π΄ GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar π΄
π Read
via "Dark Reading".
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.π Read
via "Dark Reading".
Dark Reading
GitHub's MFA Plans Should Spur Rest of Industry to Raise the Bar
We as industry leaders should be building on what individual platforms like GitHub are doing in two critical ways: demanding third parties improve security and creating more interoperable architectures.
π΄ 80% of Firms Suffered Identity-Related Breaches in Last 12 Months π΄
π Read
via "Dark Reading".
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.π Read
via "Dark Reading".
Dark Reading
80% of Firms Suffered Identity-Related Breaches in Last 12 Months
With almost every business experiencing growth in human and machine identities, firms have made securing those identities a priority.
ποΈ Severe Parse Server bug impacts Apple Game Center ποΈ
π Read
via "The Daily Swig".
Fake certificates could be used to bypass authentication controlsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Severe Parse Server bug impacts Apple Game Center
Fake certificates could be used to bypass authentication controls
βΌ CVE-2022-23077 βΌ
π Read
via "National Vulnerability Database".
In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23079 βΌ
π Read
via "National Vulnerability Database".
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23078 βΌ
π Read
via "National Vulnerability Database".
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2174 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.π Read
via "National Vulnerability Database".
π΄ The Risk of Multichannel Phishing Is on the Horizon π΄
π Read
via "Dark Reading".
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.π Read
via "Dark Reading".
Dark Reading
The Risk of Multichannel Phishing Is on the Horizon
The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.
β Capital One identity theft hacker finally gets convicted β
π Read
via "Naked Security".
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!π Read
via "Naked Security".
Naked Security
Capital One identity theft hacker finally gets convicted
It took three years, but the Capital One cracker was convicted in the end. Donβt get caught out in a data breach of your own!
π΄ Evolving Beyond the Password: Vanquishing the Password π΄
π Read
via "Dark Reading".
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)π Read
via "Dark Reading".
Dark Reading
Evolving Beyond the Password: Vanquishing the Password
Using WebAuthn, physical keys, and biometrics, organizations can adopt more advanced passwordless MFA and true passwordless systems. (Part 2 of 2)
π΄ Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops π΄
π Read
via "Dark Reading".
partnership lets users access one-click ScreenMeet sessions from the Tanium platform.π Read
via "Dark Reading".
Dark Reading
Tanium Partners With ScreenMeet to Enable Employees to Securely Connect to Their Remote Desktops
Partnership lets users access one-click ScreenMeet sessions from the Tanium platform.
π΄ Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange π΄
π Read
via "Dark Reading".
Organizations can strengthen their network defense with a number of intelligent security innovations.π Read
via "Dark Reading".
Dark Reading
Zscaler Adds New AI/ML Capabilities for the Zscaler Zero Trust Exchange
Organizations can strengthen their network defense with a number of intelligent security innovations.
π΄ Zscaler and AWS Expand Relationship π΄
π Read
via "Dark Reading".
Zscaler also announced innovations built on Zscalerβs Zero Trust architecture and AWS.π Read
via "Dark Reading".
Dark Reading
Zscaler and AWS Expand Relationship
Zscaler also announced innovations built on Zscalerβs Zero Trust architecture and AWS.
π΄ Zscaler Launches Posture Control Solution π΄
π Read
via "Dark Reading".
Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.π Read
via "Dark Reading".
Dark Reading
Zscaler Launches Posture Control Solution
Enables DevOps and security teams to prioritize and remediate risks in cloud-native applications earlier in the development life cycle.
π1
βΌ CVE-2022-32549 βΌ
π Read
via "National Vulnerability Database".
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20651 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device.π Read
via "National Vulnerability Database".
ποΈ One in every 13 incidents blamed on API insecurity β report ποΈ
π Read
via "The Daily Swig".
Larger organizations are statistically more at risk, warns Impervaπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
One in every 13 incidents blamed on API insecurity β report
Larger organizations are statistically more at risk, warns Imperva
π΄ Getting a Better Handle on Identity Management in the Cloud π΄
π Read
via "Dark Reading".
Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.π Read
via "Dark Reading".
Dark Reading
Getting a Better Handle on Identity Management in the Cloud
Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.
βΌ CVE-2022-23080 βΌ
π Read
via "National Vulnerability Database".
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.π Read
via "National Vulnerability Database".
π΄ Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts π΄
π Read
via "Dark Reading".
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.π Read
via "Dark Reading".
Dark Reading
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.
π΄ Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign π΄
π Read
via "Dark Reading".
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.π Read
via "Dark Reading".
Dark Reading
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.