🛡 Cybersecurity & Privacy 🛡 - News

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox

Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.

180 views20:06

Ransomware Groups Turning to Insiders to Help with Attacks

🔏 Ransomware Groups Turning to Insiders to Help with Attacks 🔏

A new survey suggests there's been an uptick in ransomware groups reaching out to employees in hopes they can help them carry out attacks against their company.

📖 Read

via "".

Digital Guardian

A new survey suggests there's been an uptick in ransomware groups reaching out to employees in hopes they can help them carry out attacks against their company.

162 views20:35

❌ New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense ❌

Need a blueprint for architecting a formidable cyber-defense? Kerry Mandiant, senior director at Mandiant, shares hers in this detailed breakdown.

📖 Read

via "Threat Post".

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.

169 views20:35

‼ CVE-2022-23993 ‼

/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call.

📖 Read

via "National Vulnerability Database".

146 views21:19

‼ CVE-2022-22850 ‼

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_types.

📖 Read

via "National Vulnerability Database".

143 views21:19

‼ CVE-2022-21686 ‼

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds.

📖 Read

via "National Vulnerability Database".

138 views21:19

‼ CVE-2022-23990 ‼

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

📖 Read

via "National Vulnerability Database".

129 views21:19

‼ CVE-2021-46114 ‼

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

📖 Read

via "National Vulnerability Database".

132 views21:19

‼ CVE-2022-22852 ‼

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in room_list.

📖 Read

via "National Vulnerability Database".

137 views21:19

‼ CVE-2021-46385 ‼

https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.FormDataAction#queryData. The attack vector is: 0 or sleep(3). Â¶Â¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.

📖 Read

via "National Vulnerability Database".

141 views21:19

❌ ‘Dark Herring’ Billing Malware Swims onto 105M Android Devices ❌

The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.

📖 Read

via "Threat Post".

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices

The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.

156 views21:36

📢 Dark Souls servers taken offline after RCE flaw identified 📢

Experts say PowerShell scripts could have been launched on other players' machines as a result

📖 Read

via "ITPro".

Dark Souls servers taken offline after RCE flaw identified | IT PRO

Experts say PowerShell scripts could have been launched on other players' machines as a result

143 views21:51

📢 DDoS attacks are still a key weapon for corporate extortion 📢

Ransomware isn’t the only rotten fruit, with DDoS attacks deployed both as an extra twist of the knife – and on their own

📖 Read

via "ITPro".

DDoS attacks are still a key weapon for corporate extortion | IT PRO

Ransomware isn’t the only rotten fruit, with DDoS attacks deployed both as an extra twist of the knife – and on their own

136 views21:51

📢 UK's first government cyber strategy aims to bolster public sector defences 📢

The NCSC found that almost half of all cyber incidents recorded between 2020 and 2021 were aimed at the public sector

📖 Read

via "ITPro".

UK's first government cyber strategy aims to bolster public sector defences | IT PRO

The NCSC found that almost half of all cyber incidents recorded between 2020 and 2021 were aimed at the public sector

135 views21:51

Microsoft warns of phishing campaign targeting OAuth tokens

📢 Microsoft warns of phishing campaign targeting OAuth tokens 📢

The attack, which gives hackers persistent access to email accounts, has targeted hundreds of organizations

📖 Read

via "ITPro".

ITPro

The attack, which gives hackers persistent access to email accounts, has targeted hundreds of organizations

137 views21:51

📢 IT Pro Podcast: Learning to live with risk 📢

Taking shortcuts is part of human nature, but it doesn’t have to be a threat to your business

📖 Read

via "ITPro".

IT Pro Podcast Special Edition: Learning to live with risk | IT PRO

Taking shortcuts is part of human nature, but it doesn’t have to be a threat to your business

157 views21:51

📢 Belarusian hacktivists target railway in bid to halt Russian military 📢

The incident is thought to be one of the first times ransomware has been used in hacktivism

📖 Read

via "ITPro".

Belarusian hacktivists target railway in bid to halt Russian military | IT PRO

The incident is thought to be one of the first times ransomware has been used in hacktivism

168 views21:51

❌ Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild ❌

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

📖 Read

via "Threat Post".

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.

172 views22:36

OMB Issues Zero-Trust Strategy for Federal Agencies

🕴 OMB Issues Zero-Trust Strategy for Federal Agencies 🕴

Federal officials tout the strategy as a more proactive approach to securing government networks.

📖 Read

via "Dark Reading".

Dark Reading

Federal officials tout the strategy as a more proactive approach to securing government networks.

158 views22:54

❌ TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade ❌

The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.

📖 Read

via "Threat Post".

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade

The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.

166 views23:06