π¦Ώ WAN report: Complexity continue to grow as more organizations close legacy data centers π¦Ώ
π Read
via "Tech Republic".
The sixth annual report from Aryaka found that IT teams are planning to invest more in 2022 but expect more transparency and control.π Read
via "Tech Republic".
TechRepublic
WAN report: Complexity continue to grow as more organizations close legacy data centers
The sixth annual report from Aryaka found that IT teams are planning to invest more in 2022 but expect more transparency and control.
ποΈ Red Cross suffers cyber-attack β data of 515,000 βhighly vulnerableβ people exposed ποΈ
π Read
via "The Daily Swig".
The βsophisticatedβ attack was detected last weekπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Red Cross suffers cyber-attack β data of 515,000 βhighly vulnerableβ people exposed
The βsophisticatedβ attack was detected last week
β SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack β
π Read
via "Threat Post".
The Fortune 500 integrated services company confirmed a βsystems intrusionβ that occurred in late December and is still under investigation in an SEC filing.π Read
via "Threat Post".
Threat Post
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack
R.R. Donnelly, the integrated services company, confirmed a βsystems intrusionβ that occurred in late December and is still under investigation.
π΄ 4 Ways to Develop Your Team's Cyber Skills π΄
π Read
via "Dark Reading".
Organizations need to invest in professional development β and then actually make time for it.π Read
via "Dark Reading".
Dark Reading
4 Ways to Develop Your Team's Cyber Skills
Organizations need to invest in professional development β and then actually make time for it.
ποΈ White House orders federal agencies to raise cybersecurity bar for national security systems ποΈ
π Read
via "The Daily Swig".
New guidance will bring standards into line with federal civilian networksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
White House orders federal agencies to raise cybersecurity bar for national security systems
New guidance will bring standards into line with federal civilian networks
β Red Cross Begs Attackers Not to Leak 515K Peopleβs Stolen Data β
π Read
via "Threat Post".
The Red Cross was forced to shut down IT systems behind its Restoring Family Links system, which reunites families separated by war, disaster or migration.π Read
via "Threat Post".
Threat Post
Red Cross Begs Attackers Not to Leak Stolen Data for 515K People
A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it's open to confidentially communicating with the attacker.
β Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs β
π Read
via "Threat Post".
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.π Read
via "Threat Post".
Threat Post
Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
βΌ CVE-2022-0285 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32039 βΌ
π Read
via "National Vulnerability Database".
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0π Read
via "National Vulnerability Database".
βΌ CVE-2021-44738 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.π Read
via "National Vulnerability Database".
β S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
Latest epsiode β listen now!
π΄ Enterprises Are Sailing Into a Perfect Storm of Cloud Risk π΄
π Read
via "Dark Reading".
Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.π Read
via "Dark Reading".
Dark Reading
Enterprises Are Sailing Into a Perfect Storm of Cloud Risk
Policy as code and other techniques can help enterprises steer clear of the dangers that have befallen otherwise sophisticated cloud customers.
π¦Ώ Secure your passwords and access them anywhere with LastPass π¦Ώ
π Read
via "Tech Republic".
LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices.π Read
via "Tech Republic".
TechRepublic
Secure your passwords and access them anywhere with LastPass
LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices.
π AIDE 0.17.4 π
π Read
via "Packet Storm Security".
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.π Read
via "Packet Storm Security".
Packetstormsecurity
AIDE 0.17.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GRAudit Grep Auditing Tool 3.3 π
π Read
via "Packet Storm Security".
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.π Read
via "Packet Storm Security".
Packetstormsecurity
GRAudit Grep Auditing Tool 3.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π¦Ώ Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle π¦Ώ
π Read
via "Tech Republic".
The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.π Read
via "Tech Republic".
TechRepublic
Microsoft RDP vulnerability makes it a breeze for attackers to become men-in-the-middle
The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance.
β Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug β
π Read
via "Threat Post".
SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networksβ internal devices.π Read
via "Threat Post".
Threat Post
Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug
UPDATE: SolarWinds has fixed a Serv-U bug discovered when attackers used the Log4j flaw to try to log in to the file-sharing software.
βΌ CVE-2021-44829 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44735 βΌ
π Read
via "National Vulnerability Database".
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45417 βΌ
π Read
via "National Vulnerability Database".
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44091 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters.π Read
via "National Vulnerability Database".