β Chinaβs Sway Over Tech Companies Tested with Apple, Blizzard β
π Read
via "Threatpost".
Apple has been called out by Chinese state-run media as protecting βrioters,β while Blizzard bans a Hearthstone player for supporting Hong Kong.π Read
via "Threatpost".
Threat Post
Chinaβs Sway Over Tech Companies Tested with Apple, Blizzard
Apple has been called out by Chinese state-run media as protecting βrioters,β while Blizzard bans a Hearthstone player for supporting Hong Kong.
π GRR 3.3.0.8 π
π Go!
via "Security Tool Files β Packet Storm".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
GRR 3.3.0.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Magecart Attack on Volusion Highlights Supply Chain Dangers π΄
π Read
via "Dark Reading: ".
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.π Read
via "Dark Reading: ".
Darkreading
Magecart Attack on Volusion Highlights Supply Chain Dangers
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
π΄ Attackers Hide Behind Trusted Domains, HTTPS π΄
π Read
via "Dark Reading: ".
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.π Read
via "Dark Reading: ".
Darkreading
Attackers Hide Behind Trusted Domains, HTTPS
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
β Sophisticated Spy Kit Targets Russians with Rare GSM Plugin β
π Read
via "Threatpost".
The Attor malware targets government and diplomatic victims with unusual tactics.π Read
via "Threatpost".
Threat Post
Sophisticated Spy Kit Targets Russians with Rare GSM Plugin
The Attor malware targets government and diplomatic victims with unusual tactics.
π McAfee, IBM join forces for global open source cybersecurity initiative π
π Read
via "Security on TechRepublic".
IBM, McAfee and international consortium OASIS are coming together to offer the world a way to develop open source security technologies.π Read
via "Security on TechRepublic".
TechRepublic
McAfee, IBM join forces for global open source cybersecurity initiative
IBM, McAfee and international consortium OASIS are coming together to offer the world a way to develop open source security technologies.
π IRS Employee Stole PII, Committed Fraud π
π Read
via "Subscriber Blog RSS Feed ".
The case illustrates that the government agency could be doing a better job safeguarding tax payer data.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
IRS Employee Stole PII, Committed Fraud
The case illustrates that the government agency could be doing a better job safeguarding tax payer data.
π΄ Check Out New Cybersecurity Tools in the Black Hat Europe Arsenal π΄
π Read
via "Dark Reading: ".
Black Hat Europe returns to the Excel in London December 2-5 bearing a cornucopia of intriguing cybersecurity tools in its Arsenal.π Read
via "Dark Reading: ".
Dark Reading
Check Out New Cybersecurity Tools in the Black Hat Europe Arsenal
Black Hat Europe returns to the Excel in London December 2-5 bearing a cornucopia of intriguing cybersecurity tools in its Arsenal.
π΄ How to Think Like a Hacker π΄
π Read
via "Dark Reading: ".
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.π Read
via "Dark Reading: ".
Dark Reading
How to Think Like a Hacker
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
ATENTIONβΌ New - CVE-2015-9479
π Read
via "National Vulnerability Database".
The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9478
π Read
via "National Vulnerability Database".
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9477
π Read
via "National Vulnerability Database".
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9476
π Read
via "National Vulnerability Database".
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9475
π Read
via "National Vulnerability Database".
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9474
π Read
via "National Vulnerability Database".
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9473
π Read
via "National Vulnerability Database".
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9472
π Read
via "National Vulnerability Database".
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9471
π Read
via "National Vulnerability Database".
The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9470
π Read
via "National Vulnerability Database".
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9469
π Read
via "National Vulnerability Database".
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9468
π Read
via "National Vulnerability Database".
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.π Read
via "National Vulnerability Database".