π’ Eagle Eye Networks announces new editions of Cloud VMS π’
π Read
via "ITPro".
The editions are suitable for small, medium, and large businessesπ Read
via "ITPro".
IT PRO
Eagle Eye Networks announces new editions of Cloud VMS | IT PRO
The editions are suitable for small, medium, and large businesses
π’ Organizations warned of ransomware risk from smaller operators π’
π Read
via "ITPro".
They may not have the financial muscle, but small-time cyber crooks can cause havoc for critical systemsπ Read
via "ITPro".
IT PRO
Organizations warned of ransomware risk from smaller operators | IT PRO
They may not have the financial muscle, but small-time cyber crooks can cause havoc for critical systems
π’ IT Pro News in Review: MacBook refresh, Facebook creating jobs and facial recognition in schools π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News in Review: MacBook refresh, Facebook creating jobs and facial recognition in schools
Welcome to IT Pro's News in Review, a weekly bite-sized bulletin of the top tech stories of the week, for the week ending 22 October, 2021.
π’ The IT Pro Podcast: Should the US cyber army be more aggressive? π’
π Read
via "ITPro".
Is a more proactive strategy the answer to increasing attacks from Russia and China?π Read
via "ITPro".
IT PRO
The IT Pro Podcast: Should the US cyber army be more aggressive? | IT PRO
Is a more proactive strategy the answer to increasing attacks from Russia and China?
π’ Iranian hacking group continues to target US citizens π’
π Read
via "ITPro".
APT35 used phishing attacks and uploaded spyware onto Google Play Storeπ Read
via "ITPro".
IT PRO
Iranian hacking group continues to target US citizens | IT PRO
APT35 used phishing attacks and uploaded spyware onto Google Play Store
π’ Oak9βs IaC security platform now available on AWS π’
π Read
via "ITPro".
The solution speeds up app deployment while providing comprehensive securityπ Read
via "ITPro".
IT PRO
Oak9βs IaC security platform now available on AWS | IT PRO
The solution speeds up app deployment while providing comprehensive security
π’ The best remote access solutions π’
π Read
via "ITPro".
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support toolsπ Read
via "ITPro".
IT PRO
The best remote access software | IT PRO
We round up the top remote access software for mobile workers, including those with collaboration, screen-sharing and support tools
π’ Almost 70% of CISOs expect a ransomware attack π’
π Read
via "ITPro".
Many companies are willing to make ransomware payments in the face of the growing threatπ Read
via "ITPro".
IT PRO
Almost 70% of CISOs expect a ransomware attack | IT PRO
Many companies are willing to make ransomware payments in the face of the growing threat
βΌ CVE-2021-40371 βΌ
π Read
via "National Vulnerability Database".
Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.π Read
via "National Vulnerability Database".
βΌ CVE-2021-21703 βΌ
π Read
via "National Vulnerability Database".
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.π Read
via "National Vulnerability Database".
β Cybersecurity Awareness Month: Listen up β CYBERSECURITY FIRST! β
π Read
via "Naked Security".
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!π Read
via "Naked Security".
Naked Security
Cybersecurity Awareness Month: Listen up β CYBERΒSECURITY FIRST!
Fraser Howard of SophosLabs is truly a world expert in fighting malware. Read now, and learn from the best!
β REvil ransomware gang allegedly forced offline by law enforcement counterattacks β
π Read
via "Naked Security".
One down. Lots more to go. Here's what to do...π Read
via "Naked Security".
Naked Security
REvil ransomware gang allegedly forced offline by law enforcement counterattacks
One down. Lots more to go. Hereβs what to doβ¦
βΌ CVE-2021-40527 βΌ
π Read
via "National Vulnerability Database".
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40526 βΌ
π Read
via "National Vulnerability Database".
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bikeπ Read
via "National Vulnerability Database".
β Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks β
π Read
via "Naked Security".
Everyone remembers this year's big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.π Read
via "Naked Security".
Naked Security
Listen up 2 β CYBERSECURITY FIRST! How to protect yourself from supply chain attacks
Everyone remembers this yearβs big-news supply chain attacks on Kaseya and SolarWinds. Sophos expert Chester Wisniewski explains how to control the risk.
ποΈ Polygon pays out record $2 million bug bounty reward for critical vulnerability ποΈ
π Read
via "The Daily Swig".
Ethical hacker bags top prize for double spend flaw in smart contractπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Polygon pays out record $2 million bug bounty reward for critical vulnerability
Ethical hacker bags top prize for double spend flaw in smart contract
ποΈ Discourse fixes critical validation-related vulnerability in forum software ποΈ
π Read
via "The Daily Swig".
We need to talk about lack of validationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Discourse fixes critical validation-related vulnerability in forum software
We need to talk about lack of validation
β CISA Urges Sites to Patch Critical RCE in Discourse β
π Read
via "Threat Post".
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazonβs Seller Central.π Read
via "Threat Post".
Threat Post
CISA Urges Sites to Patch Critical RCE in Discourse
The patch, urgently rushed out on Friday, is an emergency fix for the widely deployed platform, whose No. 1 most trafficked site is Amazonβs Seller Central.
β Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance? β
π Read
via "Naked Security".
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.π Read
via "Naked Security".
Naked Security
Listen up 3 β CYBERSECURITY FIRST! Cyberinsurance, help or hindrance?
Dr Jason Nurse, Associate Professor in Cybersecurity at the University of Kent, takes on the controversial topic of cyberinsurance.
βΌ CVE-2021-24774 βΌ
π Read
via "National Vulnerability Database".
The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-24515 βΌ
π Read
via "National Vulnerability Database".
The Video Gallery ΓΒ’Γ’β¬Òβ¬Ε Vimeo and YouTube Gallery WordPress plugin through 1.1.4 does not escape the Title and Description of the videos in a gallery before outputting them in attributes, leading to Stored Cross-Site Scripting issuesπ Read
via "National Vulnerability Database".