How to extract Python source code from Py2App packed Mach-O Binaries
(Saturday March 06, 2021)
Massive Microsoft email hack ongoing despite emergency patches
(Saturday March 06, 2021)
Microsoft Exchange Server Vulnerabilities Mitigations – March 2021
(Friday March 05, 2021)
Microsoft Exchange Server Exploits Hit Retail, Government, Education
(Friday March 05, 2021)
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
(Friday March 05, 2021)
U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures
(Friday March 05, 2021)
The lack of cybersecurity requirements in weapons contracts from the
Department of Defense opens the door for dangerous cyberattacks.
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
(Friday March 05, 2021)
WordPress Injection Anchors Widespread Malware Campaign
(Friday March 05, 2021)
5 Ways Social Engineers Crack Into Human Beings
(Friday March 05, 2021)
These common human traits are the basic ingredients in the con-man's
recipe for trickery.
Massive Supply-Chain Cyberattack Breaches Several Airlines
(Friday March 05, 2021)
The cyberattack on SITA, a nearly ubiquitous airline service provider,
has compromised frequent-flyer data across many carriers.
Realistic Patch Management Tips, Post-SolarWinds
(Friday March 05, 2021)
Patch management and testing are different, exactly the same, and
completely out of hand. Here are tips from the experts on how to
wrangle patches in a time of malicious software updates.
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
(Friday March 05, 2021)
On International Women's Day 2021, gender diversity has improved in
cybersecurity, but there is still a long way to go.
Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’
(Friday March 05, 2021)
EFF worries that the Google's ‘privacy-first” vision for the
future may pose new privacy risks.
Malaysia and Singapore Airlines Breached in Third Party Hacks
(Friday March 05, 2021)
Bug in Apple's Find My Feature Could've Exposed Users' Location Histories
(Friday March 05, 2021)
D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
(Friday March 05, 2021)
Microsoft Windows RRAS Service MIBEntryGet Overflow
(Friday March 05, 2021)
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
(Friday March 05, 2021)
Asterisk Project Security Advisory - AST-2021-006
(Friday March 05, 2021)
When Asterisk sends a re-invite initiating T.38 faxing and the
endpoint responds with a m=image line and zero port, a crash will
occur in Asterisk. This is a re-occurrence of AST-2019-004.
Ubuntu Security Notice USN-4757-2
(Friday March 05, 2021)
Ubuntu Security Notice 4757-2 - USN-4757-1 fixed a vulnerability in
wpa_supplicant and hostapd. This update provides the corresponding
update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did
not properly handle P2P provision discovery requests in some
situations. A physically proximate attacker could use this to cause a
denial of service or possibly execute arbitrary code. Various other
issues were also addressed.
Red Hat Security Advisory 2021-0736-01
(Friday March 05, 2021)
Red Hat Security Advisory 2021-0736-01 - IBM Java SE version 8
includes the IBM Java Runtime Environment and the IBM Java Software
Development Kit. This update upgrades IBM Java SE 8 to version 8
SR6-FP25. Issues addressed include buffer overflow and bypass
vulnerabilities.
Fluig 1.7.0 Path Traversal
(Friday March 05, 2021)
Fluig versions 1.7.0-210217 and below suffer from a path traversal
vulnerability.
Red Hat Security Advisory 2021-0735-01
(Friday March 05, 2021)
Red Hat Security Advisory 2021-0735-01 - Node.js is a software
development platform for building fast and scalable network
applications in the JavaScript programming language. Issues addressed
include denial of service and resource exhaustion vulnerabilities.
Red Hat Security Advisory 2021-0734-01
(Friday March 05, 2021)
Red Hat Security Advisory 2021-0734-01 - Node.js is a software
development platform for building fast and scalable network
applications in the JavaScript programming language. Issues addressed
include denial of service and resource exhaustion vulnerabilities.
CatDV 9.2 Authentication Bypass
(Friday March 05, 2021)
Biden Administration Labels China Top Tech Threat, Promises Proportionate Responses To Cyberattacks
(Friday March 05, 2021)
Make Sure That Stimulus Check Lands in the Right Bank Account
(Friday March 05, 2021)
If you haven't already, it's time to build trust relationships with
your financial institutions, using strong security, privacy
protections and secure, unique user credentials.
Anatomy of a Security Super Bowl Dynasty, Part 2: The Offense
(Friday March 05, 2021)
Imperva’s Directors of Technology in the Office of the CTO, Brian
Anderson and Craig Burlingame, recently conducted an informal
education session titled Creating a Security Super Bowl Dynasty. In
this presentation, they used examples of how teams create consistent,
sustainable success in American football to help teams of security
professionals gain some insight into how […]
The post Anatomy of a Security Super Bowl Dynasty, Part 2: The Offense
[https://www.imperva.com/blog/anatomy-of-a-security-super-bowl-dynasty-part-2-the-offense/]
appeared first on Blog...
Web Application Reconnaissance And Mapping
(Friday March 05, 2021)
This is a brief whitepaper that goes over some tooling that can be of
assistance while performing reconnaissance against a web application
prior to attack.
Cybercriminals Are Phishing For Login Credentials of AOL Users
(Friday March 05, 2021)
Fraudsters aiming to steal login credentials from AOL users are
sending phishing emails that threaten recipients with account closures
unless they confirm their email addresses and passwords. The AOL
phishing campaign was noticed on February 23, according to Bitdefender
Antispam Lab. Like previous email-based phishing campaigns,
cybercriminals use scare tactics and subject lines ranging from […]ProxyLogon — The latest pre-authenticated Remote Code Execution vulnerability on Microsoft Exchange Server
(Friday March 05, 2021)
Weekly Update 233
(Friday March 05, 2021)
SSRF: Bypassing hostname restrictions with fuzzing
(Friday March 05, 2021)
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
(Friday March 05, 2021)
SolarWinds: "IT's Pearl Harbor."
(Friday March 05, 2021)
The experts agree. SolarWinds was the worst security disaster of all
time, and it's not done with us yet.
Virginia data protection bill signed into law
(Friday March 05, 2021)
On March 2, Virginia's Democratic Governor Ralph Northam signed into
law the nation's second major piece of state legislation that governs
consumer data privacy and protection. Virginia's , which will mostly
go into effect on January 1, 2023.
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
(Friday March 05, 2021)
VMware View Planner before 4.6 arbitrary file upload leads remote code execution without authentication CVE-2021-21978
(Friday March 05, 2021)
' + jsdescription1Arr.substring(0, 160).trim() + '
Google Will Use 'FLoC' for Ad Targeting Once 3rd-Party Cookies Are Dead
(Friday March 05, 2021)
Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
(Friday March 05, 2021)
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
(Friday March 05, 2021)
BrandPost: How to Cope with Disruptive Shifts in Cyberattacks
(Friday March 05, 2021)
No one can argue that 2020 wasn't disruptive to almost everyone in the
world. And businesses were no exception. To accommodate the need for
social distancing, countless organizations had to reconfigure
everything from their business models to their networks. The almost
overnight shift to remote work meant everyone from employees, to
students, to healthcare workers had to connect to their business
networks from outside. Retailers scrambled to adapt as the pandemic
altered how people patronized their businesses and even what they
purchased. The ripple effects from these changes affected point...
Business Apps Spoofed in 45% of Impersonation Attacks
(Thursday March 04, 2021)
Healthcare Still Seeing High Level of Attacker Activity
(Thursday March 04, 2021)
Interest in vaccines is driving all sorts of activity, reports say,
from vaccine-specific phishing to growing bot traffic on healthcare
sites.
Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers
(Thursday March 04, 2021)
Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign
(Thursday March 04, 2021)
Cyberattackers Target Top Russian Cybercrime Forums
(Thursday March 04, 2021)
Using TikTok? Check out these six security tips
(Thursday March 04, 2021)
Practical advice on how to maximize your security and privacy on
TikTok.
John McAfee Charged in 'Pump & Dump' Cryptocurrency Scheme
(Thursday March 04, 2021)
S3 Ep22: Cryptographic escapes and social media scams [Podcast]
(Thursday March 04, 2021)
Lastest episode - listen now. (And tell your friends!)
Automate Google Maps API keys analysis
(Thursday March 04, 2021)
Google Maps API checker. Contribute to joanbono/gap development by creating an account on GitHub.
Another Chrome zero-day exploit – so get that update done!
(Thursday March 04, 2021)
Secure Laptops & the Enterprise of the Future
(Thursday March 04, 2021)
The enterprise of the future will depend upon organizations' ability
to extend the company firewall to everywhere people are working.
New Social Security Scam Spoofs Government Badges
(Thursday March 04, 2021)
Criminals text or email photos of fake government identification
badges to trick people into sending money.
National Surveillance Camera Rollout Roils Privacy Activists
(Thursday March 04, 2021)
APT-Hunter – Threat Hunting Tool via Windows Event Log
(Thursday March 04, 2021)
APT-Hunter is a threat hunting tool for windows event logs made from
the perspective of the purple team mindset to provide detection for
APT movements hidden in the sea of windows event logs.
This will help you to decrease the time to uncover suspicious activity
and the tool will make good use of the windows event logs collected
and make sure to not miss critical events configured to be detected.
The target audience for APT-Hunter is threat hunters, incident
response professionals or forensic investigators.
CISA Orders Federal Agencies to Patch Exchange Servers
(Thursday March 04, 2021)
A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security
(Thursday March 04, 2021)
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
(Thursday March 04, 2021)
New ObliqueRAT Malware Campaign Now Integrates Steganography, Researchers Finds
(Thursday March 04, 2021)
Security researchers have identified a new malware campaign designed
to infect host machines with ObliqueRAT, a remote access Trojan, with
the help of malicious Microsoft Office documents. Infecting email
attachments, usually Microsoft Office docs, is a favorite tactic of
attackers. It’s a simple method, and it works, but even these
methods change from time to […]Qualys Is the Latest Victim of Accellion Data Breach
(Thursday March 04, 2021)
Deception Engineering: exploring the use of Windows Service Canaries against ransomware
(Thursday March 04, 2021)
COVID-19 Vaccine Spear-Phishing Attacks Jump 26 Percent
(Thursday March 04, 2021)
SQLMAP - Automatic SQL Injection Tool 1.5.3
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0733-01
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0733-01 - IBM Java SE version 7 Release
1 includes the IBM Java Runtime Environment and the IBM Java Software
Development Kit. This update upgrades IBM Java SE 7 to version 7R1
SR4-FP80. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2021-0717-01
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0717-01 - IBM Java SE version 8
includes the IBM Java Runtime Environment and the IBM Java Software
Development Kit. This update upgrades IBM Java SE 8 to version 8
SR6-FP25. Issues addressed include buffer overflow and bypass
vulnerabilities.
Textpattern CMS 4.8.3 Remote Code Execution
(Thursday March 04, 2021)
Textpattern CMS 4.9.0-dev Cross Site Scripting
(Thursday March 04, 2021)
Textpattern CMS version 4.9.0-dev suffers from a persistent cross site
scripting vulnerability.
Textpattern CMS 4.8.4 Cross Site Scripting
(Thursday March 04, 2021)
Textpattern CMS version 4.8.4 suffers from a persistent cross site
scripting vulnerability.
Android Vulnerability In ES File Explorer
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0719-01
(Thursday March 04, 2021)
Online Ordering System 1.0 SQL Injection
(Thursday March 04, 2021)
Online Ordering System 1.0 Shell Upload
(Thursday March 04, 2021)
Online Ordering System version 1.0 suffers from a remote shell upload
vulnerability.
Red Hat Security Advisory 2021-0727-01
(Thursday March 04, 2021)
Red Hat Security Advisory 2021-0727-01 - The Berkeley Internet Name
Domain is an implementation of the Domain Name System protocols. BIND
includes a DNS server ; a resolver library ; and tools for verifying
that the DNS server is operating correctly. Issues addressed include a
buffer overflow vulnerability.
Web Based Quiz System 1.0 SQL Injection
(Thursday March 04, 2021)
e107 CMS 2.3.0 Cross Site Request Forgery
(Thursday March 04, 2021)
e107 CMS version 2.3.0 suffers from a cross site request forgery
vulnerability.
Russian cybercriminal forum hacked, user details exposed
(Thursday March 04, 2021)
Three Top Russian Cybercrime Forums Hacked
(Thursday March 04, 2021)
Why We Need More Blue Team Voices at the Table
(Thursday March 04, 2021)
The red team draws attention, but the blue team has the expertise to
keep networks secure day in and day out.
Wall Street targeted by new Capital Call investment email scammers
(Thursday March 04, 2021)
Bad Bot Traffic on Healthcare Websites Rises 372% As Vaccines Become Available Globally
(Thursday March 04, 2021)
Nations around the world are racing to acquire COVID-19 vaccines and
assemble digital infrastructure and web applications to enable
appointment booking. As they do this, Imperva Research Labs has
monitored a staggering 372% increase in bad bot traffic on healthcare
websites globally since September 2020. In February 2021, bot traffic
soared 48.8%, the largest increase […]
The post Bad Bot Traffic on Healthcare Websites Rises 372% As Vaccines
Become Available Globally
[https://www.imperva.com/blog/bad-bot-traffic-on-healthcare-websites-rises-372-as-vaccines-become-available-globally/]
appear
Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai
(Thursday March 04, 2021)
Wholesome curl Calls For Your Blog Posts
(Thursday March 04, 2021)
Clubhouse app raises security, privacy concerns
(Thursday March 04, 2021)
Social media app Clubhouse has been on the market for less than one
year and it’s already facing privacy-related court filings and
fallout from a user data leak that , in which a user recorded and
shared private conversations, user login information, and metadata to
another website.(Insider Story)
Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes
(Thursday March 04, 2021)
Chinese Hackers Targeted India's Power Grid Amid Geopolitical Tensions
(Thursday March 04, 2021)
New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!
(Thursday March 04, 2021)
Smashing Security podcast #217: Would you cuddle this revolting robot? – with Robert Llewellyn
(Thursday March 04, 2021)
Actor, presenter and writer Robert Llewellyn, famous for playing the
part of Kryten in the science-fiction comedy "Red Dwarf," joins us as
we discuss robots gone rogue, electric vehicle nightmares, and creepy
companions. All this and much much more can be found in the latest
edition of the "Smashing Security" podcast, hosted by computer
security veterans Graham Cluley and Carole Theriault.
Bitsquatting windows.com
(Thursday March 04, 2021)
Gab Has Been Breached
(Wednesday March 03, 2021)
as I write this), and for the most part, the situation with Gab is
just another day on the internet. But Gab is also different, having
grown dramatically in recent months
