ποΈ Alan Paller: Infosec world pays homage after SANS founder and infosec luminary dies ποΈ
π Read
via "The Daily Swig".
βHis vision has changed the lives of hundreds of thousands of security practitionersβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Alan Paller: Infosec world pays homage after SANS founder and infosec luminary dies
βHis vision has changed the lives of hundreds of thousands of security practitionersβ
β Millions of Routers, IoT Devices at Risk from New Open-Source Malware β
π Read
via "Threat Post".
BotenaGo, written in Googleβs Golang programming language, can exploit more than 30 different vulnerabilities.π Read
via "Threat Post".
Threat Post
Millions of Routers, IoT Devices at Risk from BotenaGo Malware
BotenaGo, written in Googleβs Golang programming language, can exploit more than 30 different vulnerabilities.
ποΈ HTML smuggling: Fresh attack technique is being used to increasingly target banking sector ποΈ
π Read
via "The Daily Swig".
Evasive malware is being spread via email in campaigns similar to those of nation-state actorsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HTML smuggling: Fresh attack technique increasingly being used to target banking sector
Evasive malware is being spread via email in campaigns similar to those of nation-state actors
π΄ How to Hire ο»Ώβ and Retain ο»Ώβο»Ώ Effective Threat Hunters π΄
π Read
via "Dark Reading".
Key characteristics that should be evaluated include curiosity, disposition, and fit with the culture.π Read
via "Dark Reading".
Dark Reading
How to Hire ο»Ώβ and Retain ο»Ώβο»Ώ Effective Threat Hunters
Key characteristics that should be evaluated include curiosity, disposition, and fit with the culture.
βΌ CVE-2021-43494 βΌ
π Read
via "National Vulnerability Database".
OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43496 βΌ
π Read
via "National Vulnerability Database".
Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38972 βΌ
π Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4140 βΌ
π Read
via "National Vulnerability Database".
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43493 βΌ
π Read
via "National Vulnerability Database".
ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4146 βΌ
π Read
via "National Vulnerability Database".
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38973 βΌ
π Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38985 βΌ
π Read
via "National Vulnerability Database".
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43492 βΌ
π Read
via "National Vulnerability Database".
AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access.π Read
via "National Vulnerability Database".
β S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]
Latest epsiode β listen now!
π¦Ώ Score an extra 15% discount on this cyber analysis training on sale ahead of Black Friday π¦Ώ
π Read
via "Tech Republic".
Eight courses and 51 hours of content on CompTIA CySA+, ethical hacking, social engineering and more. Everything you need to be a certified cybersecurity analyst.π Read
via "Tech Republic".
TechRepublic
Get an extra 15% discount on this cyber analysis training on sale ahead of Black Friday
Eight courses and 51 hours of content on CompTIA CySA+, ethical hacking, social engineering and more. Everything you need to be a certified cybersecurity analyst.
β Mac Zero Day Targets Apple Devices in Hong Kong β
π Read
via "Threat Post".
Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.π Read
via "Threat Post".
Threat Post
Mac Zero Day Targets Apple Devices in Hong Kong
Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.
π Friday Five 11/12 π
π Read
via "".
Apple fixes a macOS zero day, Microsoft warns of HTML smuggling phishing attacks, and more - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 11/12
Apple fixes a macOS zero day, Microsoft warns of HTML smuggling phishing attacks, and more - catch up on the infosec news of the week with the Friday Five!
β Samba update patches plaintext passwork plundering problem β
π Read
via "Naked Security".
When Microsoft itself says STOP USING X, where X is one of its own protocols... we think you should listen.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π¦Ώ The mobile VPNs of 2021 that you need to try π¦Ώ
π Read
via "Tech Republic".
Privacy is essential, especially on a mobile device. These five options available for both Android and iOS can help keep your device secure and your traffic private, but not without cost.π Read
via "Tech Republic".
TechRepublic
The mobile VPNs of 2021 that you need to try
Privacy is essential, especially on a mobile device. These five options available for both Android and iOS can help keep your device secure and your traffic private, but not without cost.
π¦Ώ How AI fights fraud in the telecom industry π¦Ώ
π Read
via "Tech Republic".
Americans lost $29.8 billion in phone fraud over the past year. Can AI fraud detection change this?π Read
via "Tech Republic".
TechRepublic
How AI fights fraud in the telecom industry | TechRepublic
Americans lost $29.8 billion in phone fraud over the past year. Can AI fraud detection change this?
βΌ CVE-2021-41264 βΌ
π Read
via "National Vulnerability Database".
OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).π Read
via "National Vulnerability Database".