KnowBe4 at BlackHatπ Read
via "Dark Reading: ".
π‘ Cybersecurity & Privacy news π‘
For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
This line of thinking could get absurd, Indiana's supreme court declared. How do you "steal" something if you don't know who owns it?Formerly preferred diplomatic app WhatsApp apparently isn't up to snuff.Research puts the emerging mobile threatβwhich monitors the whereabouts and device activity of devices users as well as collects personal dataβinto clearer focus.Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.A connected, robotic vacuum cleaner has serious vulnerabilities that could allow remote hackers to view its video footage and launch denial of service attacks.A new campaign is targeting governments with the ForeLord malware, which steals credentials.Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.Researchers have found a way to impersonate mobile devices on 4G and 5G mobile networks, and are calling on operators and standards bodies to fix the flaw that caused it.A developer has discovered that malicious apps could exploit the pasteboard to work out a userβs location.OpenDXL Ontology is intended to allow security components to interoperate right out of the box.Between ransomware attacks on healthcare devices, malware-laced βmedicalβ apps, and fraud services available on the dark net, attackers are pushing the boundaries on targeting healthcare.The next-gen-SOC starts with the next-gen SIEM, and Jason Mical of Devo Technology and Kevin Golas from OpenText talk about what capabilities are required, including threat hunting and greater automation, and how security professionals should exploit the tools.Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.Nate Fick, general manager of Elastic and former CEO of Endgame, talks about the impact of AI and machine learning on security professionals, and how what technologies can be tapped to improve security in the runup to November's election.San Francisco is the site of the RSA 2020 conference, which took place despite cancellations from IBM, Verizon and AT&T.JJ Thompson, senior director of managed threat response for Sophos digs deep into how organizations can start to make sense of the seemingly unlimited data that's available from endpoints, cloud, and on-premises networks. And that's a critical capability as attacker behaviors start to change.The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.Consider this your opportunity to educate.When it comes to machine learning, research and cybercriminal activity is full speed ahead - but legal policy has not yet caught up.CEO Reuven Harrison examines how cloud services have changed how enterprises manage their apps and data, and also offers some tips for security pros tasked with managing either hybrid- or multi-cloud implementations. Harrison also takes on Kubernetes and container security in this News Desk interview.We're thrilled to share that Digital Guardian won the Best Data Loss Prevention (DLP) Solution at the 2020 SC Trust Awards at RSA Conference!A popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage.The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.Possible nation-state supply chain attack acts like a "wolf in sheep's clothing," Sophos says.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17963. Reason: This candidate is a reservation duplicate of CVE-2018-17963. Notes: All CVE users should reference CVE-2018-17963 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000020. Reason: This candidate is a reservation duplicate of CVE-2017-1000020. Notes: All CVE users should reference CVE-2017-1000020 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.Facebook, like other platforms, has seen fake news, mass-buying of face masks, and misinformation about bleach being a cure for COVID-19.Despite the rise in ransomware, a lack of prevention training and stagnant security budgets are putting local governments at risk, according to IBM Security.Evidence is emerging that a change made to Chrome 80 might have disrupted the popular data and user profile stealing malware AZORult.Users looking for a privacy-focused browser might want to consider Brave first, according to a study published this week.Listen to the latest episode now!From vacuum cleaners to baby monitors, the IoT landscape continues to be plagued by concerning security issues that lead to privacy threats.The breach earned derision from both the hacker and observers after another hacker exploited the company's vulnerable setup.Spam, ransomware, and malware continue to haunt organizations, but bad actors are also cooking up new spins on these tried-and-true methods, according to security company Fortinet.Garrison wants to move security away from software and into hardwareWhat a difference one tiny little character can make to a phone number.Cybersecurity is an imperfect science, similar to infectious disease control, according to McAfee CTO.A new Intel report looks at the more than 250 CVEs affecting Intel products in 2019.Security firm specializes in secure cloud architecture and penetration testing.In a RSA 2020 simulation, the Red Team compromised email accounts, created deepfake videos and spread disinformation on Election Day in Adversaria.Machine learning creates a profile of expected email contacts and turns on a stop sign when new people pop up.As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.Th California Consumer Privacy Act is nebulous as it is. Potential changes to the state's privacy laws, slated for later this year, could cloud things further.Attackers shouldn't have been able to remove sensitive data like Social Security numbers from military networks, according to cybersecurity experts.New standards project aims to make it easy to integrate multiple security tools.RSA panelists locked horns over whether the ban preventing US government agencies from doing business with Huawei is unfairly singling out the Chinese telecom giant.CEO Mary T. Barra addressed the high stakes in rolling out self-driving cars and biometric-enhanced vehicles, where one cyber-event could derail plans for emerging automotive technologies.Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks.Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.An automated Google warning to Android app developers regarding mobile app permissions has cut the number of requests in half.Customers for the controversial facial recognition company were detailed in a log file leaked to news organizations.I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.It's not a "state actor", so isn't subject to 1st Amendment scrutiny and can censor PragerU's videos on abortion, gun rights and terrorism.Mozilla has said it plans to make a privacy technology called DNS-over-HTTPS (DoH) the default setting for US users of Firefox within weeks.Six alleged drug criminals will go free thanks to a ransomware attack on a small Florida city, it was revealed this month.Time to worry about how well the facial recognition startup protects its 3b+ database of faceprints scraped from our social media accounts?Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.Patrick Wardle talks about the biggest threats he's seeing impacting Apple devices.The federal agency plans a slew of initiatives to address industrial control security this year.Putting your company on a data diet that reduces the amount of the sensitive data you store or use is a smart way to achieve compliance with GDPR and CCPA.Assembling strong data sets and developing domain expertise are more important than choosing an algorithm.Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.Learn about data breach insurance, why it's important, how it works, and what to look for in a policy in the latest Data Protection 101, our series on the fundamentals of information security.CEO Mary Barra shared the company's commitment to security at RSA 2020.Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say.Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.Anyone can be a target of a Jeff Bezos-level data hack. Here's how to keep your phone protected.Firewall management doesn't mean set it and forget it. Learn tips for effective firewall configuration to protect your organization from security risks and threats.The security industry has the perfect skillset and adversarial defense outlook to deal with some of the emerging societal issues in today's world, said security technologist Bruce Schneier.This year will be a big investment year for 5G for many manufacturers and network operators. Find out what the experts predict will happen next.The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.Vishal Salvi says investing time and developing influence are the keys to making the shift to a secure-by-design mindset.If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient.Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.Karen Roby interviewed a cybersecurity expert about a different threat than COVID-19 brings.valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrite this function to manipulate the inspection results to bypass security checks.serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization.In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption).Karen Roby interviewed an expert about a different threat than COVID-19 brings.Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.Ò⬋ Note that the ftps-extensions option is not enabled by default.On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability.Pindrop's dashboard scores the caller, the device, and the behavior to spot bad actors and authentic customers.SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.From Chrome's mystery zero-day to why the EC has switched to Signal, get yourself up to date with everything we've written in the last week.Without regulation and strong proactive measures, 5G networks remain vulnerable to cyberattacks, and the responsibility falls on businesses and governments.Facebook says OneAudience paid developers to install its social-media-profile-looting SDK into their apps to get marketing data for clients.Less than an hour after the crooks registered their scamming domain, the phishing attack was under way.You might want to unplug this not-so-smart robot: researchers found they can watch video streams piped out from its security camera.Thanks to this flood of free certificates, the web is a lot more encrypted than it was a few years ago.Businesses must prioritize customer protection by taking on some of the responsibility to prevent credential stuffing attacks through multipronged authentication and identity management.An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs in FileUploader.aspx by using empty w and h parameters. This file may contain arbitrary aspx code that may be executed by accessing /Jec/ProductImages/<number>/<filename>. Accessing the file once uploaded does not require authentication.A security error in the Walgreens mobile app may have leaked customers' full names, prescriptions and shipping addresses.Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.Morphisec combines the anti-virus protection in the new Microsoft OS with its own defenses against malware.The tricky trojan has evolved again, to stay a step ahead of defenders.Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API.An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system.Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account via a request to mods/_core/users/admins/create.php or (2) create a user account via a request to mods/_core/users/create_user.php.As cities grow more connected, municipal operators must deal with new risks like ransomware, IoT hacks and more.Ponemon Institute's annual data breach readiness survey suggests the increased adoption of security technologies but the continuation of problems, like spear phishing attacks.A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.When entire regions are quarantined, home-bound people are overloading local switches, reducing international call quality and interrupting connectivity.An error in the app allowed some secure chat users to see medical information that wasn't theirs.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.InfluxDB 0.9.5 has Reflected XSS in the Write Data module.An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter.An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter.EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GDN parameter.EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Control, related to webuser.js.Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code execution and other malicious attacks.The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacker could craft a special map file to execute arbitrary code when the map file is loaded.Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this.Existing controls are often not configured properly or deployed widely, allowing bad actors to steal data.Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site.In all, the update covers five Windows and Linux desktop CVE vulnerabilities, including one rated as critical.Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.The mobile app saves people money but was letting 20 companies know who's taking antipsychotics, erectile dysfunction and HIV meds, and more.It has to do with optics: faces appear to flatten out as we get further away. Our brains compensate, but AI-run facial recognition doesn't.Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.A financial proivider that gives loans but locks them down to turn them into savings... didn't lock down its own network.The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.The two defendants allegedly laundered $100 million for the benefit of North Korean threat actors who stole the funds in 2018.Drug cartels are using cryptocurrency and partnering with hackers to scam banks in Latin American banks.When it comes to securing data, most enterprises are negligent and unaware, according to a Lepide report.Troy Hunt said the popular HIBP will continue to be run as an independent service.Imagine finding yourself in a "hostile" environment, one where you cannot run exploits, tools, and applications without worrying about prying eyes spying on you, be they a legitimate system administrator, a colleague sharing an access with you or a software solution that scans the machine you are logged in to for malicious files. Your binary should live in encrypted form in the filesystem so that no static analysis would be possible even if identified and copied somewhere else. It should be only decrypted on the fly in memory when executed, so preventing dynamic analysis too, unless the decryption key is known. To experiment with such an idea Red Timmy Sec have created the "golden frieza" project.How much data is too much to give away to get online while you're waiting at the train station? In the airport? A shopping mall?The 25-year-old was convicted of 18 charges stemming from illegal access to money stored in online gift cards.New product ratings system comes amid growing shift in the testing market toward more "open and transparent" evaluation of security tools.An exploit published by a developer is easy to use and has already been used to build malicious apps that gain root access on Android devices.Security risks are important considerations with IoT initiatives. A Kaspersky report includes steps to take to prevent an IoT-targeted attack.The cooperative research initiative brings together faculty and students to "focus on problems and cutting-edge ways to solve them."Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.Two contractors claim the U.S. Air Force took their proprietary data and used it to develop, market, and sell their own version of a storage tank used by planes to fight fires.On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug.Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks' Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT.When it's impossible to remediate all vulnerabilities in an organization, data can indicate which bugs should be prioritized.Cybercriminals are finding new ways to get malware on mobile devices, including abusing Android's accessibility features, according to a McAfee report.It removed 5 networks engaged in foreign or government interference in Egypt, India, Russia, Iran, and Myanmar/Vietnam. Some targeted the US.A cybercrime vigilante was so incensed by tech support scammers, he reverse-hacked the Indian call centre to spy on his would-be attackers.There are patches for over 70 bugs, and they finally fixed a months-old exploit for MediaTek chipsets, said to affect millions of devices.We don't want to see what you do behind closed doors, but lots of hackers would be happy to pull up a chair to view that video stream.The number of attacks targeting loyalty and rewards programs is growing. Here are some of the lowlights.Learn from the experts what it takes to keep hackers away from your personal data.Listen to the latest episode now!If your certificate gets revoked and you don't renew it, visitors won't be able to get to your site...By taking proactive action, organizations can face down threats with greater agility and earned confidence.The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.Around 600,000 of the supermarket's 12 million loyalty program members have been warned about a cyberattack.If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient.There are many challenges to safely carrying data and equipment on international travels, but the right policy can make navigating the challenges easier and more successful.Garrison is using ARM processor chips to create a hardware defense against data breaches and malware.Three years after the Shadow Brokers published zero-day exploits stolen from the National Security Agency, the SMB compromise continues to be a popular Internet attack.A recent phishing campaign used OneNote to distribute the Agent Tesla keylogger.Despite an increase in usage, a Valimail report found that of the 933,000 organizational domains with DMARC, only 13% are at enforcement.Here are four ways to make inroads with the DevOps team -- before it's too late.Dozens of routers are patched by Netgear as it snuffs out critical, high and medium severity flaws.This armor safety company claims a former employee stole secrets via a USB drive and used them to net a multi-million dollar contractThe coronavirus is spurring questions and concerns in the tech industry. Get tips about remote work, interviewing and hiring, travel, and cybersecurity, as well as the latest news.How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.If the "malware-free" attack trajectory continues, it could mean major trouble for defenders, according to experts from CrowdStrike and other security companies.Domain validation glitch prompts an abrupt decision.There's an attachment that you are "strongly recommended to read" on account of coronavirus infections in your area. Don't open it!It's charging subpar password security and lousy user notification: Zynga has yet to notify users to warn them of the breach, the suit says.While 1.7 million of the certificates potentially affected by a CAA bug have already been replaced, around 1 million are still active.An analysis of spam subject lines and malicious domains shows that attackers have been betting on Trump and Sanders to snag public interest.Google has announced FuzzBench, a free service βfor painlessly evaluating fuzzers in a reproducible way.βHackers are crawling all over the US Department of Defense's websites - and DoD officials are quite happy about the whole thing.Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/ PRAU accept/while logging DL message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCS404, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SC8180X, SDA845, SDM450, SDX20, SDX24, SDX55, SXR1130Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, MDM9640, SDA660, SDM636, SDM660, SDX20Facebook denies that it's cringing away from its virtual currency plans due to the fact that regulators loathe it.The high-severity flaws, existing in Webex Player and Webex Network Recording Player, can allow arbitrary code execution.Unintended consequences and risks need board-level attention and action.sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Consumers now expect businesses to communicate via text, but there are ways to do it securely without using a smartphone.Software security company identified 92 billion malicious mails in Q4 and a spike in Emotet and ransomware.Just-in-time manufacturing and low inventory levels mean even a short disruption can cause business interruptions.The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.Two years after the administrator of the Grams search engine shuttered the service, another search engine for finding questionable and illegal goods on the Dark Web has opened up shop.A study finds that ID fraud is a greater concern than murder for 47% of Americans.The first question each new CISO must answer is, "What should I do on Monday morning?" My suggestion: Go back to basics. And these steps will help.With the spread of coronavirus, businesses are increasingly asking staff to work from home. We asked experts how to keep cybersecurity policies in place.If security measures were made easier for end users, would your organization be more secure?SC Labs' review highlights the visibility provided by the solution, its ability to identify, tag, and fingerprint sensitive data, and provide insider/external threat protection.Chris Eng with Veracode talks about how organizations are falling into security debt due to patch management issues.Meanwhile, breach incidents have hit Carnival Cruise Lines, T-Mobile and J. Crew customers.The separate incidents show how data theft knows no market-based limits.Approach is a twist to the old method of using fake software, browser updates, Kaspersky says.Software security company identified 92 billion malicious mails in Q4 and a spike in Emotet and ransomware.The makers of NordVPN have come out with a new version of their NordPass password manager. Find out how to install and use it.The UK pharmacy chain says it wasn't hacked, its systems are fine. It's all the password reusers mucking things up again!The ICO found a "catalog of errors," including backups without passwords, unpatched servers, no-longer-supported OSes and feeble anti-virus.Ledger has warned users about a rogue Chrome extension that duped users into giving up the keys to their hardware crypto wallets.Researchers have found itβs still childβs play to hijack subdomains from companies such as Microsoft to use in phishing and malware attacks.It's true - Android on an iPhone. OK, a few things don't work yet... such as sound. And the phone bit.Increasing security around our election process and systems will take a big effort from many different parties. Here's how.An insider, or security expert with physical access, can compromise the hardware protections of Intel chips sold in the past five years.How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool.National security professionals tightly monitor Super Tuesday voting, Coronavirus complicates security operations, and moreΒ - catch up on the week's news with the Friday Five.Don't let teleworking due to concerns over the coronavirus (Covid-19) put your cybersecurity health at risk....Follow these tips to keep your Windows-based servers operating smoothly, securely, and efficiently.A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter.In cybersecurity circles, the Coronavirus is spurring anxiety over the virtual abuse of the deadly disease by scammers.The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts.The former Supreme Allied Commander of NATO gives Dark Reading his take on the greatest cyber threats our nation and its businesses face today.A federal grand jury has indicted Charles K. Edwards on 16 counts related to a conspiracy to steal software from one department and sell an enhanced version to another.The outbreak is slowing down in China while the WHO warns the rest of the world to "pull out all the stops" to control the spread of the illness.It's a fine line between countries sharing data in order to help with common interests and imposing on the privacy of those who provide it. The World Economic Forum's director weighs in.It's a fine line between countries sharing data in order to help with common interests and imposing on the privacy of those who provide it. The World Economic Forum's director weighs in.Ryuk, DoppelPaymer, Parinacota and other ransomware groups are getting more sophisticated, Microsoft warns.Security pros detail the common and concerning ways attackers target enterprise cloud environments.PwndLocker is harder to detect than other crypto-malware, Crypsis Group says.To celebrate International Women's Day we invite you to this all-female splinter episode.setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.From an ultrasonic attack on Siri and Google Assistant to the guy who hacked back at tech support scammers - and everything in between.Cybercriminals compromise over a million Microsoft enterprise accounts each month as too few customers use multi-factor authentication.The US government is tightening its rules around the registration of government web domains to stop fraudsters impersonating government sites.Microsoft has finally clarified how users can fix a Windows security measure that has been causing hardware problems: turn it off.The makers of NordVPN have come out with a new version of their NordPass password manager. Find out how to install and use it.One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.How long do Android devices continue to receive security updates after theyβre purchased? The answer is: barely two years.Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures.New side-channel attacks have been disclosed in AMD CPUs, however AMD said that they are not new.In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption].JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.A new malware campaign that offers a "coronavirus map" delivers a well-known data-stealer.This tool can be used to exploit vulnerable versions of RichFaces. It has payloads for 4 vulnerabilities that have been identified, which can lead to remote code execution via java deserialization and EL injection.A vulnerability is Microsoft Exchange servers is being actively exploited by multiple APT groups, researchers warn.If you lose someone's data because of a configuration blunder that lets crooks in without any actual hacking... is that a "breach" or not?Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.A one-time inspector general at the Department of Homeland Security was indicted on Friday on charges he conspired to steal the U.S. government's proprietary software and databases.JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action.JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an image file to the /com_jce/editor/libraries/classes/browser.php script.SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.Attackers are purporting to send victims HIV test results - but in reality are convincing them to download the Koadic RAT.US carriers haven't been doing enough to block robocalls voluntarily. The Federal Communications Commission's response? Fine - we'll make you.There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.Crime doesn't pay, even if you have the audacity to try to sell your employer its own, free software and personal data on your own colleagues.The man became a suspect because location data from his Android phone was swept up in a surveillance dragnet called a geofence warrant.Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.The FBI has warned users of Microsoft Office 365 and Google G Suite hosted email about Business Email Compromise (BEC) scams.New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secretAn issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.Security researchers found vulnerabilities that can affect multi-tenant environments such as public clouds or shared enterprise workloads.With better tools that identify potential threats even before developers address them, a new problem has arisen.In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.The U.S. Department of Health and Human Services finalized two new rules designed to give patients better control over their data.The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.Whether they leave for a better job or get fired, and whether they mean to cause problems or do so out of ignorance, ex-workers can pose a threat to your company.Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.But roughly 2 million infected systems remain in the wild, and infected systems could be reactivated at any time.Patch Tuesday features several remote code execution flaws in Microsoft Word.The bug has been under active attack as a zero-day.Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.March security updates include 115 CVEs patching everything from Windows, Office and Microsoftβs new Chromium-based Edge web browser.Bugs affecting programmable logic controllers (PLC) and physical access-control systems for facilities are rated 9.8 in severity.The organizers of the popular security conference, RSA, which drew over 36,000 people to San Francisco in February, confirmed that at least two people who attended have tested positive for COVID-19.82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.Brave is testing a new defence against fingerprinting: confusing algorithms by randomising some of the data they collect.The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIA's cyber arsenal.Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the worldβs most prolific botnet used to distribute malware and infect victim computers.A Deloitte survey about ransomware also recommends that local governments use air-gapped system backups.The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).Listen to the latest episode now!Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.CVE-2020-0796 affects version 3.1.1 of Microsoftβs SMB file-sharing system and was not included in Patch Tuesday.Microsoft fixed bugs across a range of products on patch Tuesday, issuing patches for 115 distinct CVEs, with 26 rated critical.If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows."TRRespass" is a new trick for rowhammering - an attack where you write to a memory chip by reading it over and over (and over) again.Prepare for the future by adopting a risk-based approach. Following these five steps can help.The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection.A new report says the federal government and the private sector needs to better defend the United States in cyberspace.The Mirai botnet is known for targeting Internet of Things devices and conducting massive DDoS attacks, as described by cyberthreat researcher Check Point Research.More than half of organizations have adopted AI for security efforts, but a majority are more confident in results verified by humans, according to WhiteHat Security.Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.A patch for the flaw is not yet available, but there are no known exploits -- so far.To get back up and running quickly, and because it's cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware.The federal commission outlined more than 60 recommendations to remedy major security problems.Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.Necurs, one of the world's biggest botnets, infected over 9 million computers worldwide.Both Google and Apple have removed at least some of the apps from the company, Sensor Tower.Businesses now manage an average of 13.53 petabytes of data, but struggle to keep it secure.Intelβs March security updates reached its customers this week and the dominant theme is the bundle of flaws affecting Graphics drivers.Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.A Dutch researcher claimed Google's very first annual Cloud Platform bug-bounty prize, for a clever container escape exploit.A month after shipping version 73 of its Firefox browser, Mozilla has released version 74 with a range of privacy and security enhancements.Eight million customer records belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe were collected.Research from Atlas VPN found that criminals' net proceeds outpace the revenue made by tech giants each year.A vulnerability in Microsoft's Server Message Block protocol prompted concerns of wormable exploits when it was disclosed this week.COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.Microsoft issued an out-of-band security update for a critical SMB bug (CVE-2020-0796) on Thursday.A study from Resilience360 listed cyberthreats as one of the biggest issues facing global supply chains in 2020.A CASB isn't a WAF, isn't an NGF, and isn't an SWG. So what is it, precisely, and why do you need one to go along with all the other letters? Read on for the answer.Two malware modifications, when combined, can snatch cookies collected by browsers and social networking apps.Cookiethief steals cookies to infiltrate Facebook and other web service accounts.While PXJ performs typical ransomware functions, it does not appear to share the same underlying code with most known ransomware families.The trojans are designed to gain control of Facebook user accounts by capturing browser cookies in Android, says Kaspersky.The costs associated with data breaches climb alongside the amount of data managed by the enterprise according to the latest Global Protection Index Snapshot.Threat actor's practice of using known malware and tactics gives an opening for defenders, says Recorded Future.bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.yidashi yii2cmf 2.0 has XSS via the /search q parameter.bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name.bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack.Researchers say the exposure includes exact locations of users' last posts, nicknames, age, and gender.As of June 2019, CBP had processed more than 20 million travelers using facial recognition, civil rights group ACLU says.The bill, which would undercut Section 230 protections for online publishing, presents itself as a way to stop online child abuse.While there have been some successes when it comes to getting women involved in tech, by and large, we haven't made enough progress.Civil-liberties group wants more transparency about who the government is partnering with and how they are using the information gathered in biometric checks.What kind of school project is this?Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.The cruise liner, forced to shut down operations due to coronavirus, says the incident may have compromised passengers' personal data.While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.The APT group was spotted sending spear-phishing emails that purport to detail information about coronavirus - but they actually infect victims with a custom RAT.Ryuk Ransomware targets another U.S. city, University of Kentucky ends a month-long cyberattack, and a secret-sharing app exposes user data - catch up on the week's news with the Friday Five.Infosec professionals may feel not only fatigued, but isolated, unwell, and unsafe. And the problem may hurt both them and the businesses they aim to protect.Two dozen individuals have been named in the latest arrests of alleged participants in a business email compromise scheme that cost victims $30 million.The high-severity flaw allows malicious code injection into website pop-up windows.Organizations are sending employees and students home to work and learn -- but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.There are steps that IT departments can take to strengthen their technical infrastructure in advance of COVID-19's arrival at their facility.AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.Amazon and eBay shopper data was exposed, and the EARN IT act threatens end-to-end encryption. These stories and more in the weekly roundup.Concerns over cybersecurity risk and possible spying by China have already brought about bans from DHS, DoD, TSA, and the State Department.Open source bugs have skyrocketed, according to a report from WhiteSource, with XSS flaws account for a quarter of those bugs.The IICSA report cited "unprecedented levels of depravity" and said that encryption is getting in the way of current screening.Whatβs the difference between a scheduled security update and one thatβs out-of-band? In this case, it's two days.Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.The Sunday cybersecurity attack was designed to slow down the agency's systems as it tries to grapple with the spread of COVID-19.When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.Contao before 4.5.7 has XSS in the system log.Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.An academic study found Microsoft's Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers.A Venafi study looked into what digital infrastructure will suffer from cyberattacks, which are most vulnerable, and what it means.A jury ruled the telecom is owed upwards to $420 million in damages after a Chinese company was caught stealing its trade secrets for radios.Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer over-read in the EXTRACT_32BITS function (extract.h, called from the rx_cache_find function, print-rx.c) due to improper serviceId sanitization.Using homographic characters is an easy way to execute a convincing fake site.Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.What a nightmare: your phone goes dead, and you can't log into your bank account because it's controlled by a hacker who's draining you dry.Rise and fall of a Nigerian cybercriminal called βDton,β who made hundreds of thousands of dollars in a 7-year campaign, outlined in new report.Good news for website admins: the ability to automatically update plugins and themes is being beta-tested for WordPress 5.5, due in August.The Tor browser has a bug that could allow JavaScript to execute on websites even when users think theyβve disabled it for maximum anonymity.Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions.The tendency by many attackers to wait for the right time to strike gives defenders an opening, FireEye says.Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.The app promises access to a coronavirus map tracker but instead holds your contacts and other data for ransom, DomainTools found.The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.Only half of respondents to a recent Dark Reading study felt confident that their third-party business partners would, at least, tell them if a compromise occurred.The Trump administration has ordered hundreds of thousands of federal employees to be prepared to work from home full time and use VPNs to connect to government systems.The Pakistani-linked APT has been spotted infecting victims with data exfiltration malware.Security becomes a greater challenge as more people work from home due to the coronavirus. Learn how to better protect your organization and employees.Netskope reports the total number of remote employees is the highest it has ever observed.A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.Takeaways about fighting new fires, securely enabling remote workforces, and human nature during difficult times.Following a high profile espionage case, Canada is set to roll out a new set of protocols designed to stop insider threats within government departments.Axis Security has raised $17 million in VC funding.Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.Stalkerware called Monitor Minor gives users the ability to creep on a targetβs missives swapped via Instagram, Skype and Snapchat.COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll.Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.Researchers warn that a Magecart group has set up skimmers on the blender manufacturer's website, in hopes of stealing customer payment-card data.Posts about money or family trouble are being used to gain trust by those who force victims into sex work or slavery, the FBI warns.It coincided with a disinformation campaign carried out via SMS, email and social media claiming that national quarantine was imminent.Real-time, in-trip geolocation data isn't good for traffic/bike lane planning, a draft of the suit says. What it's good for is surveillance.Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemicβs effect.An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.Attackers are using phishing emails, ransomware, and malicious apps to target people curious about the virus, says security firm Cybereason.Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.django-nopassword before 5.0.0 stores cleartext secrets in the database.A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.A fresh module aims to compromise remote desktop accounts to access corporate resources.Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.Fixes are now available for five critical and high-severity Trend Micro flaws, two of which are being actively targeted by attackers.Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.The open database exposed highly sensitive financial and business documents related to two financial organizations.A savvy operator in Nigeria has bought items with stolen credit cards and used phishing and malware attacks to earn a healthy income, according to cybersecurity provider Check Point.With people working remotely due to the coronavirus, cybercriminals are trying to take advantage of such tools as VPNs and remote desktop services, says security firm Radware.Data protection authorities around the world are reiterating that in most scenarios, data protection laws do not stand in the way of the provision of healthcare and the management of public health issues.An issue was discovered in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected.An issue was discovered in ONAP VNFSDK through Dublin. By accessing port 8000 of demo-vnfsdk-vnfsdk, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.Commentary: Even as phishing and other attacks rise in the wake of COVID-19, white-hat hackers are readying their defenses.An issue was discovered in ONAP SDC through Dublin. By accessing port 7000 of demo-sdc-sdc-wfd-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.An issue was discovered in ONAP SDC through Dublin. By accessing port 7001 of demo-sdc-sdc-wfd-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.An issue was discovered in ONAP SDC through Dublin. By accessing port 4001 of demo-sdc-sdc-onboarding-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.An issue was discovered in ONAP SDC through Dublin. By accessing port 6000 of demo-sdc-sdc-fe pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.An issue was discovered in ONAP SDC through Dublin. By accessing port 4000 of demo-sdc-sdc-be pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.An issue was discovered in ONAP HOLMES before Dublin. By accessing port 9202 of dep-holmes-engine-mgmt pod, an unauthenticated attacker (who already has access to pod-to-pod communication) may execute arbitrary code inside that pod. All ONAP Operations Manager (OOM) setups are affected.An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected.An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected.The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.Researchers detail a misconfiguration in Microsoftβs Azure cloud platform that could have given hackers carte blanche access to a targeted company's cloud services.An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.Blender maker is the latest victim of Magecart.The drastic spread of coronavirus across the world has not stopped cybercriminals from exploiting fear to hack into devices.The app says it will notify you of coronavirus cases... but in fact it locks up your phone and sextorts you for money at the same timeFacebook is denying that a recent content moderation glitch has anything to do with workforce issues, but blames automatic systems.This week the company made amends, issuing fixes for an unusually high CVE-level 41 vulnerabilities, 21 of which are rated critical.Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.Cryptojacking may not be entirely gone following the shutdown of notorious cryptomining service Coinhive - but it's drastically diminished.The suspicious network activities revealed in the research by Positive Technologies are traffic hiding, VPN tunneling, connections to the Tor anonymous network, and network proxying.While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and is still the number one cause of data breaches.Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.Here are four things that separate the leaders from the laggards when fighting cyber threats.Infamous cybercrime organization spotted in attacks that employ legitimate software -- and Google Drive.Much of the US healthcare system is running on outdated software and unsupported operating systems, such as Windows 7, leaving devices vulnerable to hackers who are actively exploiting the coronavirus.Many risk models use a commonly quoted number -- $150 per record -- to estimate the cost of an incident. A new study from the Cyentia Institute says misusing that number means that estimates are almost never accurate.Unit 42 researchers discuss public cloud misconfiguration issues that are leading to breaches of sensitive data.As social distancing becomes the norm, interest in virtual private networks has rocketed, with some providers already seeing a doubling in users and traffic since the beginning of the year.The EFF got in touch with the institutions that have the dataset. Some deleted it, while one refused and others didn't bother to respond.Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.The high-severity flaws exist in the products using SD-WAN software earlier than Release 19.2.2.Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).In ONAP SO through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.The coronavirus may put organizations at risk through short staffing or unavailable workers and services, but disaster recovery and business continuity plans can help sustain business operations.Malicious COVID-19 domains and special virus-themed sales on the dark web are two ways criminals are using the outbreak to ramp up business, said security provider Check Point.Privacy-conscious Senators are worried that technology used by the government to prevent the coronavirus from spreading could be exploited for profit and fear.Find out how to deal with a security breach and protect your data and your network from another attack using this 37-step incident response checklist.Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working.The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019....And it's got your password as "proof".An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.The government says the wristband isn't privacy-invading because it won't track your location, per se; just if you wander from COVID-19 quarantine.Itβs the COVID-19 shortage nobody expected - not toilet rolls, tinned goods or headache pills this time but Google software engineers.The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.A Red Canary study analyzed six million leads to determine threats and found that worms had the most significant impact in 2019.Traditional network address-based security controls aren't as effective for the cloud or internal networks. Here's what to do about these security issues.A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.Trolls have been joining videoconferencing calls to expose meeting participants to disturbing videos.Listen to the latest episode now!Experts discuss what precautions companies need to be taking right now that a record number of people are working outside of offices.Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.Here's a little something to snuggle up with if you're on lockdown.Hacking contest goes virtual with participants remotely winning $295k in prizes for taking down Adobe Reader, Safari and Ubuntu.Emails claiming to be directly from WHOβs Dr. Tedros Adhanom Ghebreyesus offer "drug advice" -- and malware infections.Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.An issue was discovered in Simple Machines Forum (SMF) before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls.On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to Γ’β¬œsystemΓ’β¬οΏ½, which allows remote attackers to execute arbitrary code via TCP port 9000.GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.From the EARN IT Act to the Martinelli hoax - and everything in between. Itβs your weekly security roundup.Heads up, Firefox users who rely on FTP: the browser is eliminating support for this venerable protocol.A comment from one buyer of data purportedly from Brooks International: "It even has credit card number & a password. lol !!"The dead drops were very James Bond: once, the data mule taped the SD card to the underside of a desk in a hotel.Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routes and their management software.It's time for organizations to realize that an empowered CISO can effectively manage enterprise risk and even grow the business along the way.Deloitte expert recommends using tactics to compete for the pool of security pros, including offering new incentives like student loan repayment.Authorities have cracked down on a website that claimed to give out coronavirus vaccine kits - but that was actually stealing victims' payment card data and personal information.Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4.Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks.Two old WhatsApp hoaxes are back, with a grain-of-truth story in the middle to add a veneer of believability. Don't spread this stuff!Hyperion is a runtime encrypter for 32-bit and 64-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.Phishing emails and unsecure remote desktop protocol access are two common types of attack methods used to spread ransomware, says cyber breach firm Beazley Breach Response Services.The unpatched Windows zero day flaws are being exploited in "limited, targeted" attacks, according to Microsoft.Ex-Google engineer Anthony Levandowski plead guilty to trade secret theft last week, acknowleding he took a sensitive Google file before joining Uber.Criminals behind botnets Chalubo, FBot and Moobot attack unpatched vulnerabilities in the commercial DVRs made by LILIN.Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers.The user data, which does not include passwords, purportedly comes from a mid-2019 breach.Business email compromises cost the economy billions of dollars. Experts have advice on how to stop them from hitting you for millions at a pop.There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.A vaccine for $4.95!? Nah, we didn't think so, either. Shuttering the alleged rip-off site is the DOJ's 1st takedown of COVID-19 flimflam.Microsoft's security tools extend beyond the company's own platforms. While the ambition for Defender for Linux is broad, the first preview is aimed just at servers and does less than on Windows.If you thought the Mirai botnet was bad, what about a version under the control of Russia's military that it could point like an electronic cannon at people it didn't like?Facebook has done this before: it did it with WhatsApp, following an outbreak of lynchings sparked by viral social media hoaxes.The ad-fraud malware lurks in dozens of childrens' and utilities apps.A domain name that points to a website hosting your generated content is still one of the most secure means to ensure that an online identity does not fall prey to hackers or hijackers.As working from home becomes more common for tech workers, ensuring proper security measures is important. Tom Merritt offers five security tips for employees working from home.As working from home becomes more common for tech workers, ensuring proper security measures is important. Tom Merritt offers five security tips for employees working from home.Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.Responding to customer demand, the company is bringing something new to its Enterprise Threat Protector.Gone are the days when threat actors had to actually spend time and effort planning and developing an attack on their own, Recorded Future says.As pandemic worsens, online profiteering -- from fraudsters to ransomware operators to cybercriminal hacking -- continues unabated, despite some promises from the underground.Adobe has fixed a critical flaw in its Creative Cloud Desktop Application for Windows.As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.The new malware, dubbed "Milum," can take control of industrial devices.The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.The New York Department of Financial Services is asking all regulated organizations to provide them with a COVID-19 preparedness plan, including an assessment of how susceptible each entity would be to increased cyberattacks.The DarkHotel group could have been looking for information on tests, vaccines or trial cures.Is sacrificing your personal privacy worth flattening the coronavirus infection curve? Weigh in on our Threatpost poll.The cyberattacks -- some on industrial targets -- use a previously unknown trojan dubbed Milum.Microsoft 365 account holders are cautioned to pay attention to unknown applications that request permissions.Hacking attempts against the health organization and its partners have jumped as they struggle to battle the coronavirus.A TransUnion report details how COVID-19 has impacted online shopping and fraud.Commentary: COVID-19 has laid bare our need to take a new, more data-centric approach to security in light of more people working from home.A study on industrial cybersecurity focused on the biggest security threats for the enterprise.Europol seized 34K fake surgical masks, while the office of NY's AG wants registrars to explain how they're battling the sale of lies.A cyberattack that targeted the World Health Organization is probably just the tip of the iceberg according to experts reacting to the news this week.Put it to work for the Folding@Home distributed computing project to uncover how the virus's spikes latch on and how they can be blocked.Cybercriminals are exploiting two unpatched zero-day flaws affecting all supported versions of Windows, Microsoft has warned.The move follows Googleβs announcement last May that it would do the same in Chrome by 2022.TrickBot victims are being fooled into downloading an app that records their screens - stealing non-SMS 2FA passcodes for banking websites.ReversingLabs did a forensic analysis of attacks from the remote access trojan to understand the malware control structure.What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack.An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor "in recent years."Businesses see advantages in migrating to cloud-based security tools but are worried about such issues as data privacy and unauthorized access, says Exabeam.In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.Two security awareness advocates from KnowBe4 provide some solid suggestions.Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.Apple's security update included a slew of vulnerabilities in various components of iOS, macOS and Safari - the most severe of which could enable remote code execution.Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?The Department of Defense and its research facilities could be taking more steps to ensure steps around data protection are taken when sharing sensitive data, a federal audit revealed.Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.The overnight transformation to telecommuting means security risks are even higher than during normal business times.Microsoft locks down the Internet of Things with its own Linux.The accounts were used to advertise a site selling products made scarce by COVID-19: face masks, forehead thermometers and toilet paper.Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victims' files.The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS.With more employees than ever working remotely, there are numerous potential threats that organizations must be aware of.Existing 4G and early 5G networks use Diameter signaling protocol, which contains certain security holes that can lead to a range of attacks, says enterprise security provider Positive Technologies.Starting in 13.1, advertisers and analytics firms can't track us through browser cookies. Apple says this also kills login fingerprinting.It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.The router DNS hijacking attacks have targeted more than a thousand victims with the Oski info-stealing malware.nullscan is a modular framework designed to chain and automate security tests. It parses target definitions from the command line and runs corresponding modules and their nullscan-tools afterwards. It can also take hosts and start nmap first in order to perform a basic portscan and run the modules afterwards. Also, nullscan can parse a given nmap logfile for open tcp and udp ports and again run the modules afterwards. All results will be logged in specified directories with a clean structure and an HTML report can subsequently be generated.Anxiously waiting for a home delivery? Don't be tricked by a message that says there's a problem with your address...python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.The attackers are changing DNS settings on Linksys routers to redirect users to a malicious website promising an informative COVID-19 app, says security provider BitDefender.The malware, the work of a new APT called TwoSail Junk, allows deep surveillance and total control over iOS devices.JMP Securities has announced its annual Elite 80 list and we're pleased to report Digital Guardian is on it!The food container company's main website had a card skimmer that scooped up online customers' payment card data.A malware expert offers telecommuters security tips about their work computer, remote access and network connections, phishing emails, and more.New data from Barracuda shows cybercriminals are taking advantage of people's concerns during the COVID-19 pandemic.Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.Outsourcing security remains one of the best ways for small to midsize businesses to protect themselves from cyberthreats.CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.Inside the efforts to keep the quarantined world's popular Internet services running smoothly.As cyber defenses improve, adversaries are shifting to stealthy "living-off-the-land" attacks that use targets' own tools against them. Here are some tips to defend your turf.The coronavirus is putting a strain on healthcare facilities and increasing cybersecurity risks. Here are steps hospital IT admins can take to prevent ransomware and safeguard patient data.A ransomware operator claims to have successfully attacked Chubb Insurance databases.Goal is to help organizations - especially healthcare entities - protect against cybercriminals trying to take advantage of the pandemic.The FBI on Tuesday shut down Deer.io, a Russia-based platform catering to cybercrooks that offered turnkey online storefront design and hosting and a place where they could sell and advertise their wares, including ripped-off credentials, hacked servers, hacking services, gamer accounts and more. Earlier this month, the bureau nabbed the guy they think was running [β¦]It's the second time that the popular Daniel's Hosting platform was attacked in 16 months. This time, 7,600 Dark Web sites were obliterated.The aim is to block the browser from reaching the small number of sites that cling to HTTP, closing security risks.Android apps are snooping on other software on your device - and that could tell shady advertising companies more about you than you'd like.If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account.The vulnerability can be exploited to reveal limited traffic data including a deviceβs IP address.Cybercriminals are tapping into the widespread use of Office 365 to spread malware in an attempt to steal account credentials, according to email security provider Vade Secure.Nextcloud allows you to enforce groups to use two-factor authentication. Let's find out how to create a group and then add them to 2FA enforcement.The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.Cybercrime groups capitalize on pandemic anxiety, Norwegian Cruise Line suffers data breach, and more - catch up on all the week's news with the Friday Five.Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.KEEN is providing shoes to people most impacted by the COVID-19 pandemic, but their website was bombarded by malicious bots.A misconfigured database holding personal data was left available online between April 2019 and February 2020.Every network administrator needs to know how to listen to port traffic on a server. Here's one way to do it on Linux.Victims are being enticed to insert an unknown USB drive into their computers.If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3).The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3 allows remote authenticated users to trigger outbound TCP requests (aka SSRF) via the Test Connection feature (aka testGrafanaConnection) of the Grafana Module.openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService 3.5.13.20. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability.GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.From the return of the Martinelli WhatsApp hoax to the takedown of hacker forum Deer.io - and everything in between. It's roundup time.Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters.Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.Google's doing so grudgingly: it still thinks that showing too much will confuse users trying to assess a site's security.Itβs less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.Often the hardest part in creating an effective awareness program is deciding what NOT to teach.An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.The bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, too...Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.Phishing emails and unsecure remote desktop protocol access are two common types of attack methods used to spread ransomware, says cyber breach firm Beazley Breach Response Services.Your smartphone can act as your security key to authenticate your Google credentials on the web. Learn how to set that up on an Android device or an iPhone.The malware is back after three years, looking to cash in on interest in government relief efforts around coronavirus.When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.These TechRepublic Premium resources offer a comprehensive solution from responding to a data breach to explaining company-wide security responsibilities.COVID-19 is fueling new dark web conversations about cybercriminal activity, says cyber intelligence company Sixgill.Zoom removed its Facebook SDK for iOS feature after a report found the app sending Facebook "unnecessary" user data.Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.As with many things currently, details of the California Consumer Privacy Act are unclear. That, plus confusion around COVID-19, has many interest groups hoping enforcement around the law is postponed.The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. Γ’β¬œApache NetBeans" versions up to and including 11.2 are affected by this vulnerability.Phishing and zero-days continue to be a core part of the APT arsenal.There's one thing missing in all the claims that deleting the Houseparty app will "unhack" you - evidence"A security expert offers tips on how to keep employees safe in this work-from-home environment during the coronavirus pandemic.A security expert offers tips on how to keep employees safe in this work-from-home environment during the coronavirus pandemic.Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails.odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.World Backup Day is March 31, and while cyberattacks are a potential threat to their data, many SMBs say they don't have a data backup or disaster recovery process, according to data protection company Infrascale.Since February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group.The only backup you will ever regret... is the one you didn't makeThe web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.X-Plane 11.41 and earlier has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system.X-Plane 11.41 and earlier allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution.No, we don't know why people start hoaxes like this. You can do your bit by not forwarding them, not even "just in case".An informal Threatpost reader poll shows the majority of site visitors are privacy absolutists. But attitudes shift when the trade off is saving lives.They have a way to inject 'good' data - i.e., accurate COVID-19 news or security patches - to outpace the spread of fake news or malware.Where did it all come from? 4.9m records were posted on a hacking forum - and the country only has an estimated population of 3.7m.These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.Why every business needs cyber resilience and quick recovery times.The source code for ransomware-as-a-service strain Dharma has been put up for sale by hackers.OpenWrt is an open source operating system used by millions of home and small business routers and embedded devices.OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.Marriott International has today announced that it has suffered a data breach affecting up to 5.2 million people.Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.A new phishing campaign is using the fear of being infected as a way to spread malware, as spotted by security trainer KnowBe4.With companies sending employees home to work during the COVID-19 threat, IBM offers a range of tools to support critical IT applications.Microsoft's Remote Desktop Protocol has been saddled with security bugs and weaknesses, which means you need to take certain precautions when using RDP for remote connections.An old RAT learns an old trick.The New York Attorney General has inquired about Zoom's data security strategy, as the conferencing platform comes under heavy scrutiny for its privacy policies.Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.The platform allows a host to monitor users' activities while screen sharing, as well as access to a participant's device information and other details.Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.The data was breached through the credentials of two franchisee employees.A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.Exabeam's employees are recovering from coronavirus. Both tested positive for coronavirus after attending RSA in San Francisco.Teleconferences are being disrupted by internet trolls shouting profanity and racist remarks and posting pornographic and hate images.Itβs been difficult keeping track of all the scams leveraging the COVID-19 pandemic to steal your money or your personal information. Now, the FBI is warning of increased attacks that target the supply chain and the healthcare industry in addition to βZoom-bombingβ style attacks.In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.About 10 compromised websites employ a multi-stage, targeted effort to fingerprint and compromise victims.Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.Microsoft has announced a list of new security and privacy features it plans to add to forthcoming versions in an effort to take on its rivals.Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.Every once in a while an attack comes along that is so simple to set up, and yet so effective, that it makes your jaw drop. Here's one.And no, Microsoft said, none of our verified accounts have been hijacked, vehemently denying early reports.An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victimsβ microphone and camera.If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.A second vulnerability could be used to prevent access to almost all of a siteβs existing content, by simply redirecting visitors.Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length.Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.Amid increased scrutiny from researchers and privacy activists, two new zero days in the teleconferencing app surfaced on Wednesday.A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.Global shipments of smart home speakers will increase this year due to fear of coronavirus germs, according to ABI Research.Like NotPetya, it overwrites the master boot record to render computers "trashed."The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the aging and insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols.The FCC has given voice carriers until June 2021 to implement technology it says will stop the robocall plague that's driving us all insane.With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.Attacks using a brand-new card-harvesting code is targeting small- to medium-sized businesses, claiming 19 sites so far.Millions of IDs, charge cards, loyalty cards, gift cards, medical marijuana ID cards and personal information was left exposed to the open internet.Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.Listen to the latest episode now!Old phishing kits are being pressed into service to keep up with the unprecedented volume of new scams that exploit the pandemic.People have taken actions to better protect their information but feel they need to do more, according to a survey from NortonLifeLock.Cybercriminals are increasingly directing targeted attacks at specific organizations or individuals, says security provider Positive Technologies.In theory, crooks could mess up your site so vistors can't see your content, then lock you out so you can't jump in and fix it.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.The feature, criticized for "undisclosed data-mining," is only the latest privacy faux pas for Zoom this month.Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.Almost 40% of employees surveyed admitted to not knowing what ransomware is, and many of them have already been victims, according to security provider Kaspersky.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.Is your organization carelessly leaving its networks vulnerable to invasion? Check out these five common oversights to see if your resources are at risk.Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.A multimillion dollar solar installation firm is alleging one of its former employees took its data to start a competing firm just 11 miles away.A single -- albeit complex-to-deploy -- technology could stop the most expensive form of fraud, experts say. Why aren't more companies adopting it?Hospitals are under cyberattack even as they struggle to combat the coronavirus. Microsoft is offering hospitals security tips to try to help.Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days.Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.With COVID-19 concerns running high, attackers are trying new tactics to get to users.ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript.For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.If somebody promises to get your economic impact payment fast, back away: it's just one flavor of COVID-19 scam the tax agency is seeing.How Windows will use Intel's Control-flow Enforcement Technology to block whole classes of common attacks, now it's finally reaching the market.A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Server Applications 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Server 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.5.2-3.26.1. openSUSE Leap 15.1 rmt-server versions prior to 2.5.2-lp151.2.9.1.Dozens of bugs in a core Windows API could enable attackers to elevate their privileges in the operating system.A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions.The attack discovered uses World Health Organization trademark to lure users with info related to coronavirus.Now is the time to pitch your great idea for a groundbreaking information security Briefing at Black Hat USA in August. But hurry because submissions close April 6!Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.Ransomware operators are aiming for bigger targets and hitting below the belt. With doxing and extortion threats added to the mix, ransomware is evolving into something even more sinister.The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.5 things you can do to make your Zooming safer, more private and more secure...Ryuk Ransomware continues to target hospitals, personal information of five million hotel guests gets breached, and Italy's social security website gets hacked - catch up on the week's news with the Friday Five.includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.A group of CDNs and cloud providers are joining in on a fight against common internet routing attacks.Cybercriminals have effectively changed their tactics to take advantage of the fear over COVID-19, says security provider Menlo Security.With work shifting away from offices, SMBs need a top-shelf VPN to continue doing business. Here are some of the leading brands.A Bitcoin-mining campaign using the Kinsing malware is spreading quickly thanks to cloud-container misconfigurations.Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.Identiq uses cryptographic algorithms and preserves customer privacy while enabling companies to to identify new customers through a network of trust.To the uninitiated, online gaming may be slightly intimidating and a bit confusing. We can relieve those lingering trepidations with this set of practical tips for new players.A security researcher earned $75,000 for finding a whopping seven zero-days in Safari, three of which can be combined to access the camera.Internet trolls are crashing Zoom video conferences and flooding them with inappropriate content. Here are easy ways to protect your meetings from Zoom bombers.Mozilla Foundation rushes patches to fix bugs in its browser that could allow for remote code execution.Mozilla just pushed out an update for its Firefox browser to patch a security hole that was already being exploited in the wild.From Marriott International's huge data breach to whether Houseparty has really hacked you - it's roundup time.COVID-19βs effect on work footprints has created an unprecedented challenge for IT and security staff. Many departments are scrambling to enable collaboration apps for all -- but without proper security they can be a big risk.A rival hacking forum has yet again hacked OGUsers and doxxed its database for one and all to grab.Digital and human rights groups have joined in a rare worldwide appeal to governments to respect privacy when handling the COVID-19 crisis.Microsoft has implemented the popular open tracing tool to help developers debug Windows code.Keeping your Apple devices up-to-date helps ensure security and reliability. Don't spend time on manual updates--leave it to iOS and macOS to automatically update your system and apps.And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoofRobert Lee, founder and CEO of Dragos, discusses the dangers cyberattacks pose to critical industrial infrastructures.Robert Lee, founder and CEO of Dragos, discusses the dangers cyberattacks pose to critical industrial infrastructures.Dan Patterson speaks with cybersecurity expert Robert Lee about how Russia, Iran, China, and North Korea pose a threat to US industrial infrastructures.Robert Lee, founder & CEO of Dragos, Inc., speaks with Dan Patterson about which countries pose a threat to US industrial infrastructures.Founder & CEO of Dragos, Inc., speaks with Dan Patterson about the US hacking other countries and its policies when responding to cybersecurity threats.Dragos, Inc., Founder & CEO Robert Lee talks to Dan Patterson about the risks of IoT as well as the capabilities of Russian hackers.Founder & CEO of Dragos, Inc., speaks with Dan Patterson about the US hacking other countries and its policies when responding to cybersecurity threats.Dragos, Inc., Founder & CEO speaks with Dan Patterson about current methods of securing the US infrastructure and ways IoT can be regulated.Dragos, Inc., Founder & CEO Robert Lee talks to Dan Patterson about the risks of IoT as well as the capabilities of Russian hackers.Dragos, Inc., Founder & CEO speaks with Dan Patterson about current methods of securing the US infrastructure and ways IoT can be regulated.A microphone switch! What will they think of next?You need to protect your web traffic, and a VPN will do that and more.The latest release of Firefox brings fixes for two Critical vulnerabilities already seen exploited in the wild.The attacks are being carried out against Chinese government interests worldwide, according to Qihoo 360.And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoofFuturist Isaac Arthur explains how to stay safe from quantum encryption hacking.Futurist Isaac Arthur explains how to stay safe from quantum encryption hacking.There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.Senators, just like they did when Google announced plans to use its technology to screen for COVID-19, have some privacy questions for Apple, which recently said it will do the same, via a website and app.The white hat hacker who discovered the vulnerabilities received a $75,000 from Apple's bug-bounty program.A new PSA warns of attacks launched against users of two popular cloud-based email systems.If you make use of the Firefox Multi-Container Account add-on, it now includes the ability to sync your customizations across your Firefox account.Nextcloud allows you to enforce groups to use two-factor authentication. Let's find out how to create a group and then add them to 2FA enforcement.The FBI is cracking down on the practice of Zoom bombing, saying the hijacking of web conferences can be punishable by jail time.More zero-day exploits coming up for sale by NSO Group and others is democratizing the attack vector and placing them within reach of less sophisticated attackers.Learn how to prevent internet trolls from crashing your Zoom video conferences and flooding them with inappropriate content.The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It's not the first time.Vendors of offensive cyber tools have made it easy for any threat group with the right funds to leverage unpatched bugs, FireEye says.A study has found that thousands of legitimate Android apps are taking liberties or installing with capabilities that users wouldnβt expect to exist.Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.The suit is about biometrics and children's privacy in Google's education apps, which are suddenly, wildly popular now due to COVID-19.Whose fault was it - Twitter or Firefox? (It's fixed now, to be clear.)Five APT groups have been using remote access trojans to take advantage of a network component that doesn't get much attention from security teams.Enterprises that don't perform adequate SSL inspections are now at a much higher risk to be breached or attacked, according to a Menlo Security report.As millions have flooded Zoom because of COVID-19, the site became a prime target for hackers. Here is how the company responded, and whether security experts think it's adequate.Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vectors.Data from application processes and other systems leave a trail of threat crumbs that can be used to detect and shut down attacks.An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016).An issue was discovered on Samsung mobile devices with J(4.2) (Qualcomm Wi-Fi chipsets) software. There is a buffer overflow in the Qualcomm WLAN Driver. The Samsung ID is SVE-2016-5326 (February 2016).An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016).An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls or send SMS messages. The Samsung ID is SVE-2016-5733 (May 2016).An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 (June 2016).An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016).An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016).Phishing is the leading threat exploiting COVID-19, followed by malicious websites, according to a survey of IT professionals from Check Point.An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016).WireGuard has yet to arrive in the Linux kernel, but you can still start testing how this new feature will work.An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017).An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016).An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6604. Reason: This candidate is a reservation duplicate of CVE-2016-6604. Notes: All CVE users should reference CVE-2016-6604 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016).Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.Ultimately delivering the Triada payload, xHelper goes to great lengths to become virtually indestructible once installed on a smartphone.An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016).An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Samsung ID is SVE-2016-6560 (October 2016).An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016).An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016).An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016).An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016).An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016).An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016).An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016).An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).The hotly debated move does little to address underlying issues many teachers and parents are having with the platform and other tools, educators say.Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017).The New York Department of Financial Services has extended its usual April 15 cybersecurity Certification of Compliance deadline for entities experiencing issues arising from COVID-19New research shows the relationship between mature DevOps processes, secure applications, and happy developers.Most enterprise endpoint solutions will support policies to enforce recommended updates.