Difference between revisions of "Template:PSW672NewsPaulAsadoorian"

From Security Weekly Wiki
Jump to navigationJump to search
Line 7: Line 7:
 
#[https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/ 78% of Microsoft 365 admins don't activate MFA - Help Net Security] - 99% is a lot... ''According to SANS, 99% of data breaches can be prevented using MFA. This is a huge security risk, particularly during a time when so many employees are working remotely.''
 
#[https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/ 78% of Microsoft 365 admins don't activate MFA - Help Net Security] - 99% is a lot... ''According to SANS, 99% of data breaches can be prevented using MFA. This is a huge security risk, particularly during a time when so many employees are working remotely.''
 
#[https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-dont-matter/ Humans are Bad at URLs and Fonts Dont Matter] - This is why you need more than awareness training.
 
#[https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-dont-matter/ Humans are Bad at URLs and Fonts Dont Matter] - This is why you need more than awareness training.
#[https://www.securityweek.com/hackers-can-open-doors-exploiting-vulnerabilities-h%C3%B6rmann-device Hackers Can Open Doors by Exploiting Vulnerabilities in Hrmann Device | SecurityWeek.Com]
+
#[https://www.securityweek.com/hackers-can-open-doors-exploiting-vulnerabilities-h%C3%B6rmann-device Hackers Can Open Doors by Exploiting Vulnerabilities in Hrmann Device | SecurityWeek.Com] - ''In one attack scenario described by SEC Consult for SecurityWeek, an attacker who is able to connect to the local network can open doors connected to the Hörmann gateway by executing a small script. The attack does not require authentication and it can be conducted from a mobile phone.''
 
#[https://urlscan.io/ URL and website scanner - urlscan.io]
 
#[https://urlscan.io/ URL and website scanner - urlscan.io]
 
#[https://securityaffairs.co/wordpress/110032/iot/irrigation-systems-exposed-online.html Over 100 irrigation systems left exposed online without protection]
 
#[https://securityaffairs.co/wordpress/110032/iot/irrigation-systems-exposed-online.html Over 100 irrigation systems left exposed online without protection]

Revision as of 18:40, 29 October 2020

Articles

  1. Cybercriminals Could be Coming After Your Coffee - From the article: When it comes to whether you should get an IoT device or not, the general rule is to first ask yourself this question: Do I really need my light bulb/coffee pot/washing machine/doorbell/other household items to be smart? The real question is "When will I no longer have a choice?".
  2. JWT Tokens: The What, How, and Why - This helped me understand things: The main difference to notice here is that with cookies, the information is stored server-side, while with JWT, since the information is stored in the actual token, the information is stored client-side. Since the server doesn’t need to remember anything, this simplifies things a lot, especially when working with multiple servers and having different sessions. Some JWT attacks rely on poor key management....
  3. Attackers finding new ways to exploit and bypass Office 365 defenses - Help Net Security - Oh, all we need is Zero Trust: Zero-trust email: ​Adhere to a zero-trust-email approach, which should serve as a baseline for an email security strategy. All email, especially ongoing interactions with external partners and suppliers, should be considered areas of compromise.
  4. Oracle VM VirtualBox Buffer Overflow - A buffer overflow vulnerability in Oracle VM VirtualBox was privately reported to Oracle on September 22, 2020 and was silently patched in VM VirtualBox version 6.1.16r140961. Not-so-silent (though no exploit example was provided, I didn't look further).
  5. Microsoft IE Browser Death March Hastens - Most users are running Chrome, Chrome has plenty of vulnerabilities, do we need IE any longer?
  6. 78% of Microsoft 365 admins don't activate MFA - Help Net Security - 99% is a lot... According to SANS, 99% of data breaches can be prevented using MFA. This is a huge security risk, particularly during a time when so many employees are working remotely.
  7. Humans are Bad at URLs and Fonts Dont Matter - This is why you need more than awareness training.
  8. Hackers Can Open Doors by Exploiting Vulnerabilities in Hrmann Device | SecurityWeek.Com - In one attack scenario described by SEC Consult for SecurityWeek, an attacker who is able to connect to the local network can open doors connected to the Hörmann gateway by executing a small script. The attack does not require authentication and it can be conducted from a mobile phone.
  9. URL and website scanner - urlscan.io
  10. Over 100 irrigation systems left exposed online without protection
  11. Microsoft Introduces New Password Spray Detection for Azure | SecurityWeek.Com
  12. Anonymous Authentication: How to Secure Public APIs
  13. Back to the future: What the Jericho Forum taught us about modern security - Microsoft Security
  14. Nagios XI 5.7.3 Remote Command Injection
  15. StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations | SecurityWeek.Com
  16. Can automated penetration testing replace humans? - Help Net Security
  17. KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
  18. Oracle WebLogic Server RCE Flaw Under Active Attack
  19. Tracking Users on Waze - Schneier on Security
  20. Microsoft Introduces Device Vulnerability Report in Defender for Endpoint | SecurityWeek.Com
  21. Redirect Detective - Discover where those redirects really go to
  22. Hackers may have been of its time, but it was also ahead of it