Day: November 4, 2021

US Gov offers a reward of up to $10M for info on DarkSide leading members

The US government offers up to a $10,000,000 reward for information leading to the identification or arrest of DarkSide gang members. The US government wants to dismantle the DarkSide ransomware operation and its rebrands and it is offering up to a $10,000,000 reward for information leading to the identification or arrest of members of the gang …

US Gov offers a reward of up to $10M for info on DarkSide leading members Read More »

Ardoq joins Cloud Security Alliance to help improve cloud security

Ardoq announced that it has joined the Cloud Security Alliance (CSA), an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Ardoq joins CSA as a member of the Security, Trust, Assurance, and Risk (STAR) Registry, a publicly accessible registry that documents the security and privacy …

Ardoq joins Cloud Security Alliance to help improve cloud security Read More »

Topic-specific policies 12/11: concluding the series

Congratulations on completing this cook’s tour of the topic-specific information security policies in ISO/IEC 27002:2022 (forthcoming). Today we reach the end of the track, reflecting back on our journey and gazing forward to the next objective. Through the blog, we have stepped through the eleven topic-specific policy examples called out in clause 5.1, discussing various …

Topic-specific policies 12/11: concluding the series Read More »

Cyber security for connected medical devices (ITSAP.00.132)

What are the impacts? Cyber attacks on medical devices can have devastating consequences, including risks to patient life. Manufacturers, health care organizations, cloud service providers (CSPs) and patients should understand the risks associated with these devices and the measures required to keep them safe and secure.   Device manufacturers Manufacturers should conduct pre-market risk assessments …

Cyber security for connected medical devices (ITSAP.00.132) Read More »

Top 5 WhatsApp Alternatives for Privacy

WhatsApp is the top dog among all chat apps, but its reputation is declining rapidly, not least because of privacy concerns. But what messaging apps are better suited as privacy-friendly alternatives? We've looked at five popular chat apps that focus on privacy and security.Read more

[webapps] ImportExportTools NG 10.0.4 – HTML Injection

# Exploit Title: ImportExportTools NG 10.0.4 – HTML Injection # Date: 2021-11-05 # Exploit Author: Vulnerability Lab # Vendor Homepage: https://github.com/thundernest/import-export-tools-ng # Software Link: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/ # Version: 10.0.4 # Tested on: Windows Document Title: =============== ImportExportTools NG 10.0.4 – HTML Injection Vulnerability References (Source): ==================== https://www.vulnerability-lab.com/get_content.php?id=2308 Release Date: ============= 2021-11-05 Vulnerability Laboratory ID (VL-ID): ==================================== …

[webapps] ImportExportTools NG 10.0.4 – HTML Injection Read More »

[webapps] Payment Terminal 3.1 – 'Multiple' Cross-Site Scripting (XSS)

# Exploit Title: Payment Terminal 3.1 – ‘Multiple’ Cross-Site Scripting (XSS) # Date: 2021-11-05 # Exploit Author: Vulnerability Lab # Vendor Homepage: https://www.criticalgears.com/ # Software Link: https://www.criticalgears.com/product/authorize-net-payment-terminal/ ) https://www.criticalgears.com/product/paypal-pro-payment-terminal/ ) https://www.criticalgears.com/product/stripe-payment-terminal/ ) # Version: 2.4.1, 2.2.1 & 3.1 # Tested on: Linux (Apache) Document Title: =============== Payment Terminal 2.x & v3.x – Multiple XSS Web …

[webapps] Payment Terminal 3.1 – 'Multiple' Cross-Site Scripting (XSS) Read More »

[local] 10-Strike Network Inventory Explorer Pro 9.31 – 'srvInventoryWebServer' Unquoted Service Path

# Exploit Title: 10-Strike Network Inventory Explorer Pro 9.31 – ‘srvInventoryWebServer’ Unquoted Service Path # Discovery by: Brian Rodriguez # Date: 04-11-2021 # Vendor Homepage: https://www.10-strike.com/ # Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe # Tested Version: 9.31 # Vulnerability Type: Unquoted Service Path # Tested on: Windows 10 Enterprise 64 bits # Step to discover Unquoted Service Path: …

[local] 10-Strike Network Inventory Explorer Pro 9.31 – 'srvInventoryWebServer' Unquoted Service Path Read More »

SANS National Capture-the-Flag Tournament’s for the Beneswiss Region

The Beneswiss national BootUp CTF tournaments have now come to a close, concluding the second annual national CTF tournaments for Switzerland, Belgium and the Netherlands. Taking place across two days on 28-29 October, the CTF’s had more than 500 participants overall and really demonstrated the strength of the cybersecurity community across all three countries. The …

SANS National Capture-the-Flag Tournament’s for the Beneswiss Region Read More »

Why Your Organization Needs Cyber Insurance

This blog was originally published by SafeBase here. Written by Kevin Qiu, Director of Information Security at SafeBase. Security Incidents Are Becoming Increasingly Expensive Cyber security products and defensive techniques have come a long way over the past few years as cloud computing has taken center stage in the technology world. Organizations are now investing …

Why Your Organization Needs Cyber Insurance Read More »

US offers $10m reward for decisive info on DarkSide ransomware gang

The U.S. Department of State is paying an additional $5 million to anyone who can provide information leading to the arrest or conviction of any individual in any country “conspiring to participate in or attempting to participate in a DarkSide variant ransomware incident.” The U.S. Department of State is offering a whopping $10 million reward …

US offers $10m reward for decisive info on DarkSide ransomware gang Read More »

US offers $10 million reward for info on Darkside ransomware group

The US government has offered today a $10 million reward for any information that may lead to the identification and/or arrest of members part of the Darkside ransomware group. The State Department said the reward is eligible for any information on Darkside members with a key leadership position inside the group’s operations. Tips that lead …

US offers $10 million reward for info on Darkside ransomware group Read More »

Brenda Bjerke, Jane Harper, and Diana Kelley join EWF Board of Advisors

The Executive Women’s Forum on Information Security, Risk Management, and Privacy (EWF) announced that Brenda Bjerke, Sr Directory, Cybersecurity, Target, Jane Harper, Sr. Director Information Security Risk, Eli Lilly and Company, and Diana Kelley, CTO and Founding Partner, Security Curve have been selected to join the EWF Board of Advisors. “The EWF is honored to …

Brenda Bjerke, Jane Harper, and Diana Kelley join EWF Board of Advisors Read More »

Reward Offers for Information to Bring DarkSide Ransomware Variant Co-Conspirators to Justice

PRESS STATEMENT NED PRICE, DEPARTMENT SPOKESPERSON NOVEMBER 4, 2021 The U.S. Department of State announces a reward offer of up to $10,000,000 for information leading to the identification or location of any individual(s) who hold(s) a key leadership position in the DarkSide ransomware variant transnational organized crime group. In addition, the Department is also offering …

Reward Offers for Information to Bring DarkSide Ransomware Variant Co-Conspirators to Justice Read More »

Better Targeting with Facebook Conversion API and Server-Side Tagging

For years, Facebook Custom Audiences has been a critical tool for retargeting Facebook users who interacted with your brand or website. But as the business world–and regulators– shift focus towards data privacy, the landscape for Facebook Custom Audiences has changed dramatically and lost much of its effectiveness. Not least of Facebook Custom Audiences’ troubles are …

Better Targeting with Facebook Conversion API and Server-Side Tagging Read More »

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool

CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. “On November …

CISA recommends vendors to fix BrakTooth issues after the release of PoC tool Read More »

Ga. Biz Court Denies Review Of Transfer Ruling In $6M Row

By Rosie Manins (November 4, 2021, 10:06 PM EDT) — Georgia’s new business court has declined to certify for immediate review a first-of-its-kind ruling it made to let defendants in a dispute over a $6 million deal transfer the case from another state court, despite the plaintiff’s objections. Georgia State-wide Business Court Judge Walter W. Davis …

Ga. Biz Court Denies Review Of Transfer Ruling In $6M Row Read More »

Booming business in India: Fake death and birth certificates. Hackers get into government websites to generate 800 fake birth and death certificates

Authorities in the Indian state of Haryana have announced the arrest of two individuals accused of falsifying hundreds of birth and death certificates by hacking into various government websites. The local police’s Cybercrime Unit managed to identify the defendants, leading to their arrest. At the time of their arrest, the defendants were seized two laptops, …

Booming business in India: Fake death and birth certificates. Hackers get into government websites to generate 800 fake birth and death certificates Read More »

Staff Shortages Impact Cyber Risk Management, Says (ISC)² Survey

We’ve all heard about the workforce gap in cybersecurity but for the first time the (ISC)² Cybersecurity Workforce Study, 2021 asked 4,700 security professionals about the damage that staff shortages inflict on their capabilities. Thirty percent of those surveyed answered “not enough time for proper risk assessment and management,” running close behind the number one …

Staff Shortages Impact Cyber Risk Management, Says (ISC)² Survey Read More »