β 5 tips for you and your family on Safer Internet Day β
π Read
via "Naked Security".
Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you've been putting off?π Read
via "Naked Security".
Naked Security
5 tips for you and your family on Safer Internet Day
Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks youβve been putting off?
π΄ Keeping a Strong Security Metrics Framework Strong π΄
π Read
via "Dark Reading: ".
Don't just report metrics -- analyze, understand, monitor, and adjust them. These 10 tips will show you how.π Read
via "Dark Reading: ".
Darkreading
Keeping a Strong Security Metrics Framework Strong
Don't just report metrics -- analyze, understand, monitor, and adjust them. These 10 tips will show you how.
π΄ CIA's Secret Ownership of Crypto AG Enabled Extensive Espionage π΄
π Read
via "Dark Reading: ".
Crypto AG made millions selling encryption devices to more than 120 countries, which unknowingly transmitted intel back to the CIA.π Read
via "Dark Reading: ".
Dark Reading
CIA's Secret Ownership of Crypto AG Enabled Extensive Espionage
Crypto AG made millions selling encryption devices to more than 120 countries, which unknowingly transmitted intel back to the CIA.
π GRR 3.4.0.4 π
π Go!
via "Security Tool Files β Packet Storm".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
GRR 3.4.0.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Adobe Addresses Critical Flash, Framemaker Flaws β
π Read
via "Threatpost".
Overall, Adobe patched flaws tied to 42 CVEs as part of its regularly scheduled updates.π Read
via "Threatpost".
Threat Post
Adobe Addresses Critical Flash, Framemaker Flaws
Overall, Adobe patched flaws tied to 42 CVEs as part of its regularly scheduled updates.
π How to gain more control over DNS with NextDNS: 5 steps π
π Read
via "Security on TechRepublic".
As an alternative to an on-site DNS server, this cloud-hosted DNS service lets you block, filter, and analyze activity across your network and devices.π Read
via "Security on TechRepublic".
TechRepublic
How to gain more control over DNS with NextDNS: 5 steps
As an alternative to an on-site DNS server, this cloud-hosted DNS service lets you block, filter, and analyze activity across your network and devices.
π΄ What Are Some Foundational Ways to Protect My Global Supply Chain? π΄
π Read
via "Dark Reading: ".
Assessing supply chains is one of the more challenging third-party risk management endeavors organizations can take on.π Read
via "Dark Reading: ".
Dark Reading
What Are Some Foundational Ways to Protect My Global Supply Chain?
Assessing supply chains is one of the more challenging third-party risk management endeavors organizations can take on.
π΄ Macs See More Adware, Unwanted Apps Than PCs π΄
π Read
via "Dark Reading: ".
The latest data from Malwarebytes show the average Mac sees almost twice as many bad apps as Windows systems, but actual malware continues to be scarce.π Read
via "Dark Reading: ".
Darkreading
Macs See More Adware, Unwanted Apps Than PCs
The latest data from Malwarebytes show the average Mac sees almost twice as many bad apps as Windows systems, but actual malware continues to be scarce.
π΄ Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits π΄
π Read
via "Dark Reading: ".
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.π Read
via "Dark Reading: ".
Darkreading
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
β EstΓ©e Lauder Exposes 440M Records, with Email Addresses, Network Info β
π Read
via "Threatpost".
Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised.π Read
via "Threatpost".
Threat Post
EstΓ©e Lauder Exposes 440M Records, with Email Addresses, Network Info
Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised.
π΄ Why Ransomware Will Soon Target the Cloud π΄
π Read
via "Dark Reading: ".
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.π Read
via "Dark Reading: ".
Darkreading
Why Ransomware Will Soon Target the Cloud
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.
ATENTIONβΌ New - CVE-2012-4519
π Read
via "National Vulnerability Database".
Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS.π Read
via "National Vulnerability Database".
β Intel Patches High-Severity Flaw in Security Engine β
π Read
via "Threatpost".
The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.π Read
via "Threatpost".
Threat Post
Intel Patches High-Severity Flaw in Security Engine
The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.
π U.S. Indicts Four Chinese Military Members for Equifax Hack π
π Read
via "Subscriber Blog RSS Feed ".
In charging four Chinese nationals with 2017's Equifax hack this week, the DOJ also said intellectual property - Equifax's own trade secrets - were stolen as part of the hack.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
U.S. Indicts Four Chinese Military Members for Equifax Hack
In charging four Chinese nationals with 2017's Equifax hack this week, the DOJ also said intellectual property - Equifax's own trade secrets - were stolen as part of the hack.
π΄ Microsoft Patches Exploited Internet Explorer Flaw π΄
π Read
via "Dark Reading: ".
This month's Patch Tuesday brings fixes for 99 CVEs, including one IE flaw seen exploited in the wild.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2012-2517
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2452
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-2216
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6720 and CVE-2012-6721. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2012-6720 and CVE-2012-6721 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-1124
π Read
via "National Vulnerability Database".
SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2009-4067
π Read
via "National Vulnerability Database".
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.π Read
via "National Vulnerability Database".
β Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches β
π Read
via "Threatpost".
There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.π Read
via "Threatpost".
Threat Post
Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches
There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.