βΌ CVE-2021-25980 βΌ
π Read
via "National Vulnerability Database".
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, are vulnerable to Host Header Injection. By luring a victim application-user to click on a link, an unauthenticated attacker can use the Γ’β¬Εforgot passwordΓ’β¬οΏ½ functionality to reset the victimΓ’β¬β’s password and successfully take over their account.π Read
via "National Vulnerability Database".
π΄ Should Our Security Controls Be More Like North Korea or Norway? π΄
π Read
via "Dark Reading".
When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.π Read
via "Dark Reading".
Dark Reading
Should Our Security Controls Be More Like North Korea or Norway?
When the drive for additional visibility and awareness is led by the business rather than just a SOC team, both the business and security can benefit.
β Tiny Font Size Fools Email Filters in BEC Phishing β
π Read
via "Threat Post".
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.π Read
via "Threat Post".
Threat Post
Tiny Font Size Fools Email Filters in BEC Phishing
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.
ποΈ Dependency Combobulator offers defense against namespace confusion attacks ποΈ
π Read
via "The Daily Swig".
Toolkit βtackles common scenariosβ and can evolve to detect emerging attack variantsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dependency Combobulator offers defense against namespace confusion attacks
Toolkit βtackles common scenariosβ and can evolve to detect emerging attack variants
β Patch Tuesday updates the Win 7 updaterβ¦ for at most 1 more year of updates β
π Read
via "Naked Security".
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!π Read
via "Naked Security".
Naked Security
Patch Tuesday updates the Win 7 updater⦠for at most 1 more year of updates
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there wonβt be any double overtime!
π¦Ώ How cybercriminals use bait attacks to gather info about their intended victims π¦Ώ
π Read
via "Tech Republic".
With a bait attack, criminals try to obtain the necessary details to plan future attacks against their targets, says Barracuda.π Read
via "Tech Republic".
TechRepublic
How cybercriminals use bait attacks to gather info about their intended victims
With a bait attack, criminals try to obtain the necessary details to plan future attacks against their targets, says Barracuda.
ποΈ Palo Alto GlobalProtect users urged to patch against critical vulnerability ποΈ
π Read
via "The Daily Swig".
Details withheld about dangerous threat as orgs given one-month patching windowπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Palo Alto GlobalProtect users urged to patch against critical vulnerability
Details withheld about dangerous threat as orgs given one-month patching window
βΌ CVE-2021-43350 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.π Read
via "National Vulnerability Database".
ποΈ Zero tolerance: How infosecβs online βcancel cultureβ is stunting industry growth ποΈ
π Read
via "The Daily Swig".
Fear of Twitter fallout is stopping vital information from being shared Social media backlash and online squabbling is stopping the information security industry from learning from its mistakes, Blackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zero tolerance: How infosecβs online βcancel cultureβ is stunting industry growth
Fear of Twitter fallout is stopping vital information from being shared
π¦Ώ This pre-Black Friday sale lets you save an extra 15% off cybersecurity certification training courses π¦Ώ
π Read
via "Tech Republic".
Receive over 100 hours of expert instruction on globally recognized cybersecurity skills that will help you become an in-demand IT professional.π Read
via "Tech Republic".
TechRepublic
This pre-Black Friday sale lets you save an extra 15% off cybersecurity certification training courses
Receive over 100 hours of expert instruction on globally recognized cybersecurity skills that will help you become an in-demand IT professional.
π¦Ώ How to easily transfer files between computers with croc π¦Ώ
π Read
via "Tech Republic".
If you're looking for an easy command-line tool to transfer files between systems on the same LAN, Jack Wallen believes croc is the tool for the job.π Read
via "Tech Republic".
TechRepublic
How to easily transfer files between computers with croc
If you're looking for an easy command-line tool to transfer files between systems on the same LAN, Jack Wallen believes croc is the tool for the job.
ποΈ GoCD bug chain provides second springboard to supply chain attacks ποΈ
π Read
via "The Daily Swig".
Follow-up to recent GoCD disclosure provides additional path to infiltrating build environmentsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GoCD bug chain provides second springboard for supply chain attacks
Follow-up to recent GoCD disclosure provides additional path to infiltrating build environments
β S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]
Latest epsiode β listen now!
π΄ Third-Party Software Risks Grow, but So Do Solutions π΄
π Read
via "Dark Reading".
Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.π Read
via "Dark Reading".
Dark Reading
Third-Party Software Risks Grow, but So Do Solutions
Enterprises are more dependent than ever on open source software and need to manage the risk posed by vulnerabilities in components and third-party vendors.
π΄ Insider IP Theft Is Surging β and Most Can't Stop It π΄
π Read
via "Dark Reading".
The Great Resignation is upon us, and insider IP theft is surging as a result. But it is a solvable problem.π Read
via "Dark Reading".
Dark Reading
Insider IP Theft Is Surging β and Most Can't Stop It
The Great Resignation is upon us, and insider IP theft is surging as a result. But it is a solvable problem.
β Congress Mulls Ban on Big Ransom Payouts β
π Read
via "Threat Post".
A bill introduced this week would regulate ransomware response by the country's critical financial sector.π Read
via "Threat Post".
Threat Post
Congress Mulls Ban on Big Ransom Payouts Unless Victims Get Official Say-So
A bill introduced this week would regulate ransomware response by the country's critical financial sector.
π¦Ώ Research: Supply chain and COVID-19 challenges forces companies to shift their security strategies π¦Ώ
π Read
via "Tech Republic".
64% of survey respondents reported that their companies have concerns about security risks for supply chains.π Read
via "Tech Republic".
TechRepublic
Research: Supply chain and COVID-19 challenges forces companies to shift their security strategies
64% of survey respondents reported that their companies have concerns about security risks for supply chains.
π΄ What Happens If Time Gets Hacked π΄
π Read
via "Dark Reading".
Renowned hardware security expert raises alarm on the risk and dangers of cyberattackers targeting the current time-synchronization infrastructure.π Read
via "Dark Reading".
Dark Reading
What Happens If Time Gets Hacked
Renowned hardware security expert raises alarm on the risk and dangers of cyberattackers targeting the current time-synchronization infrastructure.
π΄ Cloud Attack Analysis Unearths Lessons for Security Pros π΄
π Read
via "Dark Reading".
Researchers detail their investigation of a cryptomining campaign stealing AWS credentials and how attackers have evolved their techniques.π Read
via "Dark Reading".
Dark Reading
Cloud Attack Analysis Unearths Lessons for Security Pros
Researchers detail their investigation of a cryptomining campaign stealing AWS credentials and how attackers have evolved their techniques.
β Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash β
π Read
via "Threat Post".
A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector.π Read
via "Threat Post".
Threat Post
Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash
A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector.
β Back-to-Back PlayStation 5 Hacks Hit on the Same Day β
π Read
via "Threat Post".
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.π Read
via "Threat Post".
Threat Post
Back-to-Back PlayStation 5 Hacks Hit on the Same Day
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.