β Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture β
π Read
via "Threat Post".
Culture of βinsecure-by-designβ security is cited in discovery of bug-riddled operational technology devices.π Read
via "Threat Post".
Threat Post
Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Culture of βinsecure-by-designβ security is cited in discovery of bug-riddled operational technology devices.
β Elusive ToddyCat APT Targets Microsoft Exchange Servers β
π Read
via "Threat Post".
The threat actor targets institutions and companies in Europe and Asia.π Read
via "Threat Post".
Threat Post
Elusive ToddyCat APT Targets Microsoft Exchange Servers
The threat actor targets institutions and companies in Europe and Asia.
βοΈ Meet the Administrators of the RSOCKS Proxy Botnet βοΈ
π Read
via "Krebs on Security".
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a Russian man living abroad who also runs the world's top Russian spamming forum.π Read
via "Krebs on Security".
Krebs on Security
Meet the Administrators of the RSOCKS Proxy Botnet
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their maliciousβ¦
β Gamification of Ethical Hacking and Hacking Esports β
π Read
via "Threat Post".
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.π Read
via "Threat Post".
Threat Post
Gamification of Ethical Hacking and Hacking Esports
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.
π΄ GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar π΄
π Read
via "Dark Reading".
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.π Read
via "Dark Reading".
Dark Reading
GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.
π΄ 80% of Firms Suffered Identity-Related Breaches in Last 12 Months π΄
π Read
via "Dark Reading".
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.π Read
via "Dark Reading".
Dark Reading
80% of Firms Suffered Identity-Related Breaches in Last 12 Months
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.
ποΈ Severe Parse Server bug impacts Apple Game Center ποΈ
π Read
via "The Daily Swig".
Fake certificates could be used to bypass authentication controlsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Severe Parse Server bug impacts Apple Game Center
Fake certificates could be used to bypass authentication controls
βΌ CVE-2022-23077 βΌ
π Read
via "National Vulnerability Database".
In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23079 βΌ
π Read
via "National Vulnerability Database".
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23078 βΌ
π Read
via "National Vulnerability Database".
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2174 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.π Read
via "National Vulnerability Database".
π΄ The Risk of Multichannel Phishing Is on the Horizon π΄
π Read
via "Dark Reading".
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.π Read
via "Dark Reading".
Dark Reading
The Risk of Multichannel Phishing Is on the Horizon
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.
β Capital One identity theft hacker finally gets convicted β
π Read
via "Naked Security".
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!π Read
via "Naked Security".
Naked Security
Capital One identity theft hacker finally gets convicted
It took three years, but the Capital One cracker was convicted in the end. Donβt get caught out in a data breach of your own!
π΄ Evolving Beyond the Password: Vanquishing the Password π΄
π Read
via "Dark Reading".
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)π Read
via "Dark Reading".
Dark Reading
Evolving Beyond the Password: Vanquishing the Password
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)
π΄ Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops π΄
π Read
via "Dark Reading".
partnership lets users access one-click ScreenMeet sessions from the Tanium platform.π Read
via "Dark Reading".
Dark Reading
Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops
Partnership lets users access one-click ScreenMeet sessions from the Tanium platform.
π΄ Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange π΄
π Read
via "Dark Reading".
Organizations can strengthen their network defense with a number of intelligent security innovations.π Read
via "Dark Reading".
Dark Reading
Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange
Organizations can strengthen their network defense with a number of intelligent security innovations.
π΄ Zscaler and AWS Expand Relationship π΄
π Read
via "Dark Reading".
Zscaler also announced innovations built on Zscalerβs Zero Trust architecture and AWS.π Read
via "Dark Reading".
Dark Reading
Zscaler and AWS Expand Relationship
Zscaler also announced innovations built on Zscalerβs Zero Trust architecture and AWS.
π΄ Zscaler Launches Posture Control Solution π΄
π Read
via "Dark Reading".
Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.π Read
via "Dark Reading".
Dark Reading
Zscaler Launches Posture Control Solution
Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.
π1
βΌ CVE-2022-32549 βΌ
π Read
via "National Vulnerability Database".
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20651 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.π Read
via "National Vulnerability Database".
ποΈ One in every 13 incidents blamed on API insecurity β report ποΈ
π Read
via "The Daily Swig".
Larger organizations are statistically more at risk, warns Impervaπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
One in every 13 incidents blamed on API insecurity β report
Larger organizations are statistically more at risk, warns Imperva