β 3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches β
π Read
via "Threatpost".
Cisco patched three authentication bypass bugs tied to its DCNM platform used to manages NX-OS.π Read
via "Threatpost".
Threat Post
3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches
Cisco patched three authentication bypass bugs tied to its DCNM platform used to manages NX-OS.
β Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless β
π Read
via "Threatpost".
Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was "temporarily suspending operations."π Read
via "Threatpost".
Threat Post
Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless
Days before Christmas, employees found out that The Heritage Company had been hit by a ransomware attack and was "temporarily suspending operations."
ATENTIONβΌ New - CVE-2012-4451
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.π Read
via "National Vulnerability Database".
π΄ Cisco Drops a Dozen Vulnerability Patches π΄
π Read
via "Dark Reading: ".
Among them are three for critical authentication bypass flaws.π Read
via "Dark Reading: ".
Dark Reading
Cisco Drops a Dozen Vulnerability Patches
Among them are three for critical authentication bypass flaws.
π΄ Ransomware Victim Southwire Sues Maze Operators π΄
π Read
via "Dark Reading: ".
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.π Read
via "Dark Reading: ".
Darkreading
Ransomware Victim Southwire Sues Maze Operators
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.
ATENTIONβΌ New - CVE-2012-5878
π Read
via "National Vulnerability Database".
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-5693
π Read
via "National Vulnerability Database".
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878.π Read
via "National Vulnerability Database".
π 5 predictions for protecting data in the payments and security ecosystem π
π Read
via "Security on TechRepublic".
As demand for personalization and seamless consumer experiences grow, security must keep up, said VISA's chief risk officer.π Read
via "Security on TechRepublic".
TechRepublic
5 predictions for protecting data in the payments and security ecosystem
As demand for personalization and seamless consumer experiences grow, security must keep up, said VISA's chief risk officer.
β Monday review β the hot stories of the holidays β
π Read
via "Naked Security".
From 'Greta Thunberg' malware to Python 3, get yourself up to date with everything we've written since Christmas.π Read
via "Naked Security".
Naked Security
Monday review β the hot stories of the holidays
From βGreta Thunbergβ malware to Python 3, get yourself up to date with everything we've written since Christmas.
π΄ What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets? π΄
π Read
via "Dark Reading: ".
Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.π Read
via "Dark Reading: ".
Dark Reading
What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets?
Misconfigured cloud buckets leak sensitive data. Here's how to keep your Amazon Web Services (AWS) Simple Server Storage (S3) buckets secured.
π΄ Client-Side JavaScript Risks & the CCPA π΄
π Read
via "Dark Reading: ".
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.π Read
via "Dark Reading: ".
Darkreading
Client-Side JavaScript Risks & the CCPA
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
β Hackers Deface U.S. Gov Website With Pro-Iran Messages β
π Read
via "Threatpost".
The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.π Read
via "Threatpost".
Threat Post
Hackers Deface U.S. Gov Website With Pro-Iran Messages
The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.
β Donβt fall for the βStart your 2020 with a gift from usβ scamβ¦ β
π Read
via "Naked Security".
There is no free Macbook. There IS no free Macbook. There is NO free Macbook.π Read
via "Naked Security".
Naked Security
Donβt fall for the βStart your 2020 with a gift from usβ scamβ¦
There is no free MacBook. There IS no free MacBook. There is NO free MacBook.
π΄ Mimecast Acquires Segasec to Boost Phishing Defense π΄
π Read
via "Dark Reading: ".
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.π Read
via "Dark Reading: ".
Dark Reading
Mimecast Acquires Segasec to Boost Phishing Defense
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
β DeathRansom Campaign Linked to Malware Cornucopia β
π Read
via "Threatpost".
One threat actor appears to be behind several ongoing, related campaigns.π Read
via "Threatpost".
Threat Post
DeathRansom Campaign Linked to Malware Cornucopia
One threat actor appears to be behind several ongoing, related campaigns.
π΄ US Government Publishing Office Website Defaced π΄
π Read
via "Dark Reading: ".
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.π Read
via "Dark Reading: ".
Darkreading
US Government Publishing Office Website Defaced
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.
π Mozilla Allows Users to Delete Firefox Telemetry Data π
π Read
via "Subscriber Blog RSS Feed ".
Companies like Mozilla are using the passage of the CCPA as a way to better empower users to delete their own personal data.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Mozilla Allows Users to Delete Firefox Telemetry Data
Companies like Mozilla are using the passage of the CCPA as a way to better empower users to delete their own personal data.
β Magecart Hits Parents and Students via Blue Bear Attack β
π Read
via "Threatpost".
The latest attack takes aim at a vertical-specific e-commerce platform.π Read
via "Threatpost".
Threat Post
Magecart Hits Parents and Students via Blue Bear Attack
The latest attack takes aim at a vertical-specific e-commerce platform.
β ToTok Returned to Google Play Despite βSpy Toolβ Claims β
π Read
via "Threatpost".
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool.π Read
via "Threatpost".
Threat Post
ToTok Returned to Google Play Despite βSpy Toolβ Claims
The communications app faces continued backlash after a New York Times report said it was used as a government spying tool.
π Comcast announces new Wi-Fi 6-certified gateway, security features for internet customers at CES 2020 π
π Read
via "Security on TechRepublic".
Comcast is making its internet service faster and more secure with new hardware and free security features that alerts customers to threats.π Read
via "Security on TechRepublic".
TechRepublic
Comcast announces new Wi-Fi 6-certified gateway, security features for internet customers at CES 2020
Comcast is making its internet service faster and more secure with new hardware and free security features that alerts customers to threats.
π΄ Malicious Google Play Apps Linked to SideWinder APT π΄
π Read
via "Dark Reading: ".
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.π Read
via "Dark Reading: ".
Darkreading
Malicious Google Play Apps Linked to SideWinder APT
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.