βΌοΈCVE-2023-6540βΌοΈ
π Read more
Via "National Vulnerability Database"
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-50256βΌοΈ
π Read more
Via "National Vulnerability Database"
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements e.g. surname, company name established by the system. Version 2.1.2 fixes this issue. π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2023-5138βΌοΈ
π Read more
Via "National Vulnerability Database"
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.π Read more
Via "National Vulnerability Database"
βΌοΈCVE-2024-21634βΌοΈ
π Read more
Via "National Vulnerability Database"
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denialofservice issue exists in ionjava for applications that use ionjava to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the IonValue model and then invoke certain IonValue methods on that inmemory representation. An actor could craft Ion data that, when loaded by the affected application andor processed using the IonValue model, results in a StackOverflowError originating from the ionjava library. The patch is included in ionjava 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.π Read more
Via "National Vulnerability Database"
ποΈ Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack ποΈ
π Read
via "The Hacker News".
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.As of writing, the account has been restored on the social media platform.It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@π Read
via "The Hacker News".
π Nigerian Faces $7.5m BEC Charges After Charities Are Swindled π
π Read
via "Infosecurity Magazine".
A Nigerian man is facing a 100-year jail term after being arrested on multimillion-dollar BEC chargesπ Read
via "Infosecurity Magazine".
Infosecurity Magazine
Nigerian Faces $7.5m BEC Charges After Charities Are Swindled
A Nigerian man is facing a 100-year jail term after being arrested on multimillion-dollar BEC charges
π Experts Clash Over Ransomware Payment Ban π
π Read
via "Infosecurity Magazine".
Emsisoft has called for a complete ban on ransomware payments after another record-breaking year of attacksπ Read
via "Infosecurity Magazine".
Infosecurity Magazine
Experts Clash Over Ransomware Payment Ban
Emsisoft has called for a complete ban on ransomware payments after another record-breaking year of attacks
π’ UK small businesses plan to ramp up tech investment in 2024 π’
π Read
via "ITPro".
Small business tech investment will be a key focus in the year ahead, but many could struggle to implement new tools π Read
via "ITPro".
ITPro
UK small businesses plan to ramp up tech investment in 2024
Small business tech investment will be a key focus in the year ahead, but many could struggle to implement new tools
ποΈ Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners ποΈ
π Read
via "The Hacker News".
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices.The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down.βThese packages, upon initial use, deploy a CoinMinerπ Read
via "The Hacker News".
π’ LastPass is getting stricter on master passwords in the wake of a disastrous 2022 security breach π’
π Read
via "ITPro".
A minimum character length for LastPass master passwords will now be enforced to reflect βheightened threat levelsβ π Read
via "ITPro".
ITPro
LastPass is getting stricter on master passwords in the wake of a disastrous 2022 security breach
A minimum character length for LastPass master passwords will now be enforced to reflect βheightened threat levelsβ
π’ Accenture brings on 400 tech staff as 6point6 acquisition clears π’
π Read
via "ITPro".
Completion of the deal marks the latest in a series of takeovers by Accenture π Read
via "ITPro".
ITPro
Accenture brings on 400 tech staff as 6point6 acquisition clears
Completion of the deal marks the latest in a series of takeovers by Accenture
ποΈ Three Ways To Supercharge Your Software Supply Chain Security ποΈ
π Read
via "The Hacker News".
Section four of the "Executive Order on Improving the Nationβs Cybersecurity" introduced a lot of people in tech to the concept of a βSoftware Supply Chainβ and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain andπ Read
via "The Hacker News".
π SQLMAP - Automatic SQL Injection Tool 1.8 π
π Read
via "Packet Storm Security".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Read
via "Packet Storm Security".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.8 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
π HealthEC Data Breach Impacts 4.5 Million Patients π
π Read
via "Infosecurity Magazine".
HealthEC said that sensitive medical data was exposed in the breach, which is now thought to have impacted 4.5 million peopleπ Read
via "Infosecurity Magazine".
Infosecurity Magazine
HealthEC Data Breach Impacts 4.5 Million Patients
HealthEC said that sensitive medical data was exposed in the breach, which is now thought to have impacted 4.5 million people
π΄ 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month π΄
π Read
via "Dark Reading".
A new threat actor just concluded a month and a half of two major leaks per day. Now comes phase two: follow-on attacks.π Read
via "Dark Reading".
Darkreading
'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month
A new threat actor just concluded a month and a half of two major leaks per day. Now comes phase two: follow-on attacks.
π Using Stronger Passwords Among Top 2024 Digital Resolutions π
π Read
via "Infosecurity Magazine".
Security measures top Kasperskyβs annual digital resolutions surveyπ Read
via "Infosecurity Magazine".
Infosecurity Magazine
Using Stronger Passwords Among Top 2024 Digital Resolutions
Security measures top Kasperskyβs annual digital resolutions survey
π΄ Navigating the New Age of Cybersecurity Enforcement π΄
π Read
via "Dark Reading".
The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives.π Read
via "Dark Reading".
Darkreading
Navigating the New Age of Cybersecurity Enforcement
The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives.
β€1
π’ 11 million SSH servers are at risk of Terrapin attacks, here's how to protect yourself π’
π Read
via "ITPro".
Millions of SSH servers are potentially vulnerable to Terrapin attacks, with experts urging organizations to remain vigilant π Read
via "ITPro".
ITPro
11 million SSH servers are at risk of Terrapin attacks, here's how to protect yourself
Millions of SSH servers are potentially vulnerable to Terrapin attacks, with experts urging organizations to remain vigilant
π’ 23andMe risks public relations disaster as it blames customers for data breach π’
π Read
via "ITPro".
23andMe has hit back at customers affected by a recent data breach with suggestions theyβre at fault π Read
via "ITPro".
ITPro
23andMe risks public relations disaster as it blames customers for data breach
23andMe has hit back at customers affected by a recent data breach with suggestions theyβre at fault
π’ HealthEC incident shows healthcare data breaches are getting out of control π’
π Read
via "ITPro".
The latest data breach at HealthEC draws attention to healthcareβs endemic cyber security problem π Read
via "ITPro".
ITPro
HealthEC incident shows healthcare data breaches are getting out of control
The latest data breach at HealthEC draws attention to healthcareβs endemic cyber security problem
π Ukraine Blames Russian Sandworm Hackers for Kyivstar Attack π
π Read
via "Infosecurity Magazine".
Ukraineβs security service says Sandworm accessed Kyivstarβs system at least six months before launching the attackπ Read
via "Infosecurity Magazine".
Infosecurity Magazine
Ukraine Blames Russian Sandworm Hackers for Kyivstar Attack
Ukraineβs security service says Sandworm accessed Kyivstarβs system at least six months before launching the attack