About the security content of iOS 13.1 and iPadOS 13.1
About the security content of iOS 13.1 and iPadOS 13.1 This document describes the security content of iOS 13.1 and iPadOS 13.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
9.8CVSS
0.4AI Score
0.43EPSS
News Wrap: Emotet's Return, U.S. Vs. Snowden, Physical Pen Testers Arrested
From the re-emergence of an infamous malware, to a new lawsuit against Edward Snowden, Threatpost editors Lindsey O’Donnell and Tara Seals break down this week’s top news. Top stories include: Emotet, the notorious banking trojan, is back after a summer hiatus. The U.S. sued Edward Snowden over...
-0.8AI Score
Edward Snowden Sued by U.S. Over New Memoir
The U.S. has sued whistleblower Edward Snowden over his new memoir, alleging he published the book in violation of non-disclosure agreements signed with both the CIA and NSA. Edward Snowden, a former employee of the Central Intelligence Agency and contractor for the National Security Agency (NSA),....
-0.1AI Score
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk...
9.8CVSS
6.7AI Score
0.007EPSS
About the security content of iOS 12.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, see....
7.8CVSS
0.4AI Score
0.867EPSS
iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts
An iPhone lock screen bypass has been discovered that could enable an attacker to access victims’ address books, including their contacts’ names, email addresses, phone numbers, mailing addresses and more. The hack was first discovered by researcher Jose Rodriguez, an Apple enthusiast based in...
-0.5AI Score
0.002EPSS
September 10, 2019—KB4515384 (OS Build 18362.356)
September 10, 2019—KB4515384 (OS Build 18362.356) Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard. Note This release also contains updates for Microsoft HoloLens (OS Build 18362.1031) released September 10, 2019. Microsoft will release an...
7.5AI Score
0.279EPSS
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil." I dropped it both because it stopped being fun and because almost everyone converged on...
-0.2AI Score
PenTestIT RSS Feed Good news guys! The Nmap 7.80 update is now available and this is the Defcon release. We've had to wait for such a long time since the guys behind Nmap were extremely busy improving the Npcap raw packet capturing/sending driver. It now uses modern APIs and is more performant as.....
0.1AI Score
0.023EPSS
Cyberattack Lateral Movement Explained
[Lightly edited transcript of the video above] Hi there, Mark Nunnikhoven from Trend Micro Research, I want to talk to you about the concept of lateral movement. And the reason why I want to tackle this today is because I've had some conversations in the last few days that have really kind of hit.....
-0.7AI Score
Critical Bug in Android Antivirus Exposes Address Books
A slew of popular free Android antivirus apps in recent testing proved to have security holes and privacy issues – including a critical vulnerability that exposes user’s address books, and another serious flaw that enables attackers to turn off antivirus protection entirely. According to an...
-0.2AI Score
How Privacy Laws Hurt Defendants
Rebecca Wexler has an interesting op-ed about an inadvertent harm that privacy laws can cause: while law enforcement can often access third-party data to aid in prosecution, the accused don't have the same level of access to aid in their defense: The proposed privacy laws would make this...
1.3AI Score
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the...
9.8CVSS
7.7AI Score
0.001EPSS
New York's Revenge Porn Law Is a Flawed Step Forward
All but four states in the US now have a revenge porn law on the books. But advocates say precious few get it...
0.4AI Score
Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al...
6.5CVSS
6.9AI Score
0.001EPSS
Clickable Endnotes to Click Here to Kill Everybody
In Click Here to Kill Everybody, I promised clickable endnotes. They're finally...
2.4AI Score
Applied Cryptography is Banned in Oregon Prisons
My Applied Cryptography is on a list of books banned in Oregon prisons. It's not me -- and it's not cryptography -- it's that the prisons ban books that teach people to code. The subtitle is "Algorithms, Protocols, and Source Code in C" -- and that's the reason. My more recent Cryptography...
2.6AI Score
Mac Malware Pushed via Google Search Results, Masquerades as Flash Installer
Never-before-seen Mac malware, dubbed OSX/CrescentCore, has been discovered in the wild. The trojan, spotted on various websites masquerading as an Adobe Flash Player installer, drops malicious applications and browser extensions on victims’ systems when downloaded. OSX/CrescentCore is spread via.....
0.2AI Score
Happy Birthday TaoSecurity.com
Nineteen years ago this week I registered the domain taosecurity.com: Creation Date: 2000-07-04T02:20:16Z This was 2 1/2 years before I started blogging, so I don't have much information from that era. I did create the first taosecurity.com Web site shortly thereafter. I first started hosting it...
-0.8AI Score
I started appearing in media reports in 2000. I used to provide this information on my Web site, but since I don't keep that page up-to-date anymore, I decided to publish it here. As of 2017, Mr. Bejtlich generally declines press inquiries on cybersecurity matters, including those on...
7AI Score
-0.4AI Score
0.01EPSS
How I Discovered My First Vulnerability
By David Balaban I have read a couple of books recently about different vulnerabilities in order to be able to better protect my projects/websites. Today, I want to share a story about how I managed to use this knowledge in practice. Disclaimer This material is posted for educational purposes...
3.1AI Score
PhoneInfoga - Advanced Information Gathering & OSINT Tool For Phone Numbers
PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with very good accuracy. Then search for footprints on search engines to...
7.2AI Score
Today's children navigate the Internet better than adults. They are not afraid to try out new technology, and are quick to grasp new trends and sometimes invent their own. New social networks, mobile games, music, and gadgets are all part and parcel of their daily lives. But just because they feel....
-0.1AI Score
Video game portrayals of hacking: NITE Team 4
Note: The developers of NITE Team 4 granted the blog author access to the game plus DLC content. A little while ago, an online acquaintance of mine asked if a new video game based on hacking called NITE Team 4 was in any way realistic, or “doable” in terms of the types of hacking it portrayed...
-0.3AI Score
P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance". 0. How to install The latest image could be found under release tab. The easiest way to...
7AI Score
Build Bikes and Go Fast: Why Building Bikes is Critical to Imperva’s Success
In May 2019, seventy members of Imperva’s global leadership team gathered in one location to share insights, to develop and commit to our future strategy, and to build bikes. That’s right, to build bikes. Of course, that bit about developing and committing to our future strategy is undeniably...
AI Score
0.5AI Score
EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)
According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x...
0.9AI Score
0.832EPSS
Safeguard your most sensitive data with Microsoft 365
I am Security Operations’ (SecOps) worst nightmare. Or at least I used to be. As an industrious product marketer, I often share intellectual property (think: details of new product capabilities) or spreadsheets that contain customer personal identifying information (PII) with colleagues and...
1AI Score
“There Are No Hackers, There Are Only Spies”
In December 2015, I opened a letter from the Office of Personnel Management. The OPM oversees healthcare and insurance programs, administers retirement and benefit services, and assists federal agencies in hiring new employees and providing federal investigative services for background checks....
-0.3AI Score
9.8CVSS
8.3AI Score
0.037EPSS
Fedora Update for php-horde-turba FEDORA-2019-6119518602
The remote host is missing an update for...
7.5AI Score
Fedora Update for php-horde-turba FEDORA-2019-e29ba2d34a
The remote host is missing an update for...
7.5AI Score
Get security beyond Microsoft products with Microsoft 365
Over time, organizations and individuals acquire stuff. Things we love and things we need. Things we don’t need but can’t seem to get rid of. I was confronted with this challenge when we bought a 1908 craftsman home. How could I make my beloved modern furniture and mandatory kid-friendly gear...
-0.1AI Score
[SECURITY] Fedora 29 Update: php-horde-turba-4.2.24-1.fc29
Turba is the Horde contact management application. Leveraging the Horde framework to provide seamless integration with IMP and other Horde applications, it supports storing contacts in SQL, LDAP, Kolab, and IMSP address...
1.2AI Score
[SECURITY] Fedora 28 Update: php-horde-turba-4.2.24-1.fc28
Turba is the Horde contact management application. Leveraging the Horde framework to provide seamless integration with IMP and other Horde applications, it supports storing contacts in SQL, LDAP, Kolab, and IMSP address...
1.2AI Score
Fedora 30 : 1:gnome-bluetooth / at-spi2-core / atomix / bijiben / containers / etc (2019-ac2a21ff07)
This update fixes a bug in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all...
-0.6AI Score
Fedora Update for php-horde-turba FEDORA-2019-146df522df
The remote host is missing an update for...
7.5AI Score
[SECURITY] Fedora 30 Update: php-horde-turba-4.2.24-1.fc30
Turba is the Horde contact management application. Leveraging the Horde framework to provide seamless integration with IMP and other Horde applications, it supports storing contacts in SQL, LDAP, Kolab, and IMSP address...
1.2AI Score
Flerken - Obfuscated Command Detection Tool
Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...
7.6AI Score
Understand and improve your security posture with Microsoft 365
I kickstarted 2019 with a “dry,” keto January. And, as so often happens, I found a parallel between my personal life and my chosen industry, cybersecurity. In this case, it was measurement. How do you know if you’re healthy? There are clear indicators when you’re not healthy, such as a sore throat....
0.1AI Score
An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. This could lead to arbitrary code executing inside the Windows kernel and allow escalation of...
7.8CVSS
7.5AI Score
0.001EPSS
7.5CVSS
6.2AI Score
0.15EPSS
Threat Roundup for April 12 to April 19
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 12 and April 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
7.6AI Score
[SECURITY] Fedora 30 Update: gnome-books-3.32.0-3.fc30
Books is a simple application to access and organize your e-books on GNOME. It is meant to be a simple and elegant replacement for using a file manager to deal with...
2.2AI Score
Defend your digital landscape with Microsoft 365
What is it about the middle of the night that brings our fears to the surface? For me, it’s the unknown dangers that may confront my young daughter and how I will protect her. Fear of the unknown can also disrupt the sleep of a chief information security officer (CISO) who worries about the...
AI Score
A "Department of Cybersecurity"
Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this...
2.5AI Score
Discover and manage shadow IT with Microsoft 365
While IT teams methodically plan corporate adoption of cloud services, the rest of us have dived in headfirst. Ten years ago, a vendor shared a video file with me via Dropbox because it was too big to email. It was my first experience with a cloud file sharing service, and when I realized I could.....
-0.2AI Score
Cobalt Strike. Walkthrough for Red Teamers
What is Cobalt Strike? Raphael Mudge is the creator of Cobalt Strike (CS), around 2010 he released a tool titled Armitage, which is described by wikipedia as a graphical cyber-attack management for the Metasploit Project, to put this more bluntly, Armitage is a gui that allows you to easily...
7.2AI Score