🔐 iOS-based devices: Zero-touch management essentials 🔐
📖 Read
via "Security on TechRepublic".
Managing multiple devices can be a full-time job. With a few tools in your arsenal, you can optimize mobile devices for zero-touch management.📖 Read
via "Security on TechRepublic".
TechRepublic
iOS-based devices: Zero-touch management essentials
Managing multiple devices can be a full-time job. With a few tools in your arsenal, you can optimize mobile devices for zero-touch management.
❌ Citrix Accelerates Patch Rollout For Critical RCE Flaw ❌
📖 Read
via "Threatpost".
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.📖 Read
via "Threatpost".
Threat Post
Citrix Accelerates Patch Rollout For Critical RCE Flaw
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its the Citrix Application Delivery Controller (ADC) and Citrix Gateway products.
🕴 Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation 🕴
📖 Read
via "Dark Reading: ".
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.📖 Read
via "Dark Reading: ".
Dark Reading
Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.
🕴 Ransomware Upgrades with Credential-Stealing Tricks 🕴
📖 Read
via "Dark Reading: ".
The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.📖 Read
via "Dark Reading: ".
Darkreading
Ransomware Upgrades with Credential-Stealing Tricks
The latest version of the FTCode ransomware can steal credentials from five popular browsers and email clients.
ATENTION‼ New - CVE-2012-5190
📖 Read
via "National Vulnerability Database".
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-5282
📖 Read
via "National Vulnerability Database".
mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-4336 (tikiwiki_cms/groupware)
📖 Read
via "National Vulnerability Database".
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-4322
📖 Read
via "National Vulnerability Database".
websitebaker prior to and including 2.8.1 has an authentication error in backup module.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-4095
📖 Read
via "National Vulnerability Database".
Jara 1.6 has an XSS vulnerability📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-4094
📖 Read
via "National Vulnerability Database".
Jara 1.6 has a SQL injection vulnerability.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-2669
📖 Read
via "National Vulnerability Database".
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2011-2668
📖 Read
via "National Vulnerability Database".
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header📖 Read
via "National Vulnerability Database".
🔐 Why corporate boards are unprepared to handle cybersecurity risks 🔐
📖 Read
via "Security on TechRepublic".
A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.📖 Read
via "Security on TechRepublic".
TechRepublic
Why corporate boards are unprepared to handle cybersecurity risks
A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.
🕴 Avoid That Billion-Dollar Fine: Blurring the Lines Between Security and Privacy 🕴
📖 Read
via "Dark Reading: ".
While doing good for the user is the theoretical ideal, the threat of fiscal repercussions should drive organizations to take privacy seriously. That means security and data privacy teams must work more closely.📖 Read
via "Dark Reading: ".
Dark Reading
Avoid That Billion-Dollar Fine: Blurring the Lines Between Security and Privacy
While doing good for the user is the theoretical ideal, the threat of fiscal repercussions should drive organizations to take privacy seriously. That means security and data privacy teams must work more closely.
ATENTION‼ New - CVE-2005-4891 (simple_machine_forum)
📖 Read
via "National Vulnerability Database".
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.📖 Read
via "National Vulnerability Database".
🔏 Post-GDPR, 160,000 Data Breaches and Counting 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
A new report that aggregates post-GDPR data breach statistics in Europe suggests new, higher fines are to come in 2020.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Post-GDPR, 160,000 Data Breaches and Counting
A new report that aggregates post-GDPR data breach statistics in Europe suggests new, higher fines are to come in 2020.
🛠 WebSploit Framework 4.0.1 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
WebSploit is an advanced man-in-the-middle framework.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
WebSploit Framework 4.0.1 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 SolarWindows MSP n-Central Information Disclosure 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
SolarWindows MSP n-Central Information Disclosure ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Zed Attack Proxy 2.9.0 Cross Platform Package 🛠
📖 Go!
via "Security Tool Files ≈ Packet Storm".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.📖 Go!
via "Security Tool Files ≈ Packet Storm".
Packetstormsecurity
Zed Attack Proxy 2.9.0 Cross Platform Package ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 China-Based Cyber Espionage Group Reportedly Behind Breach at Mitsubishi Electric 🕴
📖 Read
via "Dark Reading: ".
Personal data on over 8,100 individuals and confidential business information likely exposed in June 2019 incident.📖 Read
via "Dark Reading: ".
Darkreading
China-Based Cyber Espionage Group Reportedly Behind Breach at Mitsubishi Electric
Personal data on over 8,100 individuals and confidential business information likely exposed in June 2019 incident.