π΄ What's in a WAF? π΄
π Read
via "Dark Reading: ".
Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.π Read
via "Dark Reading: ".
Dark Reading
What's in a WAF?
Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.
π΄ As Retailers Prepare for the Holiday Season, So Do Cybercriminals π΄
π Read
via "Dark Reading: ".
Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π Clam AntiVirus Toolkit 0.102.1 π
π Go!
via "Security Tool Files β Packet Storm".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Clam AntiVirus Toolkit 0.102.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Popular Apps on Google Play Store Remain Unpatched β
π Read
via "Threatpost".
Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code executive even if users update.π Read
via "Threatpost".
Threat Post
Popular Apps on Google Play Store Remain Unpatched
Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code-execution even if users update.
β Official Monero site delivers malicious cash-grabbing wallet β
π Read
via "Naked Security".
If you downloaded the Monero command line wallet recently, check it before using it.π Read
via "Naked Security".
Naked Security
Official Monero site delivers malicious cash-grabbing wallet
If you downloaded the Monero command line wallet recently, check it before using it.
π΄ Anatomy of a BEC Scam π΄
π Read
via "Dark Reading: ".
A look at the characteristics of real-world business email compromise attacks - and what makes them tick.π Read
via "Dark Reading: ".
Darkreading
Anatomy of a BEC Scam
A look at the characteristics of real-world business email compromise attacks β and what makes them tick.
β Download: 2019 Security Team Assessment Template β
π Read
via "Threatpost".
The Ultimate 2019 Security Team Assessment Template is a unique tool that encapsulates all the major KPIs of the organizational security teamβs main pillars.π Read
via "Threatpost".
Threat Post
Download: 2019 Security Team Assessment Template
The Ultimate 2019 Security Team Assessment Template is a unique tool that encapsulates all the major KPIs of the organizational security teamβs main pillars.
β Android camera bug could have turned phones against their users β
π Read
via "Naked Security".
Google has patched a bug in the Android camera app that allowed other applications to bypass the strict controls on camera and audio access.π Read
via "Naked Security".
Naked Security
Android camera bug could have turned phones against their users
Google has patched a bug in the Android camera app that allowed other applications to bypass the strict controls on camera and audio access.
π΄ The 'Department of No': Why CISOs Need to Cultivate a Middle Way π΄
π Read
via "Dark Reading: ".
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.π Read
via "Dark Reading: ".
Dark Reading
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
β DNS-over-HTTPS is coming to Windows 10 β
π Read
via "Naked Security".
Microsoft will soon add the ability to use DNS-over-HTTPS and DNS-over-TLS into its networking client.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 6 Top Nontechnical Degrees for Cybersecurity π΄
π Read
via "Dark Reading: ".
A computer science degree isn't the only path into a cybersecurity career.π Read
via "Dark Reading: ".
Dark Reading
6 Top Nontechnical Degrees for Cybersecurity
A computer science degree isn't the only path into a cybersecurity career.
β Gnip Banking Trojan Shows Ongoing, Aggressive Development β
π Read
via "Threatpost".
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.π Read
via "Threatpost".
Threat Post
Gnip Banking Trojan Shows Ongoing, Aggressive Development
The mobile malware, which incorporates Anubis source code, could evolve into a fully fledged spyware in the future.
β Linux Webmin Servers Under Attack by Roboto P2P Botnet β
π Read
via "Threatpost".
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Linux Webmin servers.π Read
via "Threatpost".
Threat Post
Linux Webmin Servers Under Attack by Roboto P2P Botnet
A newly-discovered peer-to-peer (P2P) botnet has been found targeting a remote code execution vulnerability in Webmin Linux servers.
π 75% of developers worry about app security, but half lack dedicated security experts on their team π
π Read
via "Security on TechRepublic".
The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.π Read
via "Security on TechRepublic".
TechRepublic
75% of developers worry about app security, but half lack dedicated security experts on their team
The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.
ATENTIONβΌ New - CVE-2009-5047 (debian_linux, jetty)
π Read
via "National Vulnerability Database".
Jetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) "Cookie Dump Servlet" and 2) Http Content-Length header. 1) A POST request to the form at "/test/cookie/" with the "Age" parameter set to a string throws a "java.lang.NumberFormatException" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request "Content-Length" header set to a letteral string.π Read
via "National Vulnerability Database".
π΄ Google Increases Top Android Hacking Prize to $1M π΄
π Read
via "Dark Reading: ".
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.π Read
via "Dark Reading: ".
Dark Reading
Google Increases Top Android Hacking Prize to $1M
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
π΄ 3 Fundamentals for Better Security and IT Management π΄
π Read
via "Dark Reading: ".
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.π Read
via "Dark Reading: ".
Darkreading
3 Fundamentals for Better Security and IT Management
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
β Microsoft Outlook for Android Bug Opens Door to XSS β
π Read
via "Threatpost".
Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.π Read
via "Threatpost".
Threat Post
Microsoft Outlook for Android Bug Opens Door to XSS
Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.
π Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it π
π Read
via "Security on TechRepublic".
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).π Read
via "Security on TechRepublic".
TechRepublic
Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).
π Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it π
π Read
via "Security on TechRepublic".
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).π Read
via "Security on TechRepublic".
TechRepublic
Business Email Compromise: 5 ways this fraud could happen and what can be done to prevent it
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).