Archive for the ‘Security vulnerabilities’ Category

Expert discloses unpatched Safari flaw that allows stealing local files

A researcher disclosed technical details of an unpatched vulnerability in Apple’s Safari web browser that can be exploited to steal files from the targeted system. Source: Expert discloses unpatched Safari flaw that allows stealing local files Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment […]

Leave a Comment

Mozilla offers rewards for Bypassing Firefox Exploit Mitigations

Mozilla has expanded its bug bounty program including rewards for bypass methods for the exploit mitigations and security features in Firefox. Source: Mozilla offers rewards for Bypassing Firefox Exploit Mitigations Why Firefox is the best browser for privacy and how to configure things properly

Leave a Comment

IBM finds vulnerability in IoT chips present in billions of devices

Manufactured by Thales, the EHS8 module family has security flaws that could allow attackers to take total control over internet-connected industrial machines. Source: IBM finds vulnerability in IoT chips present in billions of devices   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands […]

Leave a Comment

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. Source: FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up! DISC InfoSec 🔒 […]

Leave a Comment

Google Chrome will warn users when submitting insecure forms

Google Chrome will warn users when submitting insecure forms that deliver information via HTTP connections on HTTPS websites starting with version 86. Source: Google Chrome will warn users when submitting insecure forms   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up! DISC InfoSec […]

Leave a Comment

PoC exploit code for two Apache Struts 2 flaws available online

Security researchers have discovered a PoC code and exploit available online that can be used to trigger unpatched security flaws in Apache Struts 2. Security researchers have discovered a PoC code and exploit available on GitHub that that can be used to trigger the security vulnerabilities in Apache Struts 2. The Proof-of-concept exploit code was released last […]

Leave a Comment

If you haven’t yet patched this critical hole in SAP NetWeaver Application Server, today is not your day

Full details of security vuln plus proof-of-concept exploits revealed This critical-severity bug – scoring 9.9 out of 10 on the CVSS v3 meter – can be exploited by a rogue authenticated user, or someone whose access has been hijacked, to inject arbitrary code into an application server. This means they can run malicious commands they […]

Leave a Comment

Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about

FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about Hackers hit honeypots hours after CISO downplays risk, proof-of-concept exploit code emerges. Source: FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about Explore the subject of Cyber Attack […]

Leave a Comment

Google open-sources Tsunami vulnerability scanner

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. Source: Google open-sources Tsunami vulnerability scanner | ZDNet The scanner has been used internally at Google and has been made available on GitHub Google Tsunami Security Scanner – Quick install an example run InfoSec Threats, Books and Training […]

Leave a Comment

Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them. Source: Good Cyber Hygiene in a Post-Pandemic World Starts with Us Cyber ‘hygiene’ could resolve 90% of cyber attacks | FT Business Notebook Download a Security Risk Assessment steps paper! Download a vCISO template Subscribe […]

Leave a Comment

Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor

Researchers discovered multiple flaws in more than 40 drivers from at least 20 different vendors that could to install a persistent backdoor on Windows PCs. Source: Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor The security flaw in more than 40 Device Drivers from 20 hardware vendors Subscribe to […]

Leave a Comment

The scramble to secure America’s voting machines

Paperless voting devices are a gaping weakness in the patchwork U.S. election system, security experts say. But states and counties are making uneven progress in replacing them, a POLITICO survey reveals. Source: The scramble to secure America’s voting machines America’s Voting Machines Are Extremely Vulnerable to Hacking | NowThis Enter your email address: Delivered by […]

Leave a Comment

These are the top ten security vulnerabilities most exploited by hackers | ZDNet

But one simple thing could help stop the vast majority of these attacks, say researchers. Source: These are the top ten security vulnerabilities most exploited by hackers | ZDNet

Leave a Comment