21.7 C
Johannesburg

Unsecured Microsoft Bing Server Leaks Search Queries, Location Data

Data exposed included search terms, location coordinates, and device information - but no personal data. Read more

DHS Issues Dire Patch Warning for ‘Zerologon’

The deadline looms for U.S. Cybersecurity and Infrastructure Security Agency’s emergency directive for federal agencies to patch against the so-called ‘Zerologon’ vulnerability. Read more

SecOps Teams Wrestle with Manual Processes, HR Gaps

Enterprise security teams are "drowning in alerts." Read more

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges. Read more

Report Looks at COVID-19’s Massive Impact on Cybersecurity

Cynet's report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack...

QR Codes Serve Up a Menu of Security Concerns

QR code usage is soaring in the pandemic -- but malicious versions aren't something that most people think about. Read more

MFA Bypass Bugs Opened Microsoft 365 to Attack

Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio. Read more

Cloud Leak Exposes 320M Dating-Site Records

A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences. Read more

Magecart Attack Impacts More Than 10K Online Shoppers

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit. Read more

AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Original release date: September 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources...

Latest article

CVE-2020-26116

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the...

CVE-2020-15213

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory...

CVE-2020-15211

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model...