π Microsoft Fends Off 2.4 Tbps DDoS Attack π
π Read
via "".
The attack was reportedly 140 percent higher than a 1 Tbps attack it saw in 2020 and higher than any network volumetric event the company previously detected.π Read
via "".
Digital Guardian
Microsoft Fends Off 2.4 Tbps DDoS Attack
The attack was reportedly 140 percent higher than a 1 Tbps attack it saw in 2020 and higher than any network volumetric event the company previously detected.
π΄ Are You Ready for the Privacy Laws Tsunami? π΄
π Read
via "Dark Reading".
Think PCI, HIPAA, and GDPR compliance is tough? There's a tsunami of similar laws on the way. Prepare your business for success with privacy by design.π Read
via "Dark Reading".
Dark Reading
Are You Ready for the Privacy Laws Tsunami?
Think PCI, HIPAA, and GDPR compliance is tough? There's a tsunami of similar laws on the way. Prepare your business for success with privacy by design.
β FreakOut Botnet Turns DVRs Into Monero Cryptominers β
π Read
via "Threat Post".
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.π Read
via "Threat Post".
Threat Post
FreakOut Botnet Turns DVRs Into Monero Cryptominers
The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.
βΌ CVE-2021-42224 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26318 βΌ
π Read
via "National Vulnerability Database".
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20130 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20131 βΌ
π Read
via "National Vulnerability Database".
ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40842 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40843 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42223 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.π Read
via "National Vulnerability Database".
π¦Ώ How to get the most bang for your buck out of your cybersecurity budget π¦Ώ
π Read
via "Tech Republic".
More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.π Read
via "Tech Republic".
TechRepublic
How to get the most bang for your buck out of your cybersecurity budget
More than a quarter of executives surveyed by PwC expect double-digit growth in security budgets in 2022. The trick is to spend that money wisely and effectively.
π΄ What Does a Chief Product Security Officer Do? π΄
π Read
via "Dark Reading".
A CPSO bridges the gap between developers and security to ensure products are built securely and safely.π Read
via "Dark Reading".
Dark Reading
What Does a Chief Product Security Officer Do?
A CPSO bridges the gap between developers and security to ensure products are built securely and safely.
π΄ VirusTotal Shares Data on Ransomware Activity π΄
π Read
via "Dark Reading".
Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.π Read
via "Dark Reading".
Dark Reading
VirusTotal Shares Data on Ransomware Activity
Google's online malware scanning service analyzed 80 million ransomware samples that were uploaded in the past year-and-a-half.
π¦Ώ 3 risk management priorities CIOs are focused on right now π¦Ώ
π Read
via "Tech Republic".
CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.π Read
via "Tech Republic".
TechRepublic
3 risk management priorities CIOs are focused on right now
CIOs have had their hands full since the start of the pandemic with three risk management and governance priorities weighing heavily on their minds.
π¦Ώ Has COVID-19 or supply chain issues affected your organization's cybersecurity plans? π¦Ώ
π Read
via "Tech Republic".
What do you really think about your company's cybersecurity strategy? Take this quick, multiple choice survey and tell us.π Read
via "Tech Republic".
TechRepublic
Is your organization safe from a cybersecurity attack?
How is your company preventing the terror of a potential cybersecurity breach? Take this quick, multiple choice survey and tell us about it.
π΄ SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks π΄
π Read
via "Dark Reading".
Companyβs virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.π Read
via "Dark Reading".
Dark Reading
SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks
Companyβs virtual offerings, cloud services match with on-premises deployments to solve real-world security challenges for SMBs, enterprises, governments, and MSSPs.
π΄ Fugue Adds Kubernetes Security Checks to Secure Infrastructure-As-Code π΄
π Read
via "Dark Reading".
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.π Read
via "Dark Reading".
Dark Reading
Fugue Adds Kubernetes Security Checks to Secure Infrastructure-as-Code
Developers can apply proper security controls as they programmatically deploy Kubernetes clusters.
βΌ CVE-2021-41075 βΌ
π Read
via "National Vulnerability Database".
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40493 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42341 βΌ
π Read
via "National Vulnerability Database".
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3882 βΌ
π Read
via "National Vulnerability Database".
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command.π Read
via "National Vulnerability Database".