π΄ Slow Retreat from Python 2 Threatens Code Security π΄
π Read
via "Dark Reading: ".
The end of life is near for Python 2, and there will be no rising from the grave this time. So why are some companies and developers risking a lack of security patches to stay with the old version of the programming language?π Read
via "Dark Reading: ".
Dark Reading
Slow Retreat from Python 2 Threatens Code Security
The end of life is near for Python 2, and there will be no rising from the grave this time. So why are some companies and developers risking a lack of security patches to stay with the old version of the programming language?
π΄ 32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant π΄
π Read
via "Dark Reading: ".
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.π Read
via "Dark Reading: ".
Darkreading
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
ATENTIONβΌ New - CVE-2010-2783
π Read
via "National Vulnerability Database".
IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2010-2548
π Read
via "National Vulnerability Database".
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.π Read
via "National Vulnerability Database".
β Hackers plead guilty to breach that Uber covered up β
π Read
via "Naked Security".
The two men pointed to Uber's $100K hush-money payment when they tried to extort Linkedin-owned Lynda... that instead called the cops.π Read
via "Naked Security".
Naked Security
Hackers plead guilty to breach that Uber covered up
The two men pointed to Uberβs $100K hush-money payment when they tried to extort Linkedin-owned Lyndaβ¦ that instead called the cops.
β Twitter bans political ads β
π Read
via "Naked Security".
Interesting timing: Right before Facebook's earnings call, two weeks after Facebook said it won't pull political ads that spout lies.π Read
via "Naked Security".
Naked Security
Twitter bans political ads
Interesting timing: Right before Facebookβs earnings call, two weeks after Facebook said it wonβt pull political ads that spout lies.
β Android Keyboard App Could Swindle 40M Users Out of Millions β
π Read
via "Threatpost".
The Ai.type app was removed from Google Play in June 2019 β but still remains on millions of Android devices and is still available from other Android marketplaces, researchers warn.π Read
via "Threatpost".
Threat Post
Android Keyboard App Could Swindle 40M Users Out of Millions
The app was removed from Google Play in June 2019 β but still remains on millions of Android devices and is still available from other Android marketplaces, researchers warn.
β Happy Birthday, CVE! β
π Read
via "Naked Security".
The Common Vulnerabilities and Exposures (CVE) system is 20 years old this week.π Read
via "Naked Security".
Naked Security
Happy Birthday, CVE!
The Common Vulnerabilities and Exposures (CVE) system is 20 years old this week.
π΄ Raising Security Awareness: Why Tools Can't Replace People π΄
π Read
via "Dark Reading: ".
Training your people and building relationships outside of the security organization is the most significant investment a CISO can make.π Read
via "Dark Reading: ".
Dark Reading
Raising Security Awareness: Why Tools Can't Replace People
Training your people and building relationships outside of the security organization is the most significant investment a CISO can make.
ATENTIONβΌ New - CVE-2005-3056
π Read
via "National Vulnerability Database".
TWiki allows arbitrary shell command execution via the Include functionπ Read
via "National Vulnerability Database".
β Apple props up macOS Catalina with 10.15.1 update β
π Read
via "Naked Security".
A vocal minority of the committed Apple base has been quick to express dissatisfaction at the move to Catalina from macOS 10.14 Mojave.π Read
via "Naked Security".
Naked Security
Apple props up macOS Catalina with 10.15.1 update
A vocal minority of the committed Apple base has been quick to express dissatisfaction at the move to Catalina from macOS 10.14 Mojave.
π How to allow SSH connections from LAN and WAN on different ports π
π Read
via "Security on TechRepublic".
Is it possible to configure SSH to listen for connections on both internal and external interfaces, using different ports? Jack Wallen says "yes."π Read
via "Security on TechRepublic".
TechRepublic
How to allow SSH connections from LAN and WAN on different ports
Is it possible to configure SSH to listen for connections on both internal and external interfaces, using different ports? Jack Wallen says "yes."
β Google Discloses Chrome Flaw Exploited in the Wild β
π Read
via "Threatpost".
Google warns exploits in the wild against a Use After Free vulnerability in Chrome's audio component.π Read
via "Threatpost".
Threat Post
Google Discloses Chrome Flaw Exploited in the Wild
Google warns exploits in the wild against a Use After Free vulnerability in Chrome's audio component.
π΄ 8 Holiday Security Tips for Retailers π΄
π Read
via "Dark Reading: ".
As retailers head into the holiday rush, here's how they can protect their businesses from attackers and scammers hoping to wreak havoc during the most wonderful time of the year.π Read
via "Dark Reading: ".
Dark Reading
8 Holiday Security Tips for Retailers
As retailers head into the holiday rush, here's how they can protect their businesses from attackers and scammers hoping to wreak havoc during the most wonderful time of the year.
β S2 Ep15: City under attack! VPN hacked, floppies nixed β
π Read
via "Naked Security".
A latest episode of the Naked Security podcast is out now!π Read
via "Naked Security".
Naked Security
S2 Ep15: City under attack! VPN hacked, floppies nixed
A latest episode of the Naked Security podcast is out now!
π΄ Google Patches Chrome Zero-Day Under Active Attack π΄
π Read
via "Dark Reading: ".
The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers.π Read
via "Dark Reading: ".
Darkreading
Google Patches Chrome Zero-Day Under Active Attack
The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers.
β Stubborn Malware Targets QNAP NAS Hardware Specifically β
π Read
via "Threatpost".
QNAP Systems says there is no known way to remove the Qsnatch malware infecting its NAS devices besides a full factory reset.π Read
via "Threatpost".
Threat Post
Stubborn Malware Targets QNAP NAS Hardware Specifically
QNAP Systems says there is no known way to remove the Qsnatch malware infecting its NAS devices.
β Global Crime Ring Bilks U.S. Military Members, Vets Out of Millions β
π Read
via "Threatpost".
An elaborate fraudster ring stole PII then used DoD and VA benefits portals to steal payments and funds from bank accounts.π Read
via "Threatpost".
Threat Post
Global Crime Ring Bilks U.S. Military Members, Vets Out of Millions
An elaborate fraudster ring stole PII then allegedly used DoD and VA benefits portals to steal payments and funds from bank accounts.
π How to copy a file from one server to another from a third with SSH π
π Read
via "Security on TechRepublic".
Find out how to work some SSH magic, by transferring a file from one machine to another from a third.π Read
via "Security on TechRepublic".
TechRepublic
How to copy a file from one server to another from a third with SSH
Find out how to work some SSH magic, by transferring a file from one machine to another from a third.
π Samhain File Integrity Checker 4.4.0 π
π Go!
via "Security Tool Files β Packet Storm".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Samhain File Integrity Checker 4.4.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π SQLMAP - Automatic SQL Injection Tool 1.3.11 π
π Go!
via "Security Tool Files β Packet Storm".
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
SQLMAP - Automatic SQL Injection Tool 1.3.11 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers