ποΈ Single largest disclosure for vulnerabilities in industrial control security reveals 56 flaws ποΈ
π Read
via "The Daily Swig".
Scores of security issues in industrial control systems unveiledπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Single largest disclosure for vulnerabilities in industrial control security reveals 56 flaws
Scores of security issues in industrial control systems unveiled
π΄ Why Financial Institutions Must Double Down on Open Source Investments π΄
π Read
via "Dark Reading".
Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation.π Read
via "Dark Reading".
Dark Reading
Why Financial Institutions Must Double Down on Open Source Investments
Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation.
βΌ CVE-2021-40511 βΌ
π Read
via "National Vulnerability Database".
OBDA systemsΓ’β¬β’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka Γ’β¬Εbillion laughsΓ’β¬οΏ½) attack allowing denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36761 βΌ
π Read
via "National Vulnerability Database".
The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40510 βΌ
π Read
via "National Vulnerability Database".
XML eXternal Entity (XXE) in OBDA systemsΓ’β¬β’ Mastro 1.0 allows remote attackers to read system files via custom DTDs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39006 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549.π Read
via "National Vulnerability Database".
π΄ Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead π΄
π Read
via "Dark Reading".
Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties.π Read
via "Dark Reading".
Dark Reading
Gartner: Regulation, Human Costs Will Create Stormy Cybersecurity Weather Ahead
Experts tell teams to prepare for more regulation, platform consolidation, management scrutiny, and attackers with the ability to claim human casualties.
βΌ CVE-2022-31095 βΌ
π Read
via "National Vulnerability Database".
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin.π Read
via "National Vulnerability Database".
π΄ RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex π΄
π Read
via "Dark Reading".
After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft.π Read
via "Dark Reading".
Dark Reading
RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex
After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft.
π΄ China-Linked ToddyCat APT Pioneers Novel Spyware π΄
π Read
via "Dark Reading".
ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says.π Read
via "Dark Reading".
Dark Reading
China-Linked ToddyCat APT Pioneers Novel Spyware
ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says.
π΄ VPNs Persist Despite Zero-Trust Fervor π΄
π Read
via "Dark Reading".
Most organizations still rely on virtual private networks for secure remote access.π Read
via "Dark Reading".
Dark Reading
VPNs Persist Despite Zero-Trust Fervor
Most organizations still rely on virtual private networks for secure remote access.
π΄ 7 Ways to Avoid Worst-Case Cyber Scenarios π΄
π Read
via "Dark Reading".
In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data.π Read
via "Dark Reading".
Dark Reading
7 Ways to Avoid Worst-Case Cyber Scenarios
In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data.
π΄ Linux Foundation Announces Open Programmable Infrastructure Project to Drive Open Standards for New Class of Cloud Native Infrastructure π΄
π Read
via "Dark Reading".
Data Processing and Infrastructure Processing Units β DPU and IPU β are changing the way enterprises deploy and manage compute resources across their networks.π Read
via "Dark Reading".
Dark Reading
Linux Foundation Announces Open Programmable Infrastructure Project to Drive Open Standards for New Class of Cloud Native Infrastructure
Data Processing and Infrastructure Processing Units β DPU and IPU β are changing the way enterprises deploy and manage compute resources across their networks.
βΌ CVE-2022-21952 βΌ
π Read
via "National Vulnerability Database".
An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31248 βΌ
π Read
via "National Vulnerability Database".
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1.π Read
via "National Vulnerability Database".
β Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture β
π Read
via "Threat Post".
Culture of βinsecure-by-designβ security is cited in discovery of bug-riddled operational technology devices.π Read
via "Threat Post".
Threat Post
Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Culture of βinsecure-by-designβ security is cited in discovery of bug-riddled operational technology devices.
β Elusive ToddyCat APT Targets Microsoft Exchange Servers β
π Read
via "Threat Post".
The threat actor targets institutions and companies in Europe and Asia.π Read
via "Threat Post".
Threat Post
Elusive ToddyCat APT Targets Microsoft Exchange Servers
The threat actor targets institutions and companies in Europe and Asia.
βοΈ Meet the Administrators of the RSOCKS Proxy Botnet βοΈ
π Read
via "Krebs on Security".
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a Russian man living abroad who also runs the world's top Russian spamming forum.π Read
via "Krebs on Security".
Krebs on Security
Meet the Administrators of the RSOCKS Proxy Botnet
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their maliciousβ¦
β Gamification of Ethical Hacking and Hacking Esports β
π Read
via "Threat Post".
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.π Read
via "Threat Post".
Threat Post
Gamification of Ethical Hacking and Hacking Esports
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.
π΄ GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar π΄
π Read
via "Dark Reading".
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.π Read
via "Dark Reading".
Dark Reading
GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.
π΄ 80% of Firms Suffered Identity-Related Breaches in Last 12 Months π΄
π Read
via "Dark Reading".
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.π Read
via "Dark Reading".
Dark Reading
80% of Firms Suffered Identity-Related Breaches in Last 12 Months
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.