ποΈ GitLab patches RCE bug in GitHub import function ποΈ
π Read
via "The Daily Swig".
Data importation mechanism failed to sanitize importsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GitLab patches RCE bug in GitHub import function
Data importation mechanism failed to sanitize imports
π΄ Attackers Use Automation to Speed from Exploit to Compromise According to Lacework Labs Cloud Threat Report π΄
π Read
via "Dark Reading".
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.π Read
via "Dark Reading".
Dark Reading
Attackers Use Automation to Speed from Exploit to Compromise According to Lacework Labs Cloud Threat Report
New open source Cloud Hunter tool, developed through Lacework Labs research, helps customers get better visibility to reduce response times for incident investigations.
π΄ State of Security Data Management 2022 Report Reveals Overconfidence Masks a Pervasive Data Problem π΄
π Read
via "Dark Reading".
Despite dozens of tools and external vendors, 2 in 3 organizations believe their data strategy isn't sustainable beyond three years, which could leave businesses vulnerable.π Read
via "Dark Reading".
Dark Reading
State of Security Data Management 2022 Report Reveals Overconfidence Masks a Pervasive Data Problem
Despite dozens of tools and external vendors, 2 in 3 organizations believe their data strategy isn't sustainable beyond three years, which could leave businesses vulnerable.
βΌ CVE-2022-41475 βΌ
π Read
via "National Vulnerability Database".
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41473 βΌ
π Read
via "National Vulnerability Database".
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41474 βΌ
π Read
via "National Vulnerability Database".
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41489 βΌ
π Read
via "National Vulnerability Database".
WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.π Read
via "National Vulnerability Database".
β Patch Tuesday in brief β one 0-day fixed, but no patches for Exchange! β
π Read
via "Naked Security".
There's a zero-day patch, but it's not for the zero-day you thought.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text] β
π Read
via "Naked Security".
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...π Read
via "Naked Security".
Naked Security
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Have your say on three deep questions posed by this weekβs podcast. Read or listen as suits you bestβ¦
π΄ Cyberattackers Spoof Google Translate in Unique Phishing Tactic π΄
π Read
via "Dark Reading".
The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.π Read
via "Dark Reading".
Dark Reading
Cyberattackers Spoof Google Translate in Unique Phishing Tactic
The campaign uses a combination of tactics and a common JavaScript obfuscation technique to fool both end users and email security scanners to steal credentials.
π΄ What You Need for a Strong Security Posture π΄
π Read
via "Dark Reading".
From the basics to advanced techniques, here's what you should know.π Read
via "Dark Reading".
Dark Reading
What You Need for a Strong Security Posture
From the basics to advanced techniques, here's what you should know.
π΄ Orange Bank Deploys Real-Time Sanctions Screening with SAS and Neterium π΄
π Read
via "Dark Reading".
SAS and Neterium partnered to deliver Neteriumβs next-gen screening capabilities on SASβ analytics platform.π Read
via "Dark Reading".
Dark Reading
Orange Bank Deploys Real-Time Sanctions Screening with SAS and Neterium
SAS and Neterium partnered to deliver Neteriumβs next-gen screening capabilities on SASβ analytics platform.
π΄ The Playbook for Human-Operated Ransomware π΄
π Read
via "Dark Reading".
Ransomware attacks are on the rise, but organizations also have access to advanced tools and technologies they can use to fight back.π Read
via "Dark Reading".
Dark Reading
The Playbook for Human-Operated Ransomware
Ransomware attacks are on the rise, but organizations also have access to advanced tools and technologies they can use to fight back.
π΄ Nudge Security Launches Platform With Humans in Mind π΄
π Read
via "Dark Reading".
SaaS security platform promises to track down shadow IT, map supply chain risk, and "nudge" employees to work securely.π Read
via "Dark Reading".
Dark Reading
Nudge Security Launches Platform With Humans in Mind
SaaS security platform promises to track down shadow IT, map supply chain risk, and "nudge" employees to work securely.
π΄ DFIN DealMaker Meter: Surge in 'Dark Data' Represents Growing Danger for Corporations π΄
π Read
via "Dark Reading".
This legacy of corporations' appetite for data is not worth the risk, leaders say, emphasizing the need to find, secure and redact recordsπ Read
via "Dark Reading".
Dark Reading
DFIN DealMaker Meter: Surge in 'Dark Data' Represents Growing Danger for Corporations
This legacy of corporations' appetite for data is not worth the risk, leaders say, emphasizing the need to find, secure and redact records
π΄ Tanium Benchmark Sets New Standard for Tracking and Improving Security and Operational Metrics π΄
π Read
via "Dark Reading".
Company enables organizations to mark endpoint performance and take immediate action to mitigate risk.π Read
via "Dark Reading".
Dark Reading
Tanium Benchmark Sets New Standard for Tracking and Improving Security and Operational Metrics
Company enables organizations to mark endpoint performance and take immediate action to mitigate risk.
π΄ QAKBOT Attacks Spike Amid Concerning Cybercriminal Collaborations π΄
π Read
via "Dark Reading".
The QAKBOT group has successfully ramped up its operations, infecting systems, installing attack frameworks, and selling access to other groups, including Black Basta.π Read
via "Dark Reading".
Dark Reading
Qakbot Attacks Spike Amid Concerning Cybercriminal Collaborations
The Qakbot group has successfully ramped up its operations, infecting systems, installing attack frameworks, and selling access to other groups, including Black Basta.
βΌ CVE-2020-26860 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26863 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41484 βΌ
π Read
via "National Vulnerability Database".
Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to contain a buffer overflow in the 0x32384 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26859 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".