π΄ Getting a Better Handle on Identity Management in the Cloud π΄
π Read
via "Dark Reading".
Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.π Read
via "Dark Reading".
Dark Reading
Getting a Better Handle on Identity Management in the Cloud
Treat identity management as a first-priority problem, not something to figure out later while you get your business up and running in the cloud.
βΌ CVE-2022-23080 βΌ
π Read
via "National Vulnerability Database".
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans.π Read
via "National Vulnerability Database".
π΄ Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts π΄
π Read
via "Dark Reading".
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.π Read
via "Dark Reading".
Dark Reading
Fresh Magecart Skimmer Attack Infrastructure Flagged by Analysts
Don't sleep on Magecart attacks, which security teams could miss by relying solely on automated crawlers and sandboxes, experts warn.
π΄ Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign π΄
π Read
via "Dark Reading".
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.π Read
via "Dark Reading".
Dark Reading
Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign
Researchers have spotted the threat group, also known as Fancy Bear and Sofacy, using the Windows MSDT vulnerability to distribute information stealers to users in Ukraine.
π Suit Claims Ex-Consultant Stole 30,000 Files to Start Competing Firm π
π Read
via "".
A new lawsuit alleges this consultant stole a library of data from his former employer - copying it from cloud storage to a USB drive - to start a competing firm.π Read
via "".
π΄ Aqua Security Collaborates With Center for Internet Security to Create Guide for Software Supply Chain Security π΄
π Read
via "Dark Reading".
In addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines.π Read
via "Dark Reading".
Dark Reading
Aqua Security Collaborates With Center for Internet Security to Create Guide for Software Supply Chain Security
In addition, Aqua Security unveiled a new open source tool, Chain-Bench, for auditing the software supply chain to ensure compliance with the new CIS guidelines.
π΄ Neustar Security Services Launches Public UltraDNS Health Check Site π΄
π Read
via "Dark Reading".
Open service generates free report detailing potential gaps in compliance, configuration, and security for a userβs multiple domain names.π Read
via "Dark Reading".
Dark Reading
Neustar Security Services Launches Public UltraDNS Health Check Site
Open service generates free report detailing potential gaps in compliance, configuration, and security for a userβs multiple domain names.
βΌ CVE-2022-23081 βΌ
π Read
via "National Vulnerability Database".
In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32159 βΌ
π Read
via "National Vulnerability Database".
In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.π Read
via "National Vulnerability Database".
π΄ Synopsys Completes Acquisition of WhiteHat Security π΄
π Read
via "Dark Reading".
Addition of WhiteHat Security provides Synopsys with SaaS capabilities and dynamic application security testing (DAST) technology.π Read
via "Dark Reading".
Dark Reading
Synopsys Completes Acquisition of WhiteHat Security
Addition of WhiteHat Security provides Synopsys with SaaS capabilities and dynamic application security testing (DAST) technology.
π΄ Microsoft 365 Users in US Face Raging Spate of Attacks π΄
π Read
via "Dark Reading".
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.π Read
via "Dark Reading".
Dark Reading
Microsoft 365 Users in US Face Raging Spate of Attacks
A voicemail-themed phishing campaign is hitting specific industry verticals across the country, bent on scavenging credentials that can be used for a range of nefarious purposes.
π΄ 80% of Legacy MSSP Users Planning MDR Upgrade π΄
π Read
via "Dark Reading".
False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds.π Read
via "Dark Reading".
Dark Reading
80% of Legacy MSSP Users Planning MDR Upgrade
False positives and staff shortages are inspiring a massive managed detection and response (MDR) services migration, research finds.
βΌ CVE-2017-20085 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20090 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20089 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31009 βΌ
π Read
via "National Vulnerability Database".
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20087 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20088 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20091 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20086 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.π Read
via "National Vulnerability Database".
β S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
Latest epsiode β listen (or read) now!