Day: November 23, 2021

Microsoft silently enables ‘Super Duper Secure Mode’ for Edge

Microsoft last week secretly added a security feature in its Edge web browser that allows users to sacrifice the browser’s performance for improved security. Announced in August this year, the feature is named Super Duper Secure Mode and was in Edge v96.0.1054.29, released last Friday on November 19, according to Johnathan Norman, Microsoft Edge Vulnerability Research Lead. …

Microsoft silently enables ‘Super Duper Secure Mode’ for Edge Read More »

Baffle Data Privacy Cloud supports privacy preserving analytics on Amazon Redshift

Baffle announced its Data Privacy Cloud supports privacy preserving analytics on encrypted and tokenized data for Amazon Redshift. Baffle provides seamless integration with Amazon Redshift, AWS Glue, and Amazon Simple Storage Service (Amazon S3) without any code changes or performance impact on the user experience. The initial release of the Data Privacy Cloud includes integration …

Baffle Data Privacy Cloud supports privacy preserving analytics on Amazon Redshift Read More »

Exclusive Networks partners with Infinipoint to extend zero trust security to device identity

Exclusive Networks announced its worldwide distribution agreement with Infinipoint, a provider of a pioneering Device-Identity-as-a-Service (DIaaS) security solution that enables the critical device pillar of the zero trust cybersecurity approach. Focusing on mid-market aligned partners – initially in Europe covering France, Germany and the UK with a view to extending across global territories from early …

Exclusive Networks partners with Infinipoint to extend zero trust security to device identity Read More »

ASEC Weekly Malware Statistics (November 15th, 2021 – November 21st, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 15th, 2021 (Monday) to November 21st, 2021 (Sunday). For the main category, downloader ranked top with 31.0%, followed by infostealer with 29.1%, RAT (Remote Administration Tool) malware …

ASEC Weekly Malware Statistics (November 15th, 2021 – November 21st, 2021) Read More »

Emails Disguised as ‘Emirates Post’ Being Distributed During the Overseas Direct Purchase Season

The ASEC analysis team has introduced numerous phishing websites disguised as various companies. The team has recently discovered a malicious email disguised as Emirates Post, a transport company, during the overseas direct purchase season. As shown in the figure below, the malicious email states that there is a problem with the shipping address, requesting the …

Emails Disguised as ‘Emirates Post’ Being Distributed During the Overseas Direct Purchase Season Read More »

VMware Security Advisory

Number: AV21-597Date: 24 November 2021 On 23 November 2021 VMware published a Security Advisory to address vulnerabilities in the following products: VMware vCenter Server – versions 6.5 and 6.7 VMware Cloud Foundation – version 3.x Exploitation of these vulnerabilities could lead to information disclosure. The Cyber Centre encourages users and administrators to review the provided …

VMware Security Advisory Read More »

[webapps] CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)

# Exploit Title: CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated) # Date: 11/15/2021 # Exploit Author: S1lv3r # Vendor Homepage: https://www.cmsimple.org/en/ # Software Link: https://www.cmsimple.org/en/ # Version: CMSimple 5.4 # Tested on: CMSimple 5.4 # writeup: # https://github.com/iiSiLvEr/CMSimple5.4-Vulnerabilities #!/usr/bin/python3 import requests import threading import datetime import sys from bs4 …

[webapps] CMSimple 5.4 – Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated) Read More »

[local] HTTPDebuggerPro 9.11 – Unquoted Service Path

# Exploit Title: HTTPDebuggerPro 9.11 – Unquoted Service Path # Exploit Author: Aryan Chehreghani # Date: 23/11/2021 # Vendor Homepage: https://www.httpdebugger.com # Software Link: https://www.httpdebugger.com/download.html # Version: 9.11 # Tested on: Windows 10 x64 SERVICE_NAME: HTTPDebuggerPro TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : “C:Program Files (x86)HTTPDebuggerProHTTPDebuggerSvc.exe” LOAD_ORDER_GROUP : …

[local] HTTPDebuggerPro 9.11 – Unquoted Service Path Read More »

Cyber Defense Labs promotes Jason Lobell to CTO

Cyber Defense Labs announced that Jason Lobell, managing director of cyber managed security services and deputy chief technology officer, will be promoted to chief technology officer (CTO). “Jason Lobell has extensive global experience in building and operating enterprise grade technology and cybersecurity solutions,” says Jason Cook, president of Cyber Defense Labs. “You add to this …

Cyber Defense Labs promotes Jason Lobell to CTO Read More »

The Complete Guide of Kubernetes Role-Based Access Control (RBAC)

This blog was originally published by ARMO here. Written by Amir Kaushansky, ARMO. What Is Kubernetes RBAC?First, let’s recap quickly what RBAC is in the context of a Kubernetes cluster. RBAC determines whether a certain entity (whether a user or a pod already running inside the cluster) is allowed to perform a certain action on …

The Complete Guide of Kubernetes Role-Based Access Control (RBAC) Read More »

Baffle’s Data Privacy Cloud Protects Data for Amazon Redshift Customers

Baffle, the startup that wants tomake data breaches “irrelevant,” announced its latest data securityoffering for Amazon Redshift customers: Data Privacy Cloud. Baffle aims to prevent data breaches in public and privateclouds by encrypting data wherever it may be. Most data protection schemesencrypt data while in transit or at rest in storage, but not while it …

Baffle’s Data Privacy Cloud Protects Data for Amazon Redshift Customers Read More »

‘Tis the season for protecting your devices with Webroot antivirus

As the holiday season draws near, shoppers are eagerly searching for gifts online. Unfortunately, this time of year brings as much cybercrime as it does holiday cheer. Especially during the holidays, cybercriminals are eager to exploit and compromise your personal data. Even businesses large and small are not immune to the dark forces at work. …

‘Tis the season for protecting your devices with Webroot antivirus Read More »

The Right Way To Address Multicloud Cybersecurity

This blog was originally published by Booz Allen here. Written by Brad Beaulieu, Booz Allen. Tailoring security for multicloud’s unique challengesAs the industry’s cloud service vendors race to differentiate themselves with exclusive new features and innovations, federal agencies are riding the innovation wave. Enterprise multicloud is providing technology teams with new levels of quick, flexible …

The Right Way To Address Multicloud Cybersecurity Read More »

Apple Sues 'Abusive State-Actor' NSO Group

Apple is suing NSO Group, the company most known for its ability to hack iPhones using previously un-discovered Zero-Day vulnerabilities.  The opening lines of the lawsuit say it all: “Defendants are notorious hackers—amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.” And Apple’s head of security engineering …

Apple Sues 'Abusive State-Actor' NSO Group Read More »

Malware are already attempting to exploit new Windows Installer zero-day

Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a …

Malware are already attempting to exploit new Windows Installer zero-day Read More »

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

On November 19, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 05/2021 (the “Guidelines”) on the interplay between the application of Article 3 of the EU General Data Protection Regulation (“GDPR”), which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers. The Guidelines aim to assist organizations …

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR Read More »