π΄ Panasonic Hit in Data Breach π΄
π Read
via "Dark Reading".
Tech firm reveals that data on one of its file servers was accessed by attackers.π Read
via "Dark Reading".
Dark Reading
Panasonic Hit in Data Breach
Tech firm reveals that data on one of its file servers was accessed by attackers.
π΄ Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation π΄
π Read
via "Dark Reading".
HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks.π Read
via "Dark Reading".
Dark Reading
Over 1,000 Individuals Arrested in Global Cybercrime-Fighting Operation
HAECHI-II initiative represents Interpol's stepped-up efforts to tackle the operators of financially motivated online scams and other cyberattacks.
π΄ Google Analyzes Methods Behind GCP Workload Attacks π΄
π Read
via "Dark Reading".
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.π Read
via "Dark Reading".
Dark Reading
Google Analyzes Methods Behind GCP Workload Attacks
The vast majority of cloud workload compromises stem from poor security configurations or compromised passwords, while cryptojacking is the common payload, research shows.
π΄ IKEA Email Systems Targeted in Cyberattack π΄
π Read
via "Dark Reading".
Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails.π Read
via "Dark Reading".
Dark Reading
IKEA Email Systems Targeted in Cyberattack
Attackers are reportedly targeting IKEA employees in a phishing campaign that leverages stolen reply-chain emails.
π΄ Phishing Remains the Most Common Cause of Data Breaches, Survey Says π΄
π Read
via "Dark Reading".
Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.π Read
via "Dark Reading".
Dark Reading
Phishing Remains the Most Common Cause of Data Breaches, Survey Says
Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.
π΄ 9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients' Mistrust Toward Privacy π΄
π Read
via "Dark Reading".
Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care.π Read
via "Dark Reading".
Dark Reading
9 out of 10 Healthcare Organizations Provide Telehealth Services, Yet Almost Half Face Patients' Mistrust Toward Privacy
Kaspersky surveyed healthcare decision-makers to learn how the digital transformation of the industry is going and which problems they believe should be solved to create a world in which everyone can gain access to quality care.
βΌ CVE-2021-44427 βΌ
π Read
via "National Vulnerability Database".
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.π Read
via "National Vulnerability Database".
π΄ Armis Now Valued at $3.4B π΄
π Read
via "Dark Reading".
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.π Read
via "Dark Reading".
Dark Reading
Armis Now Valued at $3.4B
One Equity Partners led the $300 million round, increasing the valuation of Armis from the $2 billion valuation it achieved less than 8 months ago.
π΄ Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface π΄
π Read
via "Dark Reading".
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.π Read
via "Dark Reading".
Dark Reading
Stellar Cyber Raises $38M Series B to Address Need to Provide 360-Degree Visibility Across Entire Attack Surface
Oversubscribed round, including Samsung, rewards technical innovations and rapid market adoption, positions company for continued leadership.
βΌ CVE-2021-3727 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).π Read
via "National Vulnerability Database".
βΌ CVE-2021-3769 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3725 βΌ
π Read
via "National Vulnerability Database".
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3726 βΌ
π Read
via "National Vulnerability Database".
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.π Read
via "National Vulnerability Database".
ποΈ HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack ποΈ
π Read
via "The Daily Swig".
Hardware hacking technique gets points for innovation, although some degree of social engineering is requiredπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HP printer vulnerabilities left enterprise networks open to abuse via βcross-site printingβ attack
Hardware hacking technique gets points for innovation, although some degree of social engineering is required
π¦Ώ Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem π¦Ώ
π Read
via "Tech Republic".
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.π Read
via "Tech Republic".
TechRepublic
Cisco releases Shared Signals and Events reference document to solve "head on a swivel" problem
Security standard could improve interoperability among security vendors and expand support for zero trust approach to security.
β Yanluowang Ransomware Tied to Thieflock Threat Actor β
π Read
via "Threat Post".
Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.π Read
via "Threat Post".
Threat Post
Yanluowang Ransomware Tied to Thieflock Threat Actor
A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers from Symantec, a division of Broadcom Software,β¦
ποΈ Panasonic admits data breach after attackers gain access to file server ποΈ
π Read
via "The Daily Swig".
Reports suggest that intrusion may have persisted for monthsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Panasonic admits data breach after attackers gain access to file server
Reports suggest that intrusion may have persisted for months
π Stegano 0.10.1 π
π Read
via "Packet Storm Security".
Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.π Read
via "Packet Storm Security".
Packetstormsecurity
Stegano 0.10.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wapiti Web Application Vulnerability Scanner 3.0.8 π
π Read
via "Packet Storm Security".
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.π Read
via "Packet Storm Security".
Packetstormsecurity
Wapiti Web Application Vulnerability Scanner 3.0.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Finding Your Niche in Cybersecurity π΄
π Read
via "Dark Reading".
With a little patience and research, you can discover a role you love that also protects those around you.π Read
via "Dark Reading".
Dark Reading
Finding Your Niche in Cybersecurity
With a little patience and research, you can discover a role you love that also protects those around you.
β Controversial face matchers Clearview set to be fined over $20m β
π Read
via "Naked Security".
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.π Read
via "Naked Security".
Naked Security
Clearview AI face-matching service set to be fined over $20m
Scraping data for a facial recognition service? βThatβs unlawfulβ, concluded both the British and the Australians.