π΄ Managing and Mitigating Risk From Unknown Unknowns π΄
π Read
via "Dark Reading".
Five practical steps to up-level attack surface management programs and gain greater visibility and risk mitigation around the extended ecosystem.π Read
via "Dark Reading".
Dark Reading
Managing and Mitigating Risk From Unknown Unknowns
Five practical steps to up-level attack surface management programs and gain greater visibility and risk mitigation around the extended ecosystem.
βοΈ Lawsuit Seeks Food Benefits Stolen By Skimmers βοΈ
π Read
via "Krebs on Security".
A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via state-issued prepaid debit cards.π Read
via "Krebs on Security".
Krebs on Security
Lawsuit Seeks Food Benefits Stolen By Skimmers
A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines andβ¦
π΄ LockBit Bigwig Arrested for Ransomware Crimes π΄
π Read
via "Dark Reading".
A dual Russian-Canadian citizen is being extradited to the US to face charges related to LockBit ransomware activities.π Read
via "Dark Reading".
Dark Reading
LockBit Bigwig Arrested for Ransomware Crimes
A dual Russian-Canadian citizen is being extradited to the US to face charges related to LockBit ransomware activities.
π΄ Veterans Day Salute: 6 Reasons Why You Want Vets in Your Cyber Platoon π΄
π Read
via "Dark Reading".
We commend vets in cyber, with this look at how the training and experience of former military personnel can be a big, differentiating asset in cybersecurity environments.π Read
via "Dark Reading".
Dark Reading
Veterans Day Salute: 6 Reasons Why You Want Vets in Your Cyber Platoon
We commend vets in cyber, with this slideshow look at how the training and experience of former military personnel can be a big, differentiating asset in cybersecurity environments.
π΄ Twitter's CISO Takes Off, Leaving Security an Open Question π΄
π Read
via "Dark Reading".
Lea Kissner was one of three senior executives to quit this week, leaving many to wonder if the social media giant is ripe for a breach and FTC action.π Read
via "Dark Reading".
Dark Reading
Twitter's CISO Takes Off, Leaving Security an Open Question
Lea Kissner was one of three senior executives to quit this week, leaving many to wonder if the social media giant is ripe for a breach and FTC action.
π2
π΄ Cyberwar and Cybercrime Go Hand in Hand π΄
π Read
via "Dark Reading".
The line between criminal and political aims has become blurred, but motivations matter less than the effects of a breach.π Read
via "Dark Reading".
Dark Reading
Cyberwar and Cybercrime Go Hand in Hand
The line between criminal and political aims has become blurred, but motivations matter less than the effects of a breach.
π3
ποΈ CSRF in Plesk API enabled privilege escalation ποΈ
π Read
via "The Daily Swig".
Bugs in programming interfaces of web hosting admin tool patchedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CSRF in Plesk API enabled server takeover
Bugs in programming interfaces of web hosting admin tool patched
β Emergency code execution patch from Apple β but not an 0-day β
π Read
via "Naked Security".
Not a zero-day, but important enough for a quick-fire patch to one system library...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
β S3 Ep108: You hid THREE BILLION dollars in a popcorn tin? β
π Read
via "Naked Security".
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?
Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks β listen now!
π TOR Virtual Network Tunneling Tool 0.4.7.11 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.11 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π±1
π΄ Okta Launches New Workforce Identity Cloud π΄
π Read
via "Dark Reading".
Okta Worforce Identity Cloud has all three identity functions β identity access management, identity governance, and privilege access management β under the hood.π Read
via "Dark Reading".
Dark Reading
Okta Launches New Workforce Identity Cloud
Okta Worforce Identity Cloud has all three identity functions β identity access management, identity governance, and privilege access management β under the hood.
π΄ Why CVE Management as a Primary Strategy Doesn't Work π΄
π Read
via "Dark Reading".
With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time.π Read
via "Dark Reading".
Dark Reading
Why CVE Management as a Primary Strategy Doesn't Work
With only about 15% of vulnerabilities actually exploitable, patching every vulnerability is not an effective use of time.
ποΈ Prototype pollution project yields another Parse Server RCE ποΈ
π Read
via "The Daily Swig".
Bug emerges from ambition to find βend-to-end exploits beyond DoSβπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
β Dangerous SIM-swap lockscreen bypass β update Android now! β
π Read
via "Naked Security".
A bit like leaving the front door keys under the doormat...π Read
via "Naked Security".
Naked Security
Dangerous SIM-swap lockscreen bypass β update Android now!
A bit like leaving the front door keys under the doormatβ¦
π1
π΄ Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors π΄
π Read
via "Dark Reading".
The bug affects several Aiphone GT models using NFC technology and allows malicious actors to potentially gain access to sensitive facilities.π Read
via "Dark Reading".
Dark Reading
Knock, Knock: Aiphone Bug Allows Cyberattackers to Literally Open (Physical) Doors
The bug affects several Aiphone GT models using NFC technology and allows malicious actors to potentially gain access to sensitive facilities.
π΄ Uyghurs Targeted With Spyware, Courtesy of PRC π΄
π Read
via "Dark Reading".
Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.π Read
via "Dark Reading".
Dark Reading
Uyghurs Targeted With Spyware, Courtesy of PRC
Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.
π΄ Cybersecurity 'Nutrition' Labels Still a Work in Progress π΄
π Read
via "Dark Reading".
Pretty much every aspect of the effort to create easy-to-understand labels for Internet-of-Things (IoT) products is up in the air, according to participants in the process.π Read
via "Dark Reading".
Dark Reading
Cybersecurity 'Nutrition' Labels Still a Work in Progress
Pretty much every aspect of the effort to create easy-to-understand labels for Internet of Things (IoT) products is up in the air, according to participants in the process.
βΌ CVE-2022-36380 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27187 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3945 βΌ
π Read
via "National Vulnerability Database".
Improper Restriction of Excessive Authentication Attempts in GitHub repository kareadita/kavita prior to 0.6.0.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26341 βΌ
π Read
via "National Vulnerability Database".
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.π Read
via "National Vulnerability Database".