β Zero-Trust For All: A Practical Guide β
π Read
via "Threat Post".
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures.π Read
via "Threat Post".
Threat Post
Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures.
β S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast] β
π Read
via "Naked Security".
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode β listen now!
π1
βοΈ Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code βοΈ
π Read
via "Krebs on Security".
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the worldβs largest tech companies ultimately led to the groupβs undoing.π Read
via "Krebs on Security".
Krebs on Security
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple timesβ¦
ποΈ Vulnerability in AWS Log4Shell hot patch allowed full host takeover ποΈ
π Read
via "The Daily Swig".
Critical security issues found in quick fixπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Hot patch for Log4Shell vulnerability in AWS allowed full host takeover
Critical security issues found in quick fix
π΄ Creating Cyberattack Resilience in Modern Education Environments π΄
π Read
via "Dark Reading".
From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe.π Read
via "Dark Reading".
Dark Reading
Creating Cyberattack Resilience in Modern Education Environments
From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe.
π Zeek 4.2.1 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.2.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
ποΈ Pwn2Own Miami: Hackers earn $400,000 by cracking ICS platforms ποΈ
π Read
via "The Daily Swig".
Industrial control insecurity laid bare during competitionπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
β QNAP warns of new bugs in its Network Attached Storage devices β
π Read
via "Naked Security".
Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!π Read
via "Naked Security".
Naked Security
QNAP warns of new bugs in its Network Attached Storage devices
Hereβs what you need to know β plus some sensible advice for all the devices on your home or small biz network!
π΄ Comcast Business 2021 DDoS Threat Report: DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise π΄
π Read
via "Dark Reading".
Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.π Read
via "Dark Reading".
Dark Reading
Comcast Business 2021 DDoS Threat Report: DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise
Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.
π΄ Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies π΄
π Read
via "Dark Reading".
New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.π Read
via "Dark Reading".
Dark Reading
Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies
New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.
π΄ Contrast Security Introduces Cloud-Native Automation π΄
π Read
via "Dark Reading".
New integrations enable Contrast capabilities to be delivered to Red Hat OpenShift users.π Read
via "Dark Reading".
Dark Reading
Contrast Security Introduces Cloud-Native Automation
New integrations enable Contrast capabilities to be delivered to Red Hat OpenShift users.
π΄ CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform π΄
π Read
via "Dark Reading".
Collaboration aimed at connecting talent and employers.π Read
via "Dark Reading".
Dark Reading
CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform
Collaboration aimed at connecting talent and employers.
π΄ Fortress Information Security Receives $125M Strategic Investment from Goldman Sachs Asset Management π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Fortress Information Security Receives $125M Strategic Investment from Goldman Sachs Asset Management
π΄ Forescout Enhances Continuum Platform With New OT Capabilities π΄
π Read
via "Dark Reading".
New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.π Read
via "Dark Reading".
Dark Reading
Forescout Enhances Continuum Platform With New OT Capabilities
New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.
π΄ PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks π΄
π Read
via "Dark Reading".
Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations.π Read
via "Dark Reading".
Dark Reading
PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks
Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations.
βΌ CVE-2021-32929 βΌ
π Read
via "National Vulnerability Database".
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28074 βΌ
π Read
via "National Vulnerability Database".
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27404 βΌ
π Read
via "National Vulnerability Database".
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27406 βΌ
π Read
via "National Vulnerability Database".
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32927 βΌ
π Read
via "National Vulnerability Database".
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1437 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.π Read
via "National Vulnerability Database".