Share

RSS

More Articles…

• Hadoop Open Data Model: “open” data collection
• Pass the Ticket: how to mitigate it with a SOCaaS
• Use cases of a SOCaaS for companies part 2
• Use cases of a SOCaaS for companies part 1
• NIST Cybersecurity Framework
• “Left of boom” and “right of boom”: having a winning strategy
• Smishing: a fraud similar to phishing
• Network Traffic Analyzer: an extra gear for the Next Gen SIEM

Categories …

• Backup as a Service (17)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (20)
• Conferenza Cloud (4)
• ICT Monitoring (4)
• Log Management (2)
• News (18)
• ownCloud (4)
• Privacy (7)
• Secure Online Desktop (14)
• Security (148)
  • Cyber Threat Intelligence (CTI) (3)
  • Ethical Phishing (8)
  • SOCaaS (42)
    • SIEM (10)
    • SOAR (2)
    • UEBA (7)
  • Vulnerabilities (84)
• Web Hosting (15)

Tags

Dark Reading

• Kovrr Translates Cyber Risk into Business Impact with its Quantum Platform January 18, 2022
  On-demand cyber risk quantification platform enables C-suite to prioritize and justify cybersecurity investments through financial quantification.
• Europol Shuts Down Popular Cybercriminal VPN Service January 18, 2022
  VPNLab was used to support criminal activity, including ransomware campaigns and other attacks, Europol officials report.
• US Search for Vulnerabilities Drives 10x Increase in Bug Reports January 18, 2022
  Cross-site scripting and broken access controls continued to be the top classes of vulnerabilities researchers discovered, according to Bugcrowd's annual vulnerability report.
• Name That Toon: Nowhere to Hide January 18, 2022
  Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
• 5 Reasons Why M&A Is the Engine Driving Cybersecurity January 18, 2022
  Consistent acquisition of key technologies and talent is a proven strategy for growth.
• Mastering the Art of Cloud Tagging Using Data Science January 17, 2022
  Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.
• Russia Takes Down REvil Ransomware Operation, Arrests Key Members January 14, 2022
  Timing of the move has evoked at least some skepticism from security experts about the country's true motives.
• The Cybersecurity Measures CTOs Are Actually Implementing January 14, 2022
  Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
• Maryland Dept. of Health Responds to Ransomware Attack January 14, 2022
  An attack discovered on Dec. 4, 2021 forced the Maryland Department of Health to take some of its systems offline.
• White House Meets With Software Firms and Open Source Orgs on Security January 14, 2022
  The Log4j vulnerability is only the latest security flaw to have global impact, prompting the Biden administration and software developers to pledge to produce more secure software.

Full Disclosure

• Win32.MarsStealer Web Panel / Unauthenticated Remote Data Deletion January 16, 2022
  Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa_C.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Data Deletion Description: The Mars-Stealer web interface has a "Grab Rules" component area that lets a user specify which type of files to collect from […]
• Win32.MarsStealer Web Panel / Unauthenticated Remote Persistent XSS January 16, 2022
  Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The Mars-Stealer web interface has a "Marker Rules" component area. Third-party attackers who can reach the Mars-Stealer server can send HTTP...
• Win32.MarsStealer Web Panel / Unauthenticated Remote Information Disclosure January 16, 2022
  Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Information Disclosure Description: The malware web interface stores screen captures named "screenshot.jpg" in the panel directory, ZIP archived. Third-party attackers who...
• Ab Stealer Web Panel / Unauthenticated Remote Persistent XSS January 16, 2022
  Posted by malvuln on Jan 16Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/9e44c10307aa8194753896ecf8102167.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Ab Stealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The "Ab Stealer" web Panel By KingDomSc for "AbBuild v.1.0.exe" is used to browse victim information "Get All Victims Passwords, With...
• SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones January 14, 2022
  Posted by SEC Consult Vulnerability Lab, Research on Jan 14SEC Consult Vulnerability Lab Security Advisory < 20220113-0 > ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 vulnerable version: Firmware
• 🐞 Call for Papers for Hardwear.io USA 2022 is OPEN! January 14, 2022
  Posted by Andrea Simonca on Jan 14Hello, We are happy to announce that the CFP for Hardwear.io USA 2022 is OPEN! If you have a groundbreaking embedded research or an awesome open-source tool you’d like to showcase before the global hardware security community, this is your chance. Send in your ideas on various hardware subjects, […]
• APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1 January 12, 2022
  Posted by Apple Product Security via Fulldisclosure on Jan 12APPLE-SA-2022-01-12-1 iOS 15.2.1 and iPadOS 15.2.1 iOS 15.2.1 and iPadOS 15.2.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213043. HomeKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, […]
• Reprise License Manager 14.2 - Reflected Cross-Site Scripting January 12, 2022
  Posted by Gionathan Reale via Fulldisclosure on Jan 12# Product:  RLM 14.2 # Vendor:   Reprise Software # CVE ID:   CVE-2021-45422 # Vulnerability Title: Reflected Cross-Site Scripting # Severity: Medium # Author(s): Giulia Melotti Garibaldi # Date:     2022-01-11 # ############################################################# Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected […]
• [RT-SA-2021-009] Credential Disclosure in Web Interface of Crestron Device January 12, 2022
  Posted by RedTeam Pentesting GmbH on Jan 12Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Details ======= Product: Crestron HD-MD4X2-4K-E Affected Versions: 1.0.0.2159 Fixed Versions: - Vulnerability Type: […]
• Backdoor.Win32.Controlit.10 / Unauthenticated Remote Command Execution January 11, 2022
  Posted by malvuln on Jan 11Discovery / credits: Malvuln - malvuln.com (c) 2022 Original source: https://malvuln.com/advisory/859aab793a42868343346163bd42f485.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Controlit.10 Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP port 3347. Third-party attackers who can reach an infected system can run any OS commands made available by the […]