Changes

From Security Weekly Wiki
Jump to navigationJump to search
Added With Paul's Craptastic Python Script
===Articles===
#[https://www.darkreading.com/edge/theedge/cybercriminals-could-be-coming-after-your-coffee/b/d-id/1339263 Cybercriminals Could be Coming After Your Coffee]
#[https://medium.com/better-programming/jwt-tokens-the-what-how-and-why-6ae3bad26661 JWT Tokens: The What, How, and Why]
#[https://10.51.0.153/2020/10/26/exploit-and-bypass-office-365-defenses/ Attackers finding new ways to exploit and bypass Office 365 defenses - Help Net Security]
#[http://exploit.kitploit.com/2020/10/oracle-vm-virtualbox-buffer-overflow.html Oracle VM VirtualBox Buffer Overflow]
#[https://threatpost.com/ie-browser-death-march/160571/ Microsoft IE Browser Death March Hastens]
#[https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/ 78% of Microsoft 365 admins don't activate MFA - Help Net Security]
#[https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-dont-matter/ Humans are Bad at URLs and Fonts Dont Matter]
#[https://www.securityweek.com/hackers-can-open-doors-exploiting-vulnerabilities-h%C3%B6rmann-device Hackers Can Open Doors by Exploiting Vulnerabilities in Hrmann Device | SecurityWeek.Com]
#[https://urlscan.io/ URL and website scanner - urlscan.io]
#[https://securityaffairs.co/wordpress/110032/iot/irrigation-systems-exposed-online.html Over 100 irrigation systems left exposed online without protection]
#[https://www.securityweek.com/microsoft-introduces-new-password-spray-detection-azure Microsoft Introduces New Password Spray Detection for Azure | SecurityWeek.Com]
#[https://medium.com/swlh/anonymous-authentication-how-to-secure-public-apis-8f295f23dff2 Anonymous Authentication: How to Secure Public APIs]
#[http://www.microsoft.com/security/blog/2020/10/28/back-to-the-future-what-the-jericho-forum-taught-us-about-modern-security/ Back to the future: What the Jericho Forum taught us about modern security - Microsoft Security]
#[http://exploit.kitploit.com/2020/10/nagios-xi-573-remote-command-injection.html Nagios XI 5.7.3 Remote Command Injection]
#[https://www.securityweek.com/stackrox-releases-open-source-tool-finding-kubernetes-misconfigurations StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations | SecurityWeek.Com]
#[https://www.helpnetsecurity.com/2020/10/29/can-automated-penetration-testing-replace-humans/ Can automated penetration testing replace humans? - Help Net Security]
#[https://thehackernews.com/2020/10/kashmirblack-botnet-hijacks-thousands.html KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms]
#[https://threatpost.com/oracle-weblogic-server-rce-flaw-attack/160723/ Oracle WebLogic Server RCE Flaw Under Active Attack]
#[https://www.schneier.com/blog/archives/2020/10/tracking-users-on-waze.html Tracking Users on Waze - Schneier on Security]
#[https://www.securityweek.com/microsoft-introduces-device-vulnerability-report-defender-endpoint Microsoft Introduces Device Vulnerability Report in Defender for Endpoint | SecurityWeek.Com]
#[https://redirectdetective.com/ Redirect Detective - Discover where those redirects really go to]
#[https://film.avclub.com/hackers-may-have-been-of-its-time-but-it-was-also-ahea-1798230815 Hackers may have been of its time, but it was also ahead of it]
#[https://www.helpnetsecurity.com/2020/10/01/amazon-timestream/ AWS launches Amazon Timestream, a serverless time series database for IoT and operational applications - Help Net Security]
#[https://threatpost.com/amazon-alexa-one-click-attack-can-divulge-personal-data/158297/ Amazon Alexa One-Click Attack Can Divulge Personal Data]
#[https://www.zdnet.com/article/redcurl-cybercrime-group-has-hacked-companies-for-three-years/ RedCurl cybercrime group has hacked companies for three years | ZDNet]
#[https://arstechnica.com/information-technology/2020/08/chinese-hackers-have-pillaged-taiwans-semiconductor-industry/ Chinese hackers have pillaged Taiwans semiconductor industry]
#[https://medium.com/@veeralpatel/if-your-email-is-hacked-everything-is-47544aeee699 If your email is hacked, everything is]
#[https://securityaffairs.co/wordpress/106978/breaking-news/teamviewer-flaw-system-password.html TeamViewer flaw can allow hackers to steal System password]
#[https://threatpost.com/researcher-publishes-bypass-for-patch-for-vbulletin-0-day-flaw/158232/ Researcher Publishes Patch Bypass for vBulletin 0-Day]
#[https://www.zdnet.com/article/adobe-tackles-critical-code-execution-vulnerabilities-in-acrobat-reader/ Adobe tackles critical code execution vulnerabilities in Acrobat, Reader | ZDNet]
#[https://www.securityweek.com/windows-and-ie-zero-day-vulnerabilities-chained-powerfall-attacks Windows and IE Zero-Day Vulnerabilities Chained in 'PowerFall' Attacks | SecurityWeek.Com]
#[https://www.darkreading.com/attacks-breaches/sans-security-training-firm-hit-with-data-breach/d/d-id/1338647 SANS Security Training Firm Hit with Data Breach]
#[https://securityaffairs.co/wordpress/107076/hacking/attackers-control-23-tor-exit-nodes.html Threat actors managed to control 23% of Tor Exit nodes]
#[https://www.helpnetsecurity.com/2020/08/13/most-security-pros-are-concerned-about-human-error-exposing-cloud-data/ Most security pros are concerned about human error exposing cloud data - Help Net Security]
#[https://www.securityweek.com/stick-plan-until-it-not-longer-makes-sense Stick With The Plan Until It Not Longer Makes Sense | SecurityWeek.Com]
#[https://www.darkreading.com/omdia/black-hat-usa-2020-shines-spotlight-on-the-mental-challenges-of-cybersecurity/a/d-id/1338658 Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity]
#[https://arstechnica.com/information-technology/2020/08/your-mobile-calls-may-be-vulnerable-to-a-new-revolting-eavesdrop-attack/ Hackers can eavesdrop on mobile calls with $7,000 worth of equipment]
#[https://www.techrepublic.com/article/sans-cybersecurity-training-firm-suffers-data-breach-due-to-phishing-attack/ SANS cybersecurity training firm suffers data breach due to phishing attack]
#[http://msrc-blog.microsoft.com/2020/07/02/solving-uninitialized-kernel-pool-memory-on-windows/ Solving Uninitialized Kernel Pool Memory on Windows - Microsoft Security Response Center]
#[http://msrc-blog.microsoft.com/2020/05/13/solving-uninitialized-stack-memory-on-windows/ Solving Uninitialized Stack Memory on Windows - Microsoft Security Response Center]
#[https://www.sans.org/blog/vulnerability-management-maturity-model/ Vulnerability Management Maturity Model | SANS Institute]
#[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY Cisco Small Business Smart and Managed Switches Session Management Vulnerability]
#[https://news.hitb.org/content/hackers-are-exploiting-5-alarm-bug-networking-equipment Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment]
#[https://securityaffairs.co/wordpress/105547/security/talos-chrome-firefox-flaws.html Cisco Talos discloses technicals details of Chrome, Firefox flaws]
#[https://www.zdnet.com/article/google-open-sources-tsunami-vulnerability-scanner/ Google open-sources Tsunami vulnerability scanner | ZDNet]
#[https://securityaffairs.co/wordpress/105662/hacking/f5-big-ip-flaw-mitigation-bypass.html Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw]
#[https://www.schneier.com/blog/archives/2020/07/half_a_million.html Half a Million IoT Passwords Leaked - Schneier on Security]
#[https://www.vice.com/en_us/article/qj43xq/cops-seize-blueleaks-ddosecrets-server Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says]
#[https://threatpost.com/notorious-hacker-fxmsp-outed/157275/ Notorious Hacker Fxmsp Outed After Widespread Access-Dealing]
#[https://news.hitb.org/content/trump-administration-looking-ban-tiktok-other-chinese-apps Trump administration looking into ban on TikTok, other Chinese apps]
#[https://www.securityweek.com/palo-alto-networks-patches-command-injection-vulnerabilities-pan-os Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS | SecurityWeek.Com]
#[https://isc.sans.edu/diary.html?storyid=26330 InfoSec Handlers Diary Blog]
#[https://www.darkreading.com/vulnerabilities---threats/pen-testing-roi-how-to-communicate-the-value-of-security-testing/a/d-id/1338257 Pen Testing ROI: How to Communicate the Value of Security Testing]
#[https://www.darkreading.com/vulnerabilities---threats/6-tips-for-getting-the-most-from-nessus/d/d-id/1338310 6 Tips for Getting the Most From Nessus]
#[https://www.helpnetsecurity.com/2020/07/09/zoom-zero-day-windows/ Zoom zero-day flaw allows code execution on victim's Windows machine - Help Net Security]
#[https://www.theregister.com/2020/07/09/separating_good_data_from_clutter/ How to build a cyber threat intelligence program while cutting through the noise]
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
7,886

edits

Navigation menu