π΄ How Psychology Can Save Your Cybersecurity Awareness Training Program π΄
π Read
via "Dark Reading".
Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.π Read
via "Dark Reading".
Dark Reading
How Psychology Can Save Your Cybersecurity Awareness Training Program
Understanding human psychology, how it works, and how to introduce its concepts into cybersecurity awareness training can make a huge difference to your organization.
βΌ CVE-2021-35512 βΌ
π Read
via "National Vulnerability Database".
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.π Read
via "National Vulnerability Database".
ποΈ New bug bounty platform launches for Indian ethical hackers ποΈ
π Read
via "The Daily Swig".
Security researchers can sign up nowπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
New bug bounty platform launches for Indian ethical hackers
Security researchers can sign up now
π¦Ώ How to digitally sign email in Apple Mail π¦Ώ
π Read
via "Tech Republic".
Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.π Read
via "Tech Republic".
TechRepublic
How to digitally sign email in Apple Mail
Adding a digital signature to your email is just one simple step you can take in your journey for more secure communications. Jack Wallen shows you how this is done in the latest version of Apple Mail.
π AntiRansom 5 π
π Read
via "Packet Storm Security".
AntiRansom is a tool capable of detecting and mitigating attacks of Ransomware using honeypots.π Read
via "Packet Storm Security".
Packetstormsecurity
AntiRansom 5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts] β
π Read
via "Naked Security".
Latest episode - listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)π Read
via "Naked Security".
Naked Security
S3 Ep55: Live malware, global encryption, dating scams, and secret emanations [Podcasts]
Latest episode β listen now! (And sign up for our forthcoming Live Malware Demo at the same time.)
π΄ Macs Still Targeted Mostly With Adware, Less With Malware π΄
π Read
via "Dark Reading".
The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.π Read
via "Dark Reading".
Dark Reading
Macs Still Targeted Mostly With Adware, Less With Malware
The top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware, according to an IT management firm.
βΌ CVE-2021-42740 βΌ
π Read
via "National Vulnerability Database".
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.π Read
via "National Vulnerability Database".
β Gigabyte Allegedly Hit by AvosLocker Ransomware β
π Read
via "Threat Post".
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.π Read
via "Threat Post".
Threat Post
Gigabyte Allegedly Hit by AvosLocker Ransomware
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
π΄ Microsoft Launches Security Program for Nonprofits π΄
π Read
via "Dark Reading".
A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.π Read
via "Dark Reading".
Dark Reading
Microsoft Launches Security Program for Nonprofits
A new set of security tools is built to assess risk, provide monitoring and notification if an attack occurs, and train IT pros and users.
βΌ CVE-2021-28975 βΌ
π Read
via "National Vulnerability Database".
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20120 βΌ
π Read
via "National Vulnerability Database".
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29883 βΌ
π Read
via "National Vulnerability Database".
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27304 βΌ
π Read
via "National Vulnerability Database".
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversalπ Read
via "National Vulnerability Database".
βΌ CVE-2020-14263 βΌ
π Read
via "National Vulnerability Database".
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"π Read
via "National Vulnerability Database".
βΌ CVE-2021-29873 βΌ
π Read
via "National Vulnerability Database".
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.π Read
via "National Vulnerability Database".
βΌ CVE-2021-28496 βΌ
π Read
via "National Vulnerability Database".
On systems running Arista EOS and CloudEOS with the affected release version, when using shared secret profiles the password configured for use by BiDirectional Forwarding Detection (BFD) will be leaked when displaying output over eAPI or other JSON outputs to other authenticated users on the device. The affected EOS Versions are: all releases in 4.22.x train, 4.23.9 and below releases in the 4.23.x train, 4.24.7 and below releases in the 4.24.x train, 4.25.4 and below releases in the 4.25.x train, 4.26.1 and below releases in the 4.26.x trainπ Read
via "National Vulnerability Database".
βΌ CVE-2021-42327 βΌ
π Read
via "National Vulnerability Database".
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.π Read
via "National Vulnerability Database".
π US Treasury Outlines Compliance Best Practices for Cryptocurrency Companies π
π Read
via "".
The newly released guide is designed to emphasize sanctions compliance requirements amid the US governmentβs efforts to combat ransomware.π Read
via "".
Digital Guardian
US Treasury Outlines Compliance Best Practices for Cryptocurrency Companies
The newly released guide is designed to emphasize sanctions compliance requirements amid the US governmentβs efforts to combat ransomware.
π΄ Why Should My Organization Consider XDR? π΄
π Read
via "Dark Reading".
XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.π Read
via "Dark Reading".
Dark Reading
Why Should My Organization Consider XDR?
XDR is a newish industry term addressing a very old problem: security products that don't work together to detect threats.
β TA551 Shifts Tactics to Install Sliver Red-Teaming Tool β
π Read
via "Threat Post".
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.π Read
via "Threat Post".
Threat Post
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.