π’ Microsoft unveils Defender for Business at Ignite 2021 π’
π Read
via "ITPro".
The new security suite is aimed at SMBs struggling to protect themselves in today's cyber security landscapeπ Read
via "ITPro".
ITPro
Microsoft unveils Defender for Business at Ignite 2021
The new security suite is aimed at SMBs struggling to protect themselves in today's cyber security landscape
π’ Mitre reveals 10 worst hardware security weaknesses in 2021 π’
π Read
via "ITPro".
The list aims to highlight common hardware flaws to help eliminate them from product development cyclesπ Read
via "ITPro".
IT PRO
Mitre reveals ten worst hardware security weaknesses in 2021 | IT PRO
The list aims to highlight common hardware flaws to help eliminate them from product development cycles
π’ Facebook is shutting down its controversial facial recognition system π’
π Read
via "ITPro".
The move will see more than a billion facial templates removed from Facebook's records amid a push for more private applications of the technologyπ Read
via "ITPro".
IT PRO
Facebook is shutting down its controversial facial recognition system | IT PRO
The move will see more than a billion facial templates removed from Facebook's records amid a push for more private applications of the technology
π’ BlackMatter ransomware gang claims to have ceased operation π’
π Read
via "ITPro".
Despite the announcement made via its client portal, experts believe the hacker group will soon be planning a returnπ Read
via "ITPro".
IT PRO
BlackMatter ransomware gang claims to have ceased operation | IT PRO
Despite the announcement made via its client portal, experts believe the hacker group will soon be planning a return
βΌ CVE-2020-25368 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25367 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34594 βΌ
π Read
via "National Vulnerability Database".
TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-34597 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25366 βΌ
π Read
via "National Vulnerability Database".
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42624 βΌ
π Read
via "National Vulnerability Database".
A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.π Read
via "National Vulnerability Database".
β Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar β
π Read
via "Threat Post".
The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victimsβ machines to steal credentials and personal info.π Read
via "Threat Post".
Threat Post
Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar
The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victimsβ machines to steal credentials and personal info.
ποΈ Human rights activists condemn mass denial of service as Sudanβs nationwide internet shutdown enters second week ποΈ
π Read
via "The Daily Swig".
βAll mobile internet networks are completely cut off,β one journalist on the ground tells The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Human rights activists condemn mass denial of service as Sudanβs nationwide internet shutdown enters second week
βAll mobile internet networks are completely cut off,β one journalist on the ground tells The Daily Swig
π΄ Having Trouble Finding Cybersecurity Talent? You Might Be the Problem π΄
π Read
via "Dark Reading".
Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.π Read
via "Dark Reading".
Dark Reading
Having Trouble Finding Cybersecurity Talent? You Might Be the Problem
Hiring managers must rethink old-school practices to find the right candidates and be ready to engage in meaningful conversations about their company's values. Here are three ways to start.
ποΈ Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software ποΈ
π Read
via "The Daily Swig".
Penetration test reveals severe issues in Hitachi Vantaraβs business solutionπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Remote code execution, SQL injection bugs uncovered in Pentaho Business Analytics software
Penetration test reveals severe issues in Hitachi Vantaraβs business solution
π΄ How to Avoid Another Let's Encrypt-Like Meltdown π΄
π Read
via "Dark Reading".
Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.π Read
via "Dark Reading".
Dark Reading
How to Avoid Another Let's Encrypt-Like Meltdown
Experts weigh in on steps network and security administrators need to take before the next time a root certificate expires.
π΄ Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance π΄
π Read
via "Dark Reading".
The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.π Read
via "Dark Reading".
Dark Reading
Appsian Security Announces Acquisition of Q Software, a Leader in JD Edwards Security and Compliance
The acquisition provides customers of JD Edwards, along with Oracle EBS and Oracle Cloud, with expanded capabilities for data masking, threat detection and response, and real-time analytics across multiple ERP applications.
β Critical Linux Kernel Bug Allows Remote Takeover β
π Read
via "Threat Post".
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.π Read
via "Threat Post".
Threat Post
Critical Linux Kernel Bug Allows Remote Takeover
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
β Free Discord Nitro Offer Used to Steal Steam Credentials β
π Read
via "Threat Post".
A fake Steam pop-up prompts users to βlinkβ Discord account for free Nitro subs.π Read
via "Threat Post".
Threat Post
Free Discord Nitro Offer Used to Steal Steam Credentials
A fake Steam pop-up prompts users to βlinkβ Discord account for free Nitro subs.
ποΈ Majority of consumer IoT vendors still lack vulnerability disclosure programs β report ποΈ
π Read
via "The Daily Swig".
Dismal findings appear to vindicate global efforts to regulate the sectorπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Majority of consumer IoT vendors still lack vulnerability disclosure programs β report
Dismal findings appear to vindicate global efforts to regulate the sector
ποΈ US federal agencies ordered to patch hundreds of actively exploited vulnerabilities ποΈ
π Read
via "The Daily Swig".
CISA directive establishes tight patching deadlinesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US federal agencies ordered to patch hundreds of actively exploited vulnerabilities
CISA directive establishes tight patching deadlines
π¦Ώ US government orders federal agencies to patch 100s of vulnerabilities π¦Ώ
π Read
via "Tech Republic".
The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.π Read
via "Tech Republic".
TechRepublic
US government orders federal agencies to patch 100s of vulnerabilities
The Cybersecurity and Infrastructure Security Agency is maintaining a database of known security flaws with details on how and when federal agencies and departments should patch them.