ποΈ What does the future hold for browser security? Check out the latest features destined for mobile and desktop ποΈ
π Read
via "The Daily Swig".
A rundown of leading web browsersβ privacy and security features β both in place and in the pipelineπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
What does the future hold for browser security? Check out the latest features destined for mobile and desktop
A rundown of leading web browsersβ privacy and security features β both in place and in the pipeline
β Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts β
π Read
via "Threat Post".
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.π Read
via "Threat Post".
Threat Post
Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.
ποΈ Navistar confirms data breach involved employee healthcare information ποΈ
π Read
via "The Daily Swig".
US truck manufacturer breaks bad news to employees and retired workersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Navistar confirms data breach involved employee healthcare information
US truck manufacturer breaks bad news to employees and retired workers
π΄ Sneaky Android Trojan Siphons Millions Using Premium SMS π΄
π Read
via "Dark Reading".
More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.π Read
via "Dark Reading".
Dark Reading
Sneaky Android Trojan Siphons Millions Using Premium SMS
More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.
π΄ 3 Security Initiatives AWS's New CEO Should Prioritize π΄
π Read
via "Dark Reading".
As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.π Read
via "Dark Reading".
Dark Reading
3 Security Initiatives AWS's New CEO Should Prioritize
As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.
βΌ CVE-2021-40651 βΌ
π Read
via "National Vulnerability Database".
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.π Read
via "National Vulnerability Database".
π Google Tsunami Security Scanner Pre-Alpha π
π Read
via "Packet Storm Security".
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. It was originally written by Google and open sourced in July of 2020.π Read
via "Packet Storm Security".
Packetstormsecurity
Google Tsunami Security Scanner Pre-Alpha β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β SAS 2021: βTomirisβ Backdoor Linked to SolarWinds Malware β
π Read
via "Threat Post".
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.π Read
via "Threat Post".
Threat Post
SAS 2021: βTomirisβ Backdoor Linked to SolarWinds Malware
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.
π΄ Why Should I Care About HTTP Request Smuggling? π΄
π Read
via "Dark Reading".
HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration.π Read
via "Dark Reading".
Dark Reading
Why Should I Care About HTTP Request Smuggling?
HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration.
π΄ DAST to the Future: Shifting the Modern AppSec Paradigm π΄
π Read
via "Dark Reading".
NTT Application Security's Modern AppSec Framework takes a DAST-first approach to defend applications where breaches happen β in production.π Read
via "Dark Reading".
Dark Reading
DAST to the Future: Shifting the Modern AppSec Paradigm
NTT Application Security's Modern AppSec Framework takes a DAST-first approach to defend applications where breaches happen β in production.
β Conti Ransomware Expands Ability to Blow Up Backups β
π Read
via "Threat Post".
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.π Read
via "Threat Post".
Threat Post
Conti Ransomware Expands Ability to Blow Up Backups
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.
π¦Ώ How people concoct their passwords, and why they often stink π¦Ώ
π Read
via "Tech Republic".
Less than a third of the people surveyed by NordPass follow best practices when devising a password.π Read
via "Tech Republic".
TechRepublic
How people concoct their passwords, and why they often stink
Less than a third of the people surveyed by NordPass follow best practices when devising a password.
π΄ Russian Officials Arrest Group-IB CEO, Accuse Him of Treason π΄
π Read
via "Dark Reading".
Ilya Sachkov, founder and CEO of the massive cybersecurity firm, was arrested on treason charges and will be in custody for two months.π Read
via "Dark Reading".
Dark Reading
Russian Officials Arrest Group-IB CEO, Accuse Him of Treason
Ilya Sachkov, founder and CEO of the massive cybersecurity firm, was arrested on treason charges and will be in custody for two months.
βΌ CVE-2021-25961 βΌ
π Read
via "National Vulnerability Database".
In Γ’β¬ΕSuiteCRMΓ’β¬οΏ½ application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25960 βΌ
π Read
via "National Vulnerability Database".
In Γ’β¬ΕSuiteCRMΓ’β¬οΏ½ application, v7.11.18 through v7.11.19 and v7.10.29 through v7.10.31 are affected by Γ’β¬ΕCSV InjectionΓ’β¬οΏ½ vulnerability (Formula Injection). A low privileged attacker can use accounts module to inject payloads in the input fields. When an administrator access accounts module to export the data as a CSV file and opens it, the payload gets executed. This was not fixed properly as part of CVE-2020-15301, allowing the attacker to bypass the security measure.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25959 βΌ
π Read
via "National Vulnerability Database".
In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25962 βΌ
π Read
via "National Vulnerability Database".
Γ’β¬ΕShuupΓ’β¬οΏ½ application in versions 0.4.2 to 2.10.8 is affected by the Γ’β¬ΕFormula InjectionΓ’β¬οΏ½ vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and opens it, the payload gets executed.π Read
via "National Vulnerability Database".
π¦Ώ Ping Identity buys Singular Key and promises smoother ID verification and access management π¦Ώ
π Read
via "Tech Republic".
The purchase of Singular Key will add to Ping's identity and access management service with a no-code method of creating workflows for identity verification for enterprises.π Read
via "Tech Republic".
TechRepublic
Ping Identity buys Singular Key and promises smoother ID verification and access management
The purchase of Singular Key will add to Ping's identity and access management service with a no-code method of creating workflows for identity verification for enterprises.
π΄ Cyberspace, Cybergames, and Cyberspies π΄
π Read
via "Dark Reading".
How cyberspace has become a global cybergames stage, where all of us are actors.π Read
via "Dark Reading".
Dark Reading
Cyberspace, Cybergames, and Cyberspies
How cyberspace has become a global cybergames stage, where all of us are actors.
β GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride β
π Read
via "Threat Post".
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.π Read
via "Threat Post".
Threat Post
GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.
βΌ CVE-2021-29834 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832.π Read
via "National Vulnerability Database".