ποΈ Security pre-advisories: A simple way to improve the patch management process ποΈ
π Read
via "The Daily Swig".
Improving enterprise security, one patch at a timeπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Security pre-advisories: A simple way to improve the patch management process
Improving enterprise security, one patch at a time
π΄ Proposed HTTPA Protocol Uses TEEs to Secure the Web π΄
π Read
via "Dark Reading".
Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost web security.π Read
via "Dark Reading".
Dark Reading
Proposed HTTPA Protocol Uses TEEs to Secure the Web
Intel researchers describe how Trusted Execution Environments can enhance HTTPS and boost Web security.
β Why is Cybersecurity Failing Against Ransomware? β
π Read
via "Threat Post".
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.π Read
via "Threat Post".
Threat Post
Why is Cybersecurity Failing Against Ransomware?
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
ποΈ Bulletproof hosting duo jailed over support of cyber-attacks against US targets ποΈ
π Read
via "The Daily Swig".
Attacks leveraging defendantsβ infrastructure inflicted heavy financial losses on victimsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bulletproof hosting duo jailed over support of cyber-attacks against US targets
Attacks leveraging defendantsβ infrastructure inflicted heavy financial losses on victims
π¦Ώ Microsoft bought CloudKnox because hybrid multicloud identity is complicated π¦Ώ
π Read
via "Tech Republic".
Managing passwords and privileged access is bad enough for peopleβbut that's going to be dwarfed by the problem of dealing with non-human identities.π Read
via "Tech Republic".
π΄ How Psychology Can Save Your Cybersecurity Awareness Training Program π΄
π Read
via "Dark Reading".
Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.π Read
via "Dark Reading".
Dark Reading
How Psychology Can Save Your Cybersecurity Awareness Training Program
Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.
βΌ CVE-2021-35512 βΌ
π Read
via "National Vulnerability Database".
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.π Read
via "National Vulnerability Database".
ποΈ New bug bounty platform launches for Indian ethical hackers ποΈ
π Read
via "The Daily Swig".
Security researchers can sign up nowπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New bug bounty platform launches for Indian ethical hackers
Security researchers can sign up now
π¦Ώ How to digitally sign email in Apple Mail π¦Ώ
π Read
via "Tech Republic".
Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.π Read
via "Tech Republic".
TechRepublic
How to digitally sign email in Apple Mail
Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.
π AntiRansom 5 π
π Read
via "Packet Storm Security".
AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.π Read
via "Packet Storm Security".
Packetstormsecurity
AntiRansom 5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts] β
π Read
via "Naked Security".
Latest episode - listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)π Read
via "Naked Security".
Naked Security
S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
Latest episode β listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)
π΄ Macs Still Targeted Mostly With Adware, Less With Malware π΄
π Read
via "Dark Reading".
The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.π Read
via "Dark Reading".
Dark Reading
Macs Still Targeted Mostly With Adware, Less With Malware
The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.
βΌ CVE-2021-42740 βΌ
π Read
via "National Vulnerability Database".
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.π Read
via "National Vulnerability Database".
β Gigabyte Allegedly Hit by AvosLocker Ransomware β
π Read
via "Threat Post".
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.π Read
via "Threat Post".
Threat Post
Gigabyte Allegedly Hit by AvosLocker Ransomware
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
π΄ Microsoft Launches Security Program for Nonprofits π΄
π Read
via "Dark Reading".
A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.π Read
via "Dark Reading".
Dark Reading
Microsoft Launches Security Program for Nonprofits
A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.
βΌ CVE-2021-28975 βΌ
π Read
via "National Vulnerability Database".
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20120 βΌ
π Read
via "National Vulnerability Database".
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29883 βΌ
π Read
via "National Vulnerability Database".
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27304 βΌ
π Read
via "National Vulnerability Database".
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversalπ Read
via "National Vulnerability Database".
βΌ CVE-2020-14263 βΌ
π Read
via "National Vulnerability Database".
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"π Read
via "National Vulnerability Database".
βΌ CVE-2021-29873 βΌ
π Read
via "National Vulnerability Database".
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.π Read
via "National Vulnerability Database".