republic".
TechRepublic
How to use password managers: 5 tips - TechRepublic
Tom Merritt gives tips for staying safe with password managers.
ποΈ What does the future hold for browser security? Check out the latest features destined for mobile and desktop ποΈ
π Read
via "The Daily Swig".
A rundown of leading web browsersβ privacy and security features β both in place and in the pipelineπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
What does the future hold for browser security? Check out the latest features destined for mobile and desktop
A rundown of leading web browsersβ privacy and security features β both in place and in the pipeline
β Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts β
π Read
via "Threat Post".
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.π Read
via "Threat Post".
Threat Post
Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.
ποΈ Navistar confirms data breach involved employee healthcare information ποΈ
π Read
via "The Daily Swig".
US truck manufacturer breaks bad news to employees and retired workersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Navistar confirms data breach involved employee healthcare information
US truck manufacturer breaks bad news to employees and retired workers
π΄ Sneaky Android Trojan Siphons Millions Using Premium SMS π΄
π Read
via "Dark Reading".
More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.π Read
via "Dark Reading".
Dark Reading
Sneaky Android Trojan Siphons Millions Using Premium SMS
More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.
π΄ 3 Security Initiatives AWS's New CEO Should Prioritize π΄
π Read
via "Dark Reading".
As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.π Read
via "Dark Reading".
Dark Reading
3 Security Initiatives AWS's New CEO Should Prioritize
As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.
βΌ CVE-2021-40651 βΌ
π Read
via "National Vulnerability Database".
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.π Read
via "National Vulnerability Database".
π Google Tsunami Security Scanner Pre-Alpha π
π Read
via "Packet Storm Security".
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. It was originally written by Google and open sourced in July of 2020.π Read
via "Packet Storm Security".
Packetstormsecurity
Google Tsunami Security Scanner Pre-Alpha β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β SAS 2021: βTomirisβ Backdoor Linked to SolarWinds Malware β
π Read
via "Threat Post".
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.π Read
via "Threat Post".
Threat Post
SAS 2021: βTomirisβ Backdoor Linked to SolarWinds Malware
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.