π΄ To Secure DevOps, Security Teams Must be Agile π΄
π Read
via "Dark Reading".
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.π Read
via "Dark Reading".
Dark Reading
To Secure DevOps, Security Teams Must be Agile
The evolution of agile development and infrastructure-as-code has given security teams the tools they need to gain visibility, find vulnerabilities early, and continuously evaluate infrastructure.
ποΈ Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change ποΈ
π Read
via "The Daily Swig".
Years-old WAF bypass flaw was discovered in Juneπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Lessons learned: How a severe vulnerability in the OWASP ModSecurity Core Rule Set sparked much-needed change
Years-old WAF bypass flaw was discovered in June
β Google Ads for Faux Cryptowallets Net Scammers At Least $500K β
π Read
via "Threat Post".
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds. π Read
via "Threat Post".
Threat Post
Google Ads for Faux Cryptowallets Net Scammers At Least $500K
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
π¦Ώ US government unveils $10 million bounty for DarkSide ransomware gang leaders π¦Ώ
π Read
via "Tech Republic".
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.π Read
via "Tech Republic".
TechRepublic
US government unveils $10 million bounty for DarkSide ransomware gang leaders
The $10 million is for intel that leads to the identification or location of anyone who holds a leadership position in the DarkSide group.
βΌ CVE-2021-3924 βΌ
π Read
via "National Vulnerability Database".
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3928 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Stack-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-3916 βΌ
π Read
via "National Vulnerability Database".
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')π Read
via "National Vulnerability Database".
βΌ CVE-2021-39412 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3927 βΌ
π Read
via "National Vulnerability Database".
vim is vulnerable to Heap-based Buffer Overflowπ Read
via "National Vulnerability Database".
βΌ CVE-2021-39411 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.π Read
via "National Vulnerability Database".
π Faraday 3.18.1 π
π Read
via "Packet Storm Security".
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.π Read
via "Packet Storm Security".
Packetstormsecurity
Faraday 3.18.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Beyond the Basics: Tips for Building Advanced Ransomware Resiliency β
π Read
via "Threat Post".
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.π Read
via "Threat Post".
Threat Post
Beyond the Basics: Tips for Building Advanced Ransomware Resiliency
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.
β BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released β
π Read
via "Threat Post".
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices β phones, PCs, toys, etc. β to DoS & code execution.π Read
via "Threat Post".
Threat Post
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices β phones, PCs, toys, etc. β to DoS & code execution.
π Friday Five 11/5 π
π Read
via "".
The U.S. blacklists four companies for malicious cyber activities, a ransomware group shuts down, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 11/5
$10 million for ransomware intel, four companies blacklisted for malicious cyber activities, and a new CMMC program gets revamped - catch up on the infosec news of the week with the Friday Five!
β βCustomer complaintβ email scam preys on your fear of getting into trouble at work β
π Read
via "Naked Security".
Stop. Think. Connect. Don't let the crooks trick you into acting in haste.π Read
via "Naked Security".
Naked Security
βCustomer complaintβ email scam preys on your fear of getting into trouble at work
Stop. Think. Connect. Donβt let the crooks trick you into acting in haste.
β S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep57: Europol v. Ransomware, Shrootless bug, and Linux browser flamewars [Podcast]
Latest episode β listen now!
π΄ How InfoSec Should Use the Minimum Viable Secure Product Checklist π΄
π Read
via "Dark Reading".
Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it.π Read
via "Dark Reading".
Dark Reading
How InfoSec Should Use the Minimum Viable Secure Product Checklist
Google and Salesforce executives discuss the need for the newly released MVSP, how tech companies came together to work on it, and how organizations should use it.
βΌ CVE-2021-42699 βΌ
π Read
via "National Vulnerability Database".
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the userΓ’β¬β’s cookie and take over the account.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23566 βΌ
π Read
via "National Vulnerability Database".
Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42698 βΌ
π Read
via "National Vulnerability Database".
Project files are stored memory objects in the form of binary serialized data that can later be read and deserialized again to instantiate the original objects in memory. Malicious manipulation of these files may allow an attacker to corrupt memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42701 βΌ
π Read
via "National Vulnerability Database".
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the userΓ’β¬β’s cloud account.π Read
via "National Vulnerability Database".