π΄ How Security Teams Can Reinforce End-User Awareness π΄
π Read
via "Dark Reading".
Training programs provide the information, but security teams can reinforce these for better end-user education.π Read
via "Dark Reading".
Dark Reading
How Security Teams Can Reinforce End-User Awareness
Training programs provide the information, but security teams can reinforce these for better end-user education.
β CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features β
π Read
via "Threat Post".
The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.π Read
via "Threat Post".
Threat Post
CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features
The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.
ποΈ Dutch police warn DDoS-for-hire customers to desist or face prosecution ποΈ
π Read
via "The Daily Swig".
We know what you DDoSed last summerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dutch police warn DDoS-for-hire customers to desist or face prosecution
We know what you DDoSed last summer
π¦Ώ How to configure SSH to use a non-standard port with SELinux set to enforcing π¦Ώ
π Read
via "Tech Republic".
Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. But when SELinux is involved, you have to take a few extra steps. Jack Wallen shows you how.π Read
via "Tech Republic".
TechRepublic
How to configure SSH to use a non-standard port with SELinux set to enforcing
Switching the SSH listening port is an easy way to help secure remote login on your Linux servers. But when SELinux is involved, you have to take a few extra steps. Jack Wallen shows you how.
βΌ CVE-2020-19961 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33177 βΌ
π Read
via "National Vulnerability Database".
The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19964 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20599 βΌ
π Read
via "National Vulnerability Database".
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows an remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19960 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19962 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22963 βΌ
π Read
via "National Vulnerability Database".
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19957 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19954 βΌ
π Read
via "National Vulnerability Database".
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33178 βΌ
π Read
via "National Vulnerability Database".
The Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22964 βΌ
π Read
via "National Vulnerability Database".
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19959 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33179 βΌ
π Read
via "National Vulnerability Database".
The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.π Read
via "National Vulnerability Database".
π΄ The Human Element Is the Weakest Link π΄
π Read
via "Dark Reading".
While the recent Facebook outage was a major inconvenience, the impact of leaked business operations documents is a much bigger issue than being down for a few hours.π Read
via "Dark Reading".
Dark Reading
The Human Element Is the Weakest Link
While the recent Facebook outage was a major inconvenience, the impact of leaked business operations documents is a much bigger issue than being down for a few hours.
π΄ Open Source Security Foundation Raises $10M π΄
π Read
via "Dark Reading".
Industry leaders from technology, financial services, telecom, and cybersecurity sectors respond to Biden's executive order and commit to a more secure future for software.π Read
via "Dark Reading".
Dark Reading
Open Source Security Foundation Raises $10M
Industry leaders from technology, financial services, telecom, and cybersecurity sectors respond to Biden's executive order and commit to a more secure future for software.
βοΈ Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability βοΈ
π Read
via "Krebs on Security".
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the "hackers" and anyone who aided the publication in its "attempt to embarrass the state and sell headlines for their news outlet."π Read
via "Krebs on Security".
Krebsonsecurity
Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a pressβ¦
β Verizonβs Visible Wireless Carrier Confirms Credential-Stuffing Attack β
π Read
via "Threat Post".
Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.π Read
via "Threat Post".
Threat Post
Verizonβs Visible Wireless Carrier Confirms Credential-Stuffing Attack
Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.