π’ Detained Russian cyber sec tycoon 'exposed classified data', state media claims π’
π Read
via "ITPro".
Ilya Sachkov is accused of handing over security data to foreign intelligence servicesπ Read
via "ITPro".
IT PRO
Detained Russian cyber sec tycoon 'exposed classified data', state media claims | IT PRO
Ilya Sachkov is accused of handing over security data to foreign intelligence services
π’ NSA and CISA offer new security guidance for VPNs π’
π Read
via "ITPro".
Multiple nation-state threat actors using known flaws to access systemsπ Read
via "ITPro".
IT PRO
NSA and CISA offer new security guidance for VPNs | IT PRO
Multiple nation-state threat actors using known flaws to access systems
π’ Cellebrite launches industry-first remote data collection solution π’
π Read
via "ITPro".
New solution aids organizationsβ e-discovery and corporate investigation proceduresπ Read
via "ITPro".
IT PRO
Cellebrite launches industry-first remote data collection solution | IT PRO
New solution aids organizationsβ e-discovery and corporate investigation procedures
π’ Visa card holders using Apple Pay warned of payment exploit that bypasses user authentication π’
π Read
via "ITPro".
Commuters are being urged to disable Apple Pay express transit mode for Visa cardsπ Read
via "ITPro".
IT PRO
Visa card holders using Apple Pay warned of payment exploit that bypasses user authentication | IT PRO
Commuters are being urged to disable Apple Pay express transit mode for Visa cards
π’ Alkira offers Check Point CloudGuard Security to secure virtual cloud networks π’
π Read
via "ITPro".
New service allows admins to connect cloud services, data centers and VPNsπ Read
via "ITPro".
IT PRO
Alkira offers Check Point CloudGuard Security to secure virtual cloud networks | IT PRO
New service allows admins to connect cloud services, data centers and VPNs
π’ Two-thirds of organizations have fallen victim to ransomware π’
π Read
via "ITPro".
New report finds ransomware attacks grew by over 1,000%π Read
via "ITPro".
IT PRO
Two-thirds of organizations have fallen victim to ransomware | IT PRO
New report finds ransomware attacks grew by over 1,000%
π’ How to turn on Windows Defender π’
π Read
via "ITPro".
Find out how to turn on, or off, Windows Defender on Windows 10 and older versions of Windowsπ Read
via "ITPro".
ITPro
How to turn on Windows Defender
A simple guide on how to turn on Windows Defender in Windows 10 and Windows 11, and turn it off again if necessary
π’ SolarWinds hackers are targeting Microsoft AD servers π’
π Read
via "ITPro".
The βpassive and highly targeted" FoggyWeb backdoor has been around since at least April 2021π Read
via "ITPro".
ITPro
SolarWinds hackers are targeting Microsoft AD servers
The βpassive and highly targeted" FoggyWeb backdoor has been around since at least April 2021
π’ Telegram bots are out to steal your one-time passwords π’
π Read
via "ITPro".
New scam lets cyber criminals steal money from victimsπ Read
via "ITPro".
ITPro
Telegram bots are out to steal your one-time passwords
New scam lets cyber criminals steal money from victims
β New APT ChamelGang Targets Russian Energy, Aviation Orgs β
π Read
via "Threat Post".
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.π Read
via "Threat Post".
Threat Post
New APT ChamelGang Targets Russian Energy, Aviation Orgs
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.
β S3 Ep52: Letβs Encrypt, Outlook leak, and VMware exploit [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep52: Letβs Encrypt, Outlook leak, and VMware exploit [Podcast]
Latest episode β listen now!
ποΈ Malicious hackers are exploiting known vulnerabilities because organizations arenβt quick enough to patch β report ποΈ
π Read
via "The Daily Swig".
Cybercriminals are scanning Shodan for easy marksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Malicious hackers are exploiting known vulnerabilities because organizations arenβt quick enough to patch β report
Cybercriminals are scanning Shodan for easy marks
π΄ It's Time to Rethink Identity and Authentication π΄
π Read
via "Dark Reading".
The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication.π Read
via "Dark Reading".
Dark Reading
It's Time to Rethink Identity and Authentication
The concept of identity has been around for decades, yet authentication has not caught up to its advanced threats until now. Here are four ways to begin thinking differently about identity and authentication.
βΌ CVE-2021-41457 βΌ
π Read
via "National Vulnerability Database".
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41110 βΌ
π Read
via "National Vulnerability Database".
cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41459 βΌ
π Read
via "National Vulnerability Database".
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41456 βΌ
π Read
via "National Vulnerability Database".
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35297 βΌ
π Read
via "National Vulnerability Database".
Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code.π Read
via "National Vulnerability Database".
π¦Ώ Google stakes new Secure Open Source rewards program for developers with $1M seed money π¦Ώ
π Read
via "Tech Republic".
The SOS program, run by the Linux Foundation, will reward developers with potentially more than $10,000 for enhancing the security of critical open source software.π Read
via "Tech Republic".
TechRepublic
Google stakes new Secure Open Source rewards program for developers with $1M seed money
The SOS program, run by the Linux Foundation, will reward developers with potentially more than $10,000 for enhancing the security of critical open source software.
βοΈ FCC Proposal Targets SIM Swapping, Port-Out Fraud βοΈ
π Read
via "Krebs on Security".
The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target's mobile phone number and use that to wrest control over the victim's online identity.π Read
via "Krebs on Security".
Krebs on Security
FCC Proposal Targets SIM Swapping, Port-Out Fraud
The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target's mobile phone number and use thatβ¦
ποΈ Prototype pollution vulnerabilities rife among high-traffic websites, study finds ποΈ
π Read
via "The Daily Swig".
Technique is exploitable at scale because itβs so overlooked, speculate researchersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Prototype pollution vulnerabilities rife among high-traffic websites, study finds
Technique is exploitable at scale because itβs so overlooked, speculate researchers