Ransomware’s continued success speaks volumes about what’s at stake for businesses and people, and, perhaps, the cybersecurity industry’s inability to adapt quickly enough to protect everyone.
A reader submitted a file, that turned out to be a mass mailer project file used by malicious actors.
Presently sponsored by: Make pwned passwords a thing of the past with safepass.me and pwncheck It was a bit of a slow start this week. “Plan A” was to use the new GoPro with the Media Mod (including light and lapel mic) and do an outdoor session. This should really be much easier than it was with multiple issues ranging…
Original release date: October 30, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA and…
Wireshark is a GTK -based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.
The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).
Simple College Website version 1.0 suffers from code execution and remote SQL injection vulnerabilities.
Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability.
Citadel WebCit versions prior to 926 suffer from a session hijacking vulnerability.
Agent Tesla Botnet suffers from a cross site scripting vulnerability.