Aggregator

劫持其他APT组织基础设施实施攻击，APT组织新战术曝光；罗克韦尔自动化软件曝多个严重漏洞，可被利用执行远程代码 | 牛览

For the latest discoveries in cyber research for the week of 9th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Romania’s Constitutional Court annulled the first round of its presidential election after declassified intelligence revealed Russian interference favoring right wing candidate Călin Georgescu. The interference involved a sophisticated social media campaign on […]

The post 9th December – Threat Intelligence Report appeared first on Check Point Research.

The Birth of the Scam-Safe Accord The Scam-Safe Accord (also called the ScamSafe Accord or Scam Safe Accord) is an initiative launched by the Australian Banking Association in response to the increasing prevalence of scams and fraud targeting consumers in the financial sector. Australia’s top banks and financial institutions, usually fierce competitors, came together with […]

The post A Secure Future in Australia with the Scam-Safe Accord appeared first on Security Boulevard.

RSA announced expanded phishing-resistant, passwordless capabilities. Built to secure financial services organizations, government agencies, healthcare, and other highly-regulated industries from the most frequent and highest-impact attacks, these new RSA capabilities meet the most stringent cybersecurity regulations and are a key asset in developing a Zero Trust security architecture: The FIDO2 Certified RSA Authenticator App 4.5 for iOS and Android: RSA now makes it easy to deploy FIDO2-Certified device-bound passkeys on users’ mobile devices through RSA … More →

The post RSA expands phishing-resistant, passwordless capabilities appeared first on Help Net Security.

A vulnerability was found in Docker Engine up to 1.8.2. It has been classified as critical. This affects an unknown part of the component Image Layer Handler. The manipulation leads to improper input validation (Cache Poisoning). This vulnerability is uniquely identified as CVE-2014-8178. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Docker Engine up to 1.8.2. It has been declared as critical. This vulnerability affects unknown code of the component Manifest Handler. The manipulation leads to improper input validation. This vulnerability was named CVE-2014-8179. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in BMC Track-It! 11.3.0. This issue affects some unknown processing of the component Password Reset. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2014-8270. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Calender Base up to 1.5.3 and classified as critical. Affected by this issue is some unknown functionality of the component PCRE Library. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2014-8325. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Smarty up to 2.6.8. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation of the argument language=php> leads to code injection. This vulnerability is handled as CVE-2014-8350. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

从勒索软件到APT：揭开制造业面临的8大网络安全威胁

劫持其他APT组织基础设施实施攻击，APT组织新战术曝光；罗克韦尔自动化软件曝多个严重漏洞，可被利用执行远程代码 | 牛览

В этот день более полувека назад было представлено устройство, без которого невозможно представить современный компьютер. История, эволюция и интересные факты о мыши, которая изменила всё.

Hornetsecurity unveiled an upgraded version of its 365 Total Backup solution, introducing self-service recovery for end users while also offering full backup and recovery support for Microsoft OneNote. This new functionality is also available with 365 Total Protection Plans 3 and 4. Enabling end users to independently recover their own data Hornetsecurity has added a new self-service functionality to its backup solution. This allows end users to independently recover their mailbox, OneDrive and OneNote data … More →

The post Hornetsecurity boosts 365 Total Backup with self-service recovery for end users appeared first on Help Net Security.

A vulnerability classified as very critical was found in Adobe Flash Player 11.2.202.491/18.0.0.209. Affected by this vulnerability is an unknown functionality. The manipulation leads to type confusion. This vulnerability is known as CVE-2015-5558. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Composr 10.0.36. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component XML Script Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2021-30150. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Simple Task Managing System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username/password leads to information disclosure. This vulnerability is known as CVE-2022-40032. The attack needs to be done within the local network. Furthermore, there is an exploit available.

Google 延长了 Pixel 6 和 7 的软件更新两年。Google 去年宣布为 Pixel 8 和 9 系列智能手机提供七年的软件更新和安全更新，对于之前发布的 Pixel 6 和 7 则是三年的软件更新和五年的安全更新。现在 Google 将软件更新和安全更新时间保持了一致，都延长到五年更新。同时获得延长的还有折叠手机 Pixel Fold。

Amazon Web Services (AWS) is reporting that since last April more than 750,000 root user accounts on its AWS Organizations console for managing access to cloud services have enabled multifactor authentication (MFA).

The post AWS Makes Significant Progress on Driving MFA Adoption appeared first on Security Boulevard.

Nearly 50% of observed traffic is looking for accidentally exposed data.