π΄ Phishers' Latest Tricks for Reeling in New Victims π΄
π Read
via "Dark Reading: ".
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.π Read
via "Dark Reading: ".
Dark Reading
Phishers' Latest Tricks for Reeling in New Victims
Phishing works because people are, by nature, trusting -- but these evolving phishing techniques make it even tougher for security managers to stay on top.
π Google hopes to protect users with open source differential privacy library π
π Read
via "Security on TechRepublic".
Google's differential privacy library will give organizations a way to study their data while protecting people's information.π Read
via "Security on TechRepublic".
TechRepublic
Google hopes to protect users with open source differential privacy library
Google's differential privacy library will give organizations a way to study their data while protecting people's information.
β Critical Exim Flaw Opens Millions of Servers to Takeover β
π Read
via "Threatpost".
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.π Read
via "Threatpost".
Threat Post
Critical Exim Flaw Opens Millions of Servers to Takeover
A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.
π΄ From Spyware to Ninja Cable π΄
π Read
via "Dark Reading: ".
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.π Read
via "Dark Reading: ".
Darkreading
From Spyware to Ninja Cable
Attackers don't need sophisticated James Bondian hardware to break into your company. Sometimes a $99 device will do.
ATENTIONβΌ New - CVE-2019-10666
π Read
via "National Vulnerability Database".
An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10665
π Read
via "National Vulnerability Database".
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21014
π Read
via "National Vulnerability Database".
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21013
π Read
via "National Vulnerability Database".
The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21012
π Read
via "National Vulnerability Database".
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21011
π Read
via "National Vulnerability Database".
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.π Read
via "National Vulnerability Database".
π΄ Just A Few Questions Before That Bank Withdrawal ... π΄
π Read
via "Dark Reading: ".
And be ready to turn over your first born.π Read
via "Dark Reading: ".
Dark Reading
Just A Few Questions Before That Bank Withdrawal ...
And be ready to turn over your first born.
π Millions of Exim Servers Vulnerable to Remote Code Execution Vulnerability π
π Read
via "Subscriber Blog RSS Feed ".
A critical vulnerability in Exim, by far the world's most popular email server, was disclosed on Friday.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Millions of Exim Servers Vulnerable to Remote Code Execution Vulnerability
A critical vulnerability in Exim, by far the world's most popular email server, was disclosed on Friday.
β Wikipedia, World of Warcraft Downed By Weekend DDoS Attacks β
π Read
via "Threatpost".
Wikipedia and World of Warcraft Classic users reported global outages over the weekend in targeted - and connected - DDoS attacks.π Read
via "Threatpost".
Threat Post
Wikipedia, World of Warcraft Downed By Weekend DDoS Attacks
Wikipedia and World of Warcraft Classic users reported global outages over the weekend in targeted - and connected - DDoS attacks.
π΄ Texas Refuses to Pay $2.5M in Massive Ransomware Attack π΄
π Read
via "Dark Reading: ".
The ransomware campaign affected 22 local governments, none of which have paid the attackers' $2.5 million ransom demand.π Read
via "Dark Reading: ".
Dark Reading
Texas Refuses to Pay $2.5M in Massive Ransomware Attack
The ransomware campaign affected 22 local governments, none of which have paid the attackers' $2.5 million ransom demand.
β Telnet Backdoor Opens More Than 1M IoT Radios to Hijack β
π Read
via "Threatpost".
Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.π Read
via "Threatpost".
Threat Post
Telnet Backdoor Opens More Than 1M IoT Radios to Hijack
Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.
π΄ Public Exposure Does Little to Slow China-Based Thrip APT π΄
π Read
via "Dark Reading: ".
Over the past year, the cyber-espionage group has attacked at least 12 other companies in the military, telecom, and satellite sectors, Symantec says.π Read
via "Dark Reading: ".
Darkreading
Public Exposure Does Little to Slow China-Based Thrip APT
Over the past year, the cyber-espionage group has attacked at least 12 other companies in the military, telecom, and satellite sectors, Symantec says.
β Stealth Falcon Targets Middle East with Windows BITS Feature β
π Read
via "Threatpost".
Cyberespionage attackers have ditched their PowerShell backdoor in favor of the Windows BITS βnotificationβ feature.π Read
via "Threatpost".
Threat Post
Stealth Falcon Targets Middle East with Windows BITS Feature
Cyberespionage attackers have ditched their PowerShell backdoor in favor of the Windows BITS βnotificationβ feature.
β PsiXBot Adds PornModule, Google DNS Service to Its Arsenal β
π Read
via "Threatpost".
Porn-recording feature will likely be used for extortion.π Read
via "Threatpost".
Threat Post
PsiXBot Adds PornModule, Google DNS Service to Its Arsenal
Porn-recording feature will likely be used for extortion.
π More than 99% of attacks in the past year relied on human error to gain access π
π Read
via "Security on TechRepublic".
Experiencing a data breach purely from being internet-connected is quite rare. Hackers rely on users to open or install a malicious payload, according to Proofpoint.π Read
via "Security on TechRepublic".
TechRepublic
More than 99% of attacks in the past year relied on human error to gain access
Experiencing a data breach purely from being internet-connected is quite rare. Hackers rely on users to open or install a malicious payload, according to Proofpoint.