Share

RSS

More Articles…

• Event Overload? Our SOCaaS can help!
• Business email compromise (BEC) schemes
• XDR as an approach to security
• What is threat intelligence?
• Data Loss Prevention: definition and uses
• Prevent shoulder surfing and theft of corporate credentials
• HTTP / 3, everything you need to know about the latest version protocol
• Machine learning and cybersecurity: UEBA applications and security

Categories …

• Backup as a Service (2)
  • Acronis Cloud Backup (11)
  • Veeam Cloud Connect (4)
• Cloud Conference (3)
• Cloud CRM (1)
• Cloud Server/VPS (20)
• Conferenza Cloud (4)
• ICT Monitoring (4)
• Log Management (2)
• News (17)
• ownCloud (4)
• Privacy (6)
• Secure Online Desktop (14)
• Security (9)
  • Ethical Phishing (5)
  • SOCaaS (17)
    • SIEM (8)
    • SOAR (2)
    • UEBA (5)
  • Vulnerabilities (83)
• Web Hosting (15)

Tags

Dark Reading:

• Troy Hunt: Organizations Make Security Choices Tough for Users May 6, 2021
  The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
• New Techniques Emerge for Abusing Windows Services to Gain System Control May 6, 2021
  Organizations should apply principles of least privilege to mitigate threats, security researcher says.
• Google Plans to Automatically Enable Two-Factor Authentication May 6, 2021
  The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
• CISA Publishes Analysis on New 'FiveHands' Ransomware May 6, 2021
  Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
• Securing the Internet of Things in the Age of Quantum Computing May 6, 2021
  Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
• Cloud-Native Businesses Struggle With Security May 6, 2021
  More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
• Biden's Supply Chain Initiative Depends on Cybersecurity Insights May 6, 2021
  Those helming the US supply chain executive order need to leverage standards, measurement, and the lessons cybersecurity leaders have learned.
• How to Move Beyond Passwords and Basic MFA May 6, 2021
  It's not a question of whether passwordless is coming -- it's simply a question of when. How should your organization prepare? (Part two of a two-part series.)
• Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security May 6, 2021
  Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
• Attackers Seek New Strategies to Improve Macros' Effectiveness May 5, 2021
  The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.

Full Disclosure

• APPLE-SA-2021-05-03-3 watchOS 7.4.1 May 4, 2021
  Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-3 watchOS 7.4.1 watchOS 7.4.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212339. WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report […]
• APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 May 4, 2021
  Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1 macOS Big Sur 11.3.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212335. WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a […]
• APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 May 4, 2021
  Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1 iOS 14.5.1 and iPadOS 14.5.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212336. WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, […]
• APPLE-SA-2021-05-03-2 iOS 12.5.3 May 4, 2021
  Posted by Apple Product Security via Fulldisclosure on May 04APPLE-SA-2021-05-03-2 iOS 12.5.3 iOS 12.5.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212341. WebKit Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing maliciously crafted […]
• KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender May 4, 2021
  Posted by Kaustubh Padwad via Fulldisclosure on May 04Overview ======== Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh Extender. CVE-ID :- CVE-2021-25326 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products:      1. RN510 with firmware V.3.1.0.4 (Tested and verified) Potential     2.RN620 with respective firmware or below     3.RN410 With Respective […]
• KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender May 4, 2021
  Posted by Kaustubh Padwad via Fulldisclosure on May 04Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products:      1. RN510 with firmware V.3.1.0.4 (Tested and verified) Potential     2.RN620 with respective firmware or below     3.RN410 With Respective firmwware or […]
• KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device May 4, 2021
  Posted by Kaustubh Padwad via Fulldisclosure on May 04itle :- Authenticated  Stack Overflow in RN510 mesh Device CVE-ID:- CVE-2021-25328 Author:  Kaustubh G. Padwad Vendor:  Shenzhen Skyworth Digital Technology Company Ltd.(http://www.skyworthdigital.com/products) Products:      1. RN510 with firmware V.3.1.0.4 (Tested and verified) Potential     2.RN620 with respective firmware or below     3.RN410 With Respective firmwware or below. […]
• Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021
  Posted by Q C on May 04[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities. CVE-2020-20219: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). CVE-2020-20262: Mikrotik RouterOs before 6.47 (stable tree) suffers from an […]
• Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021
  Posted by Q C on May 04[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities. CVE-2020-20221: Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. CVE-2020-20218: Mikrotik RouterOs 6.44.6 (long-term […]
• Re: Two vulnerabilities found in MikroTik's RouterOS May 4, 2021
  Posted by Q C on May 04[Update 2021/05/04] CVE-2020-20212 and CVE-2020-20211 have been assigned to these two vulnerabilities. CVE-2020-20212: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference) CVE-2020-20211: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from […]