ATENTIONβΌ New - CVE-2011-2669
π Read
via "National Vulnerability Database".
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-2668
π Read
via "National Vulnerability Database".
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length headerπ Read
via "National Vulnerability Database".
π Why corporate boards are unprepared to handle cybersecurity risks π
π Read
via "Security on TechRepublic".
A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.π Read
via "Security on TechRepublic".
TechRepublic
Why corporate boards are unprepared to handle cybersecurity risks
A new report recommends that corporate boards answer four key questions on a regular basis to guide cybersecurity governance.
π΄ Avoid That Billion-Dollar Fine: Blurring the Lines Between Security and Privacy π΄
π Read
via "Dark Reading: ".
While doing good for the user is the theoretical ideal, the threat of fiscal repercussions should drive organizations to take privacy seriously. That means security and data privacy teams must work more closely.π Read
via "Dark Reading: ".
Dark Reading
Avoid That Billion-Dollar Fine: Blurring the Lines Between Security and Privacy
While doing good for the user is the theoretical ideal, the threat of fiscal repercussions should drive organizations to take privacy seriously. That means security and data privacy teams must work more closely.
ATENTIONβΌ New - CVE-2005-4891 (simple_machine_forum)
π Read
via "National Vulnerability Database".
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.π Read
via "National Vulnerability Database".
π Post-GDPR, 160,000 Data Breaches and Counting π
π Read
via "Subscriber Blog RSS Feed ".
A new report that aggregates post-GDPR data breach statistics in Europe suggests new, higher fines are to come in 2020.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Post-GDPR, 160,000 Data Breaches and Counting
A new report that aggregates post-GDPR data breach statistics in Europe suggests new, higher fines are to come in 2020.
π WebSploit Framework 4.0.1 π
π Go!
via "Security Tool Files β Packet Storm".
WebSploit is an advanced man-in-the-middle framework.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
WebSploit Framework 4.0.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π SolarWindows MSP n-Central Information Disclosure π
π Go!
via "Security Tool Files β Packet Storm".
This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
SolarWindows MSP n-Central Information Disclosure β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Zed Attack Proxy 2.9.0 Cross Platform Package π
π Go!
via "Security Tool Files β Packet Storm".
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Zed Attack Proxy 2.9.0 Cross Platform Package β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ China-Based Cyber Espionage Group Reportedly Behind Breach at Mitsubishi Electric π΄
π Read
via "Dark Reading: ".
Personal data on over 8,100 individuals and confidential business information likely exposed in June 2019 incident.π Read
via "Dark Reading: ".
Darkreading
China-Based Cyber Espionage Group Reportedly Behind Breach at Mitsubishi Electric
Personal data on over 8,100 individuals and confidential business information likely exposed in June 2019 incident.
π΄ FireEye Buys Cloudvisory π΄
π Read
via "Dark Reading: ".
The purchase is intended to bring new cloud capabilities to the FireEye Helix security platform.π Read
via "Dark Reading: ".
Dark Reading
FireEye Buys Cloudvisory
The purchase is intended to bring new cloud capabilities to the FireEye Helix security platform.
π΄ New Ransomware Tactic Shows How Windows EFS Can Aid Attackers π΄
π Read
via "Dark Reading: ".
Researchers have discovered how ransomware can take advantage of the Windows Encrypting File System, prompting security vendors to release patches.π Read
via "Dark Reading: ".
Darkreading
New Ransomware Tactic Shows How Windows EFS Can Aid Attackers
Researchers have discovered how ransomware can take advantage of the Windows Encrypting File System, prompting security vendors to release patches.
π΄ Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users π΄
π Read
via "Dark Reading: ".
Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β 16Shop Phishing Gang Goes After PayPal Users β
π Read
via "Threatpost".
A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies.π Read
via "Threatpost".
Threat Post
16Shop Phishing Gang Goes After PayPal Users
A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies.
π Bug bounties won't make you rich (but you should participate anyway) π
π Read
via "Security on TechRepublic".
Commentary: There's a lot of hype about bug bounties, but here's some truth.π Read
via "Security on TechRepublic".
TechRepublic
Bug bounties won't make you rich (but you should participate anyway)
Commentary: There's a lot of hype about bug bounties, but here's some truth.
β Nobody boogies quite like you β
π Read
via "Naked Security".
Our unique dancing style can be used by a machine-learning model to ID us, regardless of musical genre. Unless it's Metal. We all headbang.π Read
via "Naked Security".
Naked Security
Nobody boogies quite like you
Our unique dancing style can be used by a machine-learning model to ID us, regardless of musical genre. Unless itβs Metal. We all headbang.
β Regus spills data of 900 staff on Trello board set to βpublicβ β
π Read
via "Naked Security".
Another company has ended up accidentally spilling sensitive data from business collaboration tool Trello.π Read
via "Naked Security".
Naked Security
Regus spills data of 900 staff on Trello board set to βpublicβ
Another company has ended up accidentally spilling sensitive data from business collaboration tool Trello.
β NISTβs new privacy rules β what you need to know β
π Read
via "Naked Security".
How do you ensure you're compliant with privacy regulations? NIST has released a Privacy Framework to help you get your house in order.π Read
via "Naked Security".
Naked Security
NISTβs new privacy rules β what you need to know
How do you ensure youβre compliant with privacy regulations? NIST has released a Privacy Framework to help you get your house in order.
β Ubisoft sues DDoS-for-hire operators for ruining game play β
π Read
via "Naked Security".
The network of sites and services run by the alleged operators target the Rainbow Six Siege game, selling attacks to cheating players.π Read
via "Naked Security".
Naked Security
Ubisoft sues DDoS-for-hire operators for ruining game play
The network of sites and services run by the alleged operators target the Rainbow Six Siege game, selling attacks to cheating players.
β PoC Exploits Do More Good Than Harm: Threatpost Poll β
π Read
via "Threatpost".
More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.π Read
via "Threatpost".
Threat Post
PoC Exploits Do More Good Than Harm: Threatpost Poll
More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.
β New Muhstik Botnet Attacks Target Tomato Routers β
π Read
via "Threatpost".
Palo Alto Networksβ Unit 42 researchers observed a variant of the wormlike botnet that adds scanner technology to brute-force Web authentication.π Read
via "Threatpost".
Threat Post
New Muhstik Botnet Attacks Target Tomato Routers
Palo Alto Networksβ Unit 42 researchers observed a variant of the wormlike botnet that adds scanner technology to brute-force web authentication.