Difference between revisions of "Template:PSW652NewsPaulAsadoorian"

From Security Weekly Wiki
Jump to navigationJump to search
Line 10: Line 10:
 
#[https://www.securityweek.com/bluetooth-vulnerability-allows-attackers-impersonate-previously-paired-devices Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices | SecurityWeek.Com]
 
#[https://www.securityweek.com/bluetooth-vulnerability-allows-attackers-impersonate-previously-paired-devices Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices | SecurityWeek.Com]
 
#[https://security.googleblog.com/2020/05/enhanced-safe-browsing-protection-now.html Enhanced Safe Browsing Protection now available in Chrome]
 
#[https://security.googleblog.com/2020/05/enhanced-safe-browsing-protection-now.html Enhanced Safe Browsing Protection now available in Chrome]
#[https://www.helpnetsecurity.com/2020/05/20/easyjet-data-breach-9-million-customers-affected/ EasyJet data breach: 9 million customers affected - Help Net Security]
+
#[https://www.helpnetsecurity.com/2020/05/20/easyjet-data-breach-9-million-customers-affected/ EasyJet data breach: 9 million customers affected - Help Net Security] - Comment from a security vendor: ''Many, however, still need to understand that there is a better way to manage security, risk and compliance requirements and it most certainly is not ‘what we’ve always done’. In an industry that has defined ‘automation’ and ‘process efficiencies’, applying the same to Information Security would quite literally revolutionise their ability to detect, respond and mitigate against the largely traditional raft of attack TTP’s we’ve seen targeted at aviation this past decade.'' Agree?
 
#[https://www.helpnetsecurity.com/2020/05/20/qmail-rce/ Vulnerability in Qmail mail transport agent allows RCE - Help Net Security]
 
#[https://www.helpnetsecurity.com/2020/05/20/qmail-rce/ Vulnerability in Qmail mail transport agent allows RCE - Help Net Security]
 
#[https://www.securityweek.com/remote-code-execution-vulnerability-patched-vmware-cloud-director Remote Code Execution Vulnerability Patched in VMware Cloud Director | SecurityWeek.Com]
 
#[https://www.securityweek.com/remote-code-execution-vulnerability-patched-vmware-cloud-director Remote Code Execution Vulnerability Patched in VMware Cloud Director | SecurityWeek.Com]

Revision as of 21:09, 21 May 2020

Articles

  1. vBulletin 5.6.1 - 'nodeId' SQL Injection - And it has been released! Please use it responsibly (and patch your systems).
  2. Online Healthcare Patient Record Management System 1.0 - Authentication Bypass - Wow, just wow: The login.php file allows a user to just supply ‘ or 1=1 – as a username and whatever password and bypass the authentication. Looks like this is a small project from an individual. We need to take the time to educate...
  3. Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit) - Interesting exploit, it does require authentication (but then allows for a root shell).
  4. SANS ISC - Malware Triage with FLOSS: API Calls Based Behavior | /dev/random - Really cool article, using FLAME to analyze potential malware samples.
  5. Hackers target the air-gapped networks of the Taiwanese and Philippine military | ZDNet
  6. Stored XSS in WP Product Review Lite plugin allows for automated takeovers
  7. 'Mandrake' Android Spyware Remained Undetected for 4 Years | SecurityWeek.Com
  8. The 3 Top Cybersecurity Myths & What You Should Know
  9. Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices | SecurityWeek.Com
  10. Enhanced Safe Browsing Protection now available in Chrome
  11. EasyJet data breach: 9 million customers affected - Help Net Security - Comment from a security vendor: Many, however, still need to understand that there is a better way to manage security, risk and compliance requirements and it most certainly is not ‘what we’ve always done’. In an industry that has defined ‘automation’ and ‘process efficiencies’, applying the same to Information Security would quite literally revolutionise their ability to detect, respond and mitigate against the largely traditional raft of attack TTP’s we’ve seen targeted at aviation this past decade. Agree?
  12. Vulnerability in Qmail mail transport agent allows RCE - Help Net Security
  13. Remote Code Execution Vulnerability Patched in VMware Cloud Director | SecurityWeek.Com
  14. Israel is suspected to be behind the cyberattack on Iranian port
  15. Vulnerabilities Exposed Hundreds of Thousands of QNAP NAS Devices to Attacks | SecurityWeek.Com
  16. ISC Releases Security Advisory for BIND | CISA
  17. Stealing Secrets from Developers using Websockets
  18. Chrome 83 adds DNS-over-HTTPS support and privacy tweaks
  19. Signal fixes location-revealing flaw, introduces Signal PINs - Help Net Security
  20. XSS, Open Redirect Vulnerabilities Patched in Drupal | SecurityWeek.Com - This could be so much fun: a user could be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL.
  21. The Need for Compliance in a Post-COVID-19 World
  22. Zoom to Provide Detailed Info on Upcoming End-to-End Encryption Feature | SecurityWeek.Com
  23. Google Begins Encrypting Domain Name Lookups
  24. Microsoft: we were wrong about open source - How things change: Former Microsoft CEO Steve Ballmer famously branded Linux “a cancer that attaches itself in an intellectual property sense to everything it touches” back in 2001.
  25. Official reminds public to avoid touching other people's balls as crowd giggles