RSS Trending Cyber News

  • МИД: Обвинения США о «хакерских атаках» России стали рутиной
    Официальный представитель МИД России Мария Захарова призвала американскую сторону «не бросаться необоснованными обвинениями, ложными обвинениями и пользоваться официальными каналами обмена информацией». «Регулярно появляющиеся в США заявления об атаках хакеров, вероятно, как они объясняют,....
  • How I hijacked the top-level domain of a sovereign state
    Note: This issue has been resolved and the .cd ccTLD no longer sends NS delegations to the compromised domain. TL;DR: Imagine what could happen if the country-code top-level domain (ccTLD) of a sovereign state fell into the wrong hands. Here’s how I ( @Almroot ) bought the domain name used in the NS....
  • Ledger : La faille de juillet était plus sérieuse qu’annoncée
    Au mois de juillet, la société française Ledger annonçait avoir été victime d’une fuite de données . Si les porte-monnaie sécurisés commercialisés par la société n’étaient pas inquiétés, Ledger expliquait néanmoins qu’une faille de sécurité découverte sur leur site avait permis à des tiers d’accéder aux données personnelles de 9 500 clients.
  • Cybersecurity Experts On CISA Announcement On Hackers Bypassing MFA To Access Cloud Services
    The dismissal of Christopher Krebs as Director of the Cybersecurity and Infrastructure Security Agency is political, surreal, and disheartening. We in the cybersecurity community are deeply committed to identifying and preventing or blocking all threats to the best of our ability, including misinformation and disinformation.
  • What The “Fortune 490” Needs To Do To...
    Ransomware attacks are only going to accelerate in the coming year, for several reasons. For starters, there’s a well-organised criminal element that has determined that there are piles of money to be made by denying companies access to their data. In fact, Additionally, crypto currency is becoming....
  • Digital hoarders: we've identified four types – which are you?
    How many emails are in your inbox? If the answer is thousands, or if you often struggle to find a file on your computer among its cluttered hard drive, then you might be classed as a digital hoarder. In the physical world, hoarding disorder has been recognised as a distinct psychiatric condition....
  • 两部门规范银行通过 互联网开展个人存款业务
    本报记者 张 歆. 1月15日,银保监会官网披露,为加强对商业银行通过互联网开展个人存款业务的监督管理,维护市场秩序,防范金融风险,保护消费者合法权益,银保监会办公厅、人民银行办公厅近日联合印发了《关于规范商业银行通过互联网开展个人存款业务有关事项的通知》(以下简称《通知》)。银保监会和央行有关部门负责人强调,目前相关商业银行通过非自营网络平台开展的存款业务规模不一,各自的经营状况也有所差别,为避免次生风险,《通知》明确监管部门可根据相关商业银行的风险水平,按照“一行一策”和“平稳过渡”的原则,督促商业银行稳妥有序整改。 《通知》重点明确了以下内容:一是规范业务经营。《通知》要求商业银行依法合....
  • Bar1 New Tab Mac
    Bar1 New Tab Pop-up Mac – Further Information. The primary method via which you might have gotten the unwanted application that may be displaying the Bar1 New Tab pop-ups is likely software installer packing also known as bundling. This means that the pesky software might have ended up in your Mac....
  • Biden folds SolarWinds response, new CISA funding into COVID relief package
    The COVID relief package unveiled by President-elect Biden includes a $690 million infusion for the Cybersecurity and Infrastructure Security Agency to improve security across federal networks in the aftermath of the SolarWinds hack, plus proposed funding to drive technology modernization at agencies.
  • Cyber Security Market Size Worth $326.4 Billion By 2027
    c ompound annual growth rate (CAGR) of 10.0% from 2020 to 2027, according to the new study conducted by Grand View Research, Inc. The rising number of cyber-attacks across networks, applications, and endpoints severely impact organizations in terms of both losses of sensitive data and costs associated with it.

RSS Vulnerabilities

  • Critical vulnerability in Apache Velocity impact government websites
    Cybersecurity specialists revealed the finding of a cross-site scripting (XSS) in Apache Velocity Tools that could be exploited by threat actors to compromise U.S. government websites, including NASA. The flaw was reported 90 days ago, although it appears to have not been corrected to date.
  • Microsoft warns of incoming Windows Zerologon patch enforcement
    Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. is a critical 10/10 rated security flaw tracked as CVE-2020-1472 which, when successfully exploited, enables attackers to elevate privileges to....
  • NA - CVE-2020-35733 - An issue was discovered in Erlang/OTP before...
    This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
  • Low CVE-2020-15221: Combodo ITOP
    Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.
  • Medium CVE-2020-15220: Combodo ITOP
    Description: Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.
  • Medium CVE-2019-4702: IBM Security guardium data encrpytion
    Description: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
  • Medium CVE-2019-4687: IBM Security guardium data encrpytion
    Description: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.
  • This Week in Security: Ubiquiti, Nissan, Zyxel, and Dovecot
    You may have been one of the many of us who received an email from Ubiquiti this week, recommending a password change . The email stated that there was an unauthorized access of Ubiquiti systems, and while there wasn’t evidence of user data being accessed, there was also not enough evidence to say emphatically that […]
  • Microsoft lost Defender zero-day op
    In de patch tuesday van deze maand zorgt Microsoft dat de Defender zero-day-problematiek tot een stop komt. Daarnaast worden er nog 82 beveiligingsbugs gefixt dankzij de update. Inmiddels wordt de patch over de hele wereld uitgerold en is de kans aanwezig dat je hem al hebt geïnstalleerd.
  • Apache Releases Security Advisory for Tomcat
    The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Apache security advisory for....

RSS Threats and Incidents

  • Critical vulnerability in Apache Velocity impact government websites
    Cybersecurity specialists revealed the finding of a cross-site scripting (XSS) in Apache Velocity Tools that could be exploited by threat actors to compromise U.S. government websites, including NASA. The flaw was reported 90 days ago, although it appears to have not been corrected to date.
  • Microsoft warns of incoming Windows Zerologon patch enforcement
    Microsoft today warned admins that updates addressing the Windows Zerologon vulnerability will transition into the enforcement phase starting next month. is a critical 10/10 rated security flaw tracked as CVE-2020-1472 which, when successfully exploited, enables attackers to elevate privileges to....
  • NA - CVE-2020-35733 - An issue was discovered in Erlang/OTP before...
    This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
  • Low CVE-2020-15221: Combodo ITOP
    Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.
  • Medium CVE-2020-15220: Combodo ITOP
    Description: Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, two cookies are created for the same session, which leads to a possibility to steal user session. This is fixed in versions 2.7.2 and 3.0.0.
  • Medium CVE-2019-4702: IBM Security guardium data encrpytion
    Description: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
  • Medium CVE-2019-4687: IBM Security guardium data encrpytion
    Description: IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 171823.
  • This Week in Security: Ubiquiti, Nissan, Zyxel, and Dovecot
    You may have been one of the many of us who received an email from Ubiquiti this week, recommending a password change . The email stated that there was an unauthorized access of Ubiquiti systems, and while there wasn’t evidence of user data being accessed, there was also not enough evidence to say emphatically that […]
  • Microsoft lost Defender zero-day op
    In de patch tuesday van deze maand zorgt Microsoft dat de Defender zero-day-problematiek tot een stop komt. Daarnaast worden er nog 82 beveiligingsbugs gefixt dankzij de update. Inmiddels wordt de patch over de hele wereld uitgerold en is de kans aanwezig dat je hem al hebt geïnstalleerd.
  • Apache Releases Security Advisory for Tomcat
    The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Apache security advisory for....