‘BootHole’ attack impacts Windows and Linux systems using GRUB2 and Secure Boot
www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot The vulnerability, codenamed BootHole, allows attackers to tamper with the boot-loading process that precedes starting up the actual operating system (OS). Lisäksi: kb.cert.org/vuls/id/174059 ja
APT reports – APT trends report Q2 2020
securelist.com/apt-trends-report-q2-2020/97937/ For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
Cisco fixes severe flaws in data center management solution
www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-data-center-management-solution/ Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products.
Critical Security Flaw in WordPress Plugin Allows RCE
threatpost.com/critical-rce-flaw-wordpress-plugin-on-70k-sites/157824/ Researchers are warning of a critical vulnerability in a WordPress plugin called Comments wpDiscuz, which is installed on more than 70, 000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files (including PHP files) and ultimately execute remote code on vulnerable website servers. Lisäksi
Klassinen sähköpostimoka paljasti ison läjän tunnettujen teknologiavaikuttajien sähköposteja mukana myös Jeff Bezos
www.tivi.fi/uutiset/tv/d30ee2bf-2130-4801-89a4-27637e78e57e Uutiskirjepalvelu Substackilla kävi klassinen moka, kun yli 500 palvelun käyttäjän sähköpostiosoitteet paljastuivat, kirjoittaa Gizmodo. Mukana oli monia teknologiamaailmassa tunnettuja henkilöitä. Lisäksi
Microsoft to remove all SHA-1 Windows downloads next week
www.zdnet.com/article/microsoft-to-remove-all-sha-1-windows-downloads-next-week Microsoft announced this week plans to remove all Windows-related file downloads from the Microsoft Download Center that are cryptographically signed with the Secure Hash Algorithm 1 (SHA-1). The files will be removed next Monday, on August 3, the company said on Tuesday. Lisäksi
Today’s mega’ data breaches now cost companies $392 million to recover from
www.zdnet.com/article/todays-mega-data-breaches-now-cost-companies-392-million-in-damages-lawsuits The average cost of a “mega” data breach has risen astronomically over the past year and enterprise players impacted by such a security incident can expect to pay up to $392 million.