Changes

From Security Weekly Wiki
Jump to navigationJump to search
Added With Paul's Craptastic Python Script
===Articles===
#[https://www.cyberscoop.com/data-breach-cyentia-institute-extreme/ Not all cyberattacks are created equal: What researchers learned from 103 'extreme' events - CyberScoop]
#[http://exploit.kitploit.com/2020/11/rapid7-metasploit-framework-msfvenom.html Rapid7 Metasploit Framework msfvenom APK Template Command Injection]
#[https://medium.com/@andrewselig/the-sad-state-of-two-factor-authentication-in-u-s-banking-580b109fa2f3 The Sad State of Two-Factor Authentication in U.S. Banking]
#[https://medium.com/oreillymedia/container-security-threats-38649261fb4f Container Security Threats]
#[https://www.schneier.com/blog/archives/2020/11/the-security-failures-of-online-exam-proctoring.html The Security Failures of Online Exam Proctoring - Schneier on Security]
#[https://arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ DNS cache poisoning, the Internet attack from 2008, is back from the dead]
#[https://www.zdnet.com/article/google-patches-two-more-chrome-zero-days/ Google patches two more Chrome zero-days | ZDNet]
#[https://www.securityweek.com/term-threat-intelligence-poisoned-it-does-not-mean-what-you-think-it-means The Term "Threat Intelligence" is Poisoned. It Does Not Mean What You Think it Means. | SecurityWeek.Com]
#[https://threatpost.com/bugs-critical-infrastructure-gear-attacks/161164/ Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks]
#[https://akijosberryblog.wordpress.com/2020/11/08/yantra-manav-a-wormable-ssh-bot/ Yantra Manav A wormable SSH bot]
#[http://exploit.kitploit.com/2020/11/saltstack-salt-rest-api-arbitrary.html SaltStack Salt REST API Arbitrary Command Execution]
#[https://www.helpnetsecurity.com/2020/11/12/sms-voice-mfa/ Microsoft advises users to stop using SMS- and voice-based MFA - Help Net Security]
#[https://securityaffairs.co/wordpress/110782/hacking/cobalt-strike-source-code.html The alleged decompiled source code of Cobalt Strike toolkit leaked online]
#[https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE How to get root on Ubuntu 20.04 by pretending nobodys /home - GitHub Security Lab]
#[https://blog.fox-it.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ Decrypting OpenSSH sessions for fun and profit]
#[https://www.zdnet.com/article/this-new-malware-wants-to-add-your-linux-servers-and-iot-devices-to-its-botnet/ This new malware wants to add your Linux servers and IoT devices to its botnet | ZDNet]
#[https://www.vice.com/en/article/xgzxmk/google-project-zero-bugs-used-to-hack-iphones-and-android-phones Mysterious Bugs Were Used to Hack iPhones and Android Phones and No One Will Talk About It]
#[https://www.quantamagazine.org/computer-scientists-achieve-crown-jewel-of-cryptography-20201110/ Computer Scientists Achieve Crown Jewel of Cryptography]
#[https://www.helpnetsecurity.com/2020/10/01/amazon-timestream/ AWS launches Amazon Timestream, a serverless time series database for IoT and operational applications - Help Net Security]
#[https://threatpost.com/amazon-alexa-one-click-attack-can-divulge-personal-data/158297/ Amazon Alexa One-Click Attack Can Divulge Personal Data]
#[https://www.zdnet.com/article/redcurl-cybercrime-group-has-hacked-companies-for-three-years/ RedCurl cybercrime group has hacked companies for three years | ZDNet]
#[https://arstechnica.com/information-technology/2020/08/chinese-hackers-have-pillaged-taiwans-semiconductor-industry/ Chinese hackers have pillaged Taiwans semiconductor industry]
#[https://medium.com/@veeralpatel/if-your-email-is-hacked-everything-is-47544aeee699 If your email is hacked, everything is]
#[https://securityaffairs.co/wordpress/106978/breaking-news/teamviewer-flaw-system-password.html TeamViewer flaw can allow hackers to steal System password]
#[https://threatpost.com/researcher-publishes-bypass-for-patch-for-vbulletin-0-day-flaw/158232/ Researcher Publishes Patch Bypass for vBulletin 0-Day]
#[https://www.zdnet.com/article/adobe-tackles-critical-code-execution-vulnerabilities-in-acrobat-reader/ Adobe tackles critical code execution vulnerabilities in Acrobat, Reader | ZDNet]
#[https://www.securityweek.com/windows-and-ie-zero-day-vulnerabilities-chained-powerfall-attacks Windows and IE Zero-Day Vulnerabilities Chained in 'PowerFall' Attacks | SecurityWeek.Com]
#[https://www.darkreading.com/attacks-breaches/sans-security-training-firm-hit-with-data-breach/d/d-id/1338647 SANS Security Training Firm Hit with Data Breach]
#[https://securityaffairs.co/wordpress/107076/hacking/attackers-control-23-tor-exit-nodes.html Threat actors managed to control 23% of Tor Exit nodes]
#[https://www.helpnetsecurity.com/2020/08/13/most-security-pros-are-concerned-about-human-error-exposing-cloud-data/ Most security pros are concerned about human error exposing cloud data - Help Net Security]
#[https://www.securityweek.com/stick-plan-until-it-not-longer-makes-sense Stick With The Plan Until It Not Longer Makes Sense | SecurityWeek.Com]
#[https://www.darkreading.com/omdia/black-hat-usa-2020-shines-spotlight-on-the-mental-challenges-of-cybersecurity/a/d-id/1338658 Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity]
#[https://arstechnica.com/information-technology/2020/08/your-mobile-calls-may-be-vulnerable-to-a-new-revolting-eavesdrop-attack/ Hackers can eavesdrop on mobile calls with $7,000 worth of equipment]
#[https://www.techrepublic.com/article/sans-cybersecurity-training-firm-suffers-data-breach-due-to-phishing-attack/ SANS cybersecurity training firm suffers data breach due to phishing attack]
#[http://msrc-blog.microsoft.com/2020/07/02/solving-uninitialized-kernel-pool-memory-on-windows/ Solving Uninitialized Kernel Pool Memory on Windows - Microsoft Security Response Center]
#[http://msrc-blog.microsoft.com/2020/05/13/solving-uninitialized-stack-memory-on-windows/ Solving Uninitialized Stack Memory on Windows - Microsoft Security Response Center]
#[https://www.sans.org/blog/vulnerability-management-maturity-model/ Vulnerability Management Maturity Model | SANS Institute]
#[https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbswitch-session-JZAS5jnY Cisco Small Business Smart and Managed Switches Session Management Vulnerability]
#[https://news.hitb.org/content/hackers-are-exploiting-5-alarm-bug-networking-equipment Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment]
#[https://securityaffairs.co/wordpress/105547/security/talos-chrome-firefox-flaws.html Cisco Talos discloses technicals details of Chrome, Firefox flaws]
#[https://www.zdnet.com/article/google-open-sources-tsunami-vulnerability-scanner/ Google open-sources Tsunami vulnerability scanner | ZDNet]
#[https://securityaffairs.co/wordpress/105662/hacking/f5-big-ip-flaw-mitigation-bypass.html Threat actors found a way to bypass mitigation F5 BIG-IP CVE-2020-5902 flaw]
#[https://www.schneier.com/blog/archives/2020/07/half_a_million.html Half a Million IoT Passwords Leaked - Schneier on Security]
#[https://www.vice.com/en_us/article/qj43xq/cops-seize-blueleaks-ddosecrets-server Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says]
#[https://threatpost.com/notorious-hacker-fxmsp-outed/157275/ Notorious Hacker Fxmsp Outed After Widespread Access-Dealing]
#[https://news.hitb.org/content/trump-administration-looking-ban-tiktok-other-chinese-apps Trump administration looking into ban on TikTok, other Chinese apps]
#[https://www.securityweek.com/palo-alto-networks-patches-command-injection-vulnerabilities-pan-os Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS | SecurityWeek.Com]
#[https://isc.sans.edu/diary.html?storyid=26330 InfoSec Handlers Diary Blog]
#[https://www.darkreading.com/vulnerabilities---threats/pen-testing-roi-how-to-communicate-the-value-of-security-testing/a/d-id/1338257 Pen Testing ROI: How to Communicate the Value of Security Testing]
#[https://www.darkreading.com/vulnerabilities---threats/6-tips-for-getting-the-most-from-nessus/d/d-id/1338310 6 Tips for Getting the Most From Nessus]
#[https://www.helpnetsecurity.com/2020/07/09/zoom-zero-day-windows/ Zoom zero-day flaw allows code execution on victim's Windows machine - Help Net Security]
#[https://www.theregister.com/2020/07/09/separating_good_data_from_clutter/ How to build a cyber threat intelligence program while cutting through the noise]
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
===Articles===
7,886

edits

Navigation menu