π΄ 'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks π΄
π Read
via "Dark Reading".
Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.π Read
via "Dark Reading".
Dark Reading
'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks
Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.
β S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]
Latest episode β listen now!
β LANtenna hack spies on your data from across the room! (Sort of) β
π Read
via "Naked Security".
Are your network cables acting as undercover wireless transmitters? What can you do if they are?π Read
via "Naked Security".
Naked Security
LANtenna hack spies on your data from across the room! (Sort of)
Are your network cables acting as undercover wireless transmitters? What can you do if they are?
β Missouri Vows to Prosecute βHackerβ Who Disclosed Data Leak β
π Read
via "Threat Post".
Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.π Read
via "Threat Post".
π¦Ώ Data center admins: Learn how to run a basic vulnerability scan on your Linux servers with Nessus π¦Ώ
π Read
via "Tech Republic".
Make sure the Linux servers in your data center are free from vulnerabilities by scanning them immediately using Nessus.π Read
via "Tech Republic".
TechRepublic
How to run a basic vulnerability scan on your data center Linux servers with Nessus
Are you certain your Linux servers in your data center are free from vulnerabilities? If not, you need to scan them immediately. Jack Wallen shows you how with Nessus.
π¦Ώ The White House holds an international summit on ransomware: What you should know π¦Ώ
π Read
via "Tech Republic".
This week the White House held a summit with various nations to address the threat of ransomware. Learn some of the takeaways and why certain nations were excluded.π Read
via "Tech Republic".
TechRepublic
The White House's international summit on ransomware: Biggest cybersecurity takeaways
This week the White House held a summit with various nations to address the threat of ransomware. Experts weigh in on the important security takeaways and why certain nations were excluded.
π΄ How Attackers Hack Humans π΄
π Read
via "Dark Reading".
Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.π Read
via "Dark Reading".
Dark Reading
How Attackers Hack Humans
Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.
β TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates β
π Read
via "Threat Post".
The group β which also created BazarLoader and the Conti ransomware β has juiced its distribution tactics to threaten enterprises more than ever.π Read
via "Threat Post".
Threat Post
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The group β which also created BazarLoader and the Conti ransomware β has juiced its distribution tactics to threaten enterprises more than ever.
βΌ CVE-2021-28021 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29745 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29679 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41320 βΌ
π Read
via "National Vulnerability Database".
A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4951 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.π Read
via "National Vulnerability Database".
π¦Ώ How to use DocSecrets to encrypt sections of your Google Docs π¦Ώ
π Read
via "Tech Republic".
If you need to hide sections of text in Google Documents, give the handy DocSecrets add-on a try.π Read
via "Tech Republic".
TechRepublic
How to use DocSecrets to encrypt sections of your Google Docs - TechRepublic
If you need to hide sections of text in Google Documents, give the handy DocSecrets add-on a try.
βΌ CVE-2021-27561 βΌ
π Read
via "National Vulnerability Database".
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.π Read
via "National Vulnerability Database".
π΄ Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move π΄
π Read
via "Dark Reading".
Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.π Read
via "Dark Reading".
Dark Reading
Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move
Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
βΌ CVE-2018-16060 βΌ
π Read
via "National Vulnerability Database".
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.π Read
via "National Vulnerability Database".
βΌ CVE-2018-16061 βΌ
π Read
via "National Vulnerability Database".
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.π Read
via "National Vulnerability Database".
π΄ China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes π΄
π Read
via "Dark Reading".
China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.π Read
via "Dark Reading".
Dark Reading
China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes
China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.
π΄ In Cyberwar, Attribution Can Be Impossible β and That's OK π΄
π Read
via "Dark Reading".
Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.π Read
via "Dark Reading".
Dark Reading
In Cyberwar, Attribution Can Be Impossible β and That's OK
Instead of using a substantial proportion of resources to determine attribution, organizations should focus on defenses that will help them remediate an attack.
βΌ CVE-2021-36097 βΌ
π Read
via "National Vulnerability Database".
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.π Read
via "National Vulnerability Database".