InfoSec News 20190814
Top News
-
High-severity Windows security flaw enables attackers to hijack any application
"Bug affects all versions of Microsoft Windows, back from Windows XP to Windows 10"
TLP1 : Green
-
Talos (Cisco) - Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
"Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate.""
TLP1 : Green
-
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
"A total of eight high-severity HTTP/2 vulnerabilities, seven discovered by Jonathan Looney of Netflix and one by Piotr Sikora of Google, exist due to resource exhaustion when handling malicious input, allowing a client to overload server's queue management code."
TLP1 : Green
-
NGINX -- Multiple vulnerabilities
"Several security issues were identified in nginx HTTP/2 implementation which might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516)."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Link between personality type and vulnerabilities to cybercrime
"New kernel packages are available for Slackware 14.2 to fix security issues."
TLP1 : Green
-
Loss of business: the largest cost of a data breach
"This year, the cost for a company that suffers a data breach has gone up once again. It now costs an average of $3.92 million (€3.52 million). The average size of a data breach is 25,575 records, and the average cost per record is $150."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
This security flaw allows hackers to steal your photos
"Canon DSLR cameras at risk of Wi-Fi exploit"
TLP1 : Green
-
Canada’s Desjardins Reports Costs of $53M Related to Data Breach
"Canadian lender Desjardins Group said on Monday it spent C$70 million ($53 million) in the second quarter related to a data privacy breach earlier this year that exposed personal information of 2.9 million members."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Beware: This fake iPhone charging cable can hijack your computer
"A new fake iPhone charging cable has been developed that allows attackers to take over Mac and Windows computers as soon as they are plugged in. The malicious cable resembles the original lightning cable that is used to charge iPhones and iPads."
TLP1 : Green
-
Popular building management system vulnerable to takeover
"Remotely exploitable vulnerability in internet-connected devices gives attackers a means to cause disruption and damage in a wide range of industries"
TLP1 : Green
-
User Agent String Switcher Service - XSS Vulnerabilities
"Multiple client-side cross site vulnerabilities has been discovered in the User Agent String Switcher online web service.
The vulnerability allows to inject own malicious script code to client-side browser requests."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Security warning for software developers: You are now prime targets for phishing attacks
"Software developers are the people most targeted by hackers conducting cyberattacks against the technology industry, with the hackers taking advantage of the public profiles of individuals working in the high-turnover industry to help conduct their phishing campaigns."
TLP1 : Green
-
Findomain v0.2.1 - The Fastest And Cross-Platform Subdomain Enumerator
"It tool doesn't use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool the most faster and reliable. The tool make use of multiple public available APIs to perform the search."
TLP1 : Green
-
Goop - Google Search Scraper (Bypass CAPTCHA)
"Goop can perform google searches without being blocked by the CAPTCHA or hitting any rate limits."
TLP1 : Green
-
Microsoft patches two new BlueKeep-like bugs
"Microsoft has issued a set of fixes for two critical remote code execution vulnerabilities with characteristics similar to the high-profile BlueKeep vulnerability."
TLP1 : Green
-
Slackware: 2019-226-01: Slackware 14.2 kernel Security Update
"Only four in 10 (42%) businesses focus on compliance training as part of their cybersecurity protocol to ensure sensitive data is kept secure, reports ESET."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.