π΄ 10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage π΄
π Read
via "Dark Reading".
Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizationsπ Read
via "Dark Reading".
Dark Reading
10 Recent Examples of How Insider Threats Can Cause Big Breaches and Damage
Theft of intellectual property, sabotage, exposure of sensitive data and more were caused by malicious behavior and negligence at these organizations
π΄ Akamai Acquires Guardicore in $600M Deal π΄
π Read
via "Dark Reading".
In other acquisition news today, Arctic Wolf announced it will acquire Habitu8, a managed security awareness platform, for an undisclosed amount.π Read
via "Dark Reading".
Dark Reading
Akamai Acquires Guardicore in $600M Deal
In other acquisition news today, Arctic Wolf announced it will acquire Habitu8, a managed security awareness platform, for an undisclosed amount.
βΌ CVE-2020-20746 βΌ
π Read
via "National Vulnerability Database".
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41324 βΌ
π Read
via "National Vulnerability Database".
Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete).π Read
via "National Vulnerability Database".
βΌ CVE-2021-33583 βΌ
π Read
via "National Vulnerability Database".
REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41101 βΌ
π Read
via "National Vulnerability Database".
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XSS vector in any of the subdomains, they could use it to talk to the Wire API using the user's Cookie. A patch does not exist, but a workaround does. To make sure that a compromise of one subdomain does not yield access to the cookie of another, one may limit the `Access-Control-Allow-Origin` header to apps that actually require the cookie (account-pages, team-settings and the webapp).π Read
via "National Vulnerability Database".
β Google Emergency Update Fixes Two Chrome Zero Days β
π Read
via "Threat Post".
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.π Read
via "Threat Post".
Threat Post
Google Emergency Update Fixes Two Chrome Zero Days
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild.
π΄ More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic π΄
π Read
via "Dark Reading".
Analysis of threat trends from last quarter reveals attackers ramped up their use of fileless malware, and zero-day malware accounted for almost two-thirds of all detections.π Read
via "Dark Reading".
Dark Reading
More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic
Analysis of threat trends from last quarter reveals attackers ramped up their use of fileless malware, and zero-day malware accounted for almost two-thirds of all detections.
βΌ CVE-2020-20796 βΌ
π Read
via "National Vulnerability Database".
FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20799 βΌ
π Read
via "National Vulnerability Database".
JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2020-20797 βΌ
π Read
via "National Vulnerability Database".
FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.π Read
via "National Vulnerability Database".
ποΈ US retailer Neiman Marcus notifies 4.6 million customers of data breach ποΈ
π Read
via "The Daily Swig".
Department store chain forces password reset after discovering 2020 incident last monthπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US retailer Neiman Marcus notifies 4.6 million customers of data breach
Department store chain forces password reset after discovering 2020 incident last month
βΌ CVE-2021-23893 βΌ
π Read
via "National Vulnerability Database".
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.π Read
via "National Vulnerability Database".
π’ Cloudflare enters the email security business π’
π Read
via "ITPro".
New email routing and DNS Wizard capabilities make email management a breezeπ Read
via "ITPro".
IT PRO
Cloudflare enters the email security business | IT PRO
New email routing and DNS Wizard capabilities make email management a breeze
π’ Android Trojan charges millions of victims β¬36 per month π’
π Read
via "ITPro".
Up to 10 million users across 70 countries are thought to have been affectedπ Read
via "ITPro".
IT PRO
Android Trojan charges millions of victims β¬36 per month | IT PRO
Up to 10 million users across 70 countries are thought to have been affected
π’ Account takeovers rise nearly threefold during pandemic π’
π Read
via "ITPro".
Financial services hit hardest by account hijackers, says Sift reportπ Read
via "ITPro".
IT PRO
Account takeovers rise nearly threefold during pandemic | IT PRO
Financial services hit hardest by account hijackers, says Sift report
π’ The worst hacks of all time π’
π Read
via "ITPro".
Yahoo, LinkedIn, Facebook, here is a quick guide to some of the biggest data breaches in historyπ Read
via "ITPro".
IT PRO
The worst hacks of all time | IT PRO
Yahoo, LinkedIn, Facebook, here is a quick guide to some of the biggest data breaches in history
π’ Akamai to acquire cyber security firm Guardicore π’
π Read
via "ITPro".
Guardicoreβs micro-segmentation solution will add to Akamaiβs Zero Trust Security portfolioπ Read
via "ITPro".
IT PRO
Akamai to acquire cyber security firm Guardicore | IT PRO
Guardicoreβs micro-segmentation solution will add to Akamaiβs Zero Trust Security portfolio
π’ Detained Russian cyber sec tycoon 'exposed classified data', state media claims π’
π Read
via "ITPro".
Ilya Sachkov is accused of handing over security data to foreign intelligence servicesπ Read
via "ITPro".
IT PRO
Detained Russian cyber sec tycoon 'exposed classified data', state media claims | IT PRO
Ilya Sachkov is accused of handing over security data to foreign intelligence services
π’ NSA and CISA offer new security guidance for VPNs π’
π Read
via "ITPro".
Multiple nation-state threat actors using known flaws to access systemsπ Read
via "ITPro".
IT PRO
NSA and CISA offer new security guidance for VPNs | IT PRO
Multiple nation-state threat actors using known flaws to access systems
π’ Cellebrite launches industry-first remote data collection solution π’
π Read
via "ITPro".
New solution aids organizationsβ e-discovery and corporate investigation proceduresπ Read
via "ITPro".
IT PRO
Cellebrite launches industry-first remote data collection solution | IT PRO
New solution aids organizationsβ e-discovery and corporate investigation procedures