CVE-2019-11510: Proof of Concept Available for Arbitrary File Disclosure in Pulse Connect Secure

A proof of concept has been made public for CVE-2019-11510, an arbitrary file disclosure vulnerability found in popular virtual private network software, Pulse Connect Secure. Background On April 24, Pulse Secure released a security advisory (later amended to include CVEs on the 25th) and patch for multiple critical and high severity vulnerabilities. The issues were identified in Pulse Connect … [Read more...]

How Emerson Uses Tenable.io to Find and Fix Vulnerabilities

Emerson’s solutions are used in manufacturing, industrial, commercial and residential environments. Learn how Tenable.io became a staple for the application and product security testing team. The technologies and services provided by Emerson improve human comfort, safeguard food, protect the environment, enable sustainable food waste disposal and support efficient construction and maintenance of … [Read more...]

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

Those who are familiar with Bluetooth BR/EDR technology (aka Bluetooth Classic, from 1.0 to 5.1) can attest that it is not perfect. Like any other piece of hardware or software technology already on market, its usefulness comes with flaws. Early last week, academics at Singapore University of Technology, the CISPA Helmholtz Center for Information Security, and University of Oxford released … [Read more...]

Latest phishing attack targets Amazon Seller accounts

Criminal hackers are pushing boat out with the latest phishing scam targeting unsuspecting German victims.  The email scam sends recipients what appears to be a tax invoice from Amazon, instructing the recipient to enter their Amazon Seller account login details to access it.    Image of translated phishing email via Bleeping computer   However, the login … [Read more...]

OneDrive for Business Security Tips and Tricks

The rate of cloud technology adoption has increased dramatically over the last few years, with file storage generally being the go-to cloud service. That’s because cloud storage enables organizations to keep costs down and made data more accessible, helping to drive collaborations. Microsoft are responsible for very popular cloud file storage services. Microsoft OneDrive is a non-business product … [Read more...]

Tenable Appoints Matthew Olton as Senior Vice President of Corporate Development and Strategy

Tenable®, Inc., the Cyber Exposure company, today announced the appointment of Matthew Olton as Senior Vice President of Corporate Development and Strategy.  “Matt’s deep experience and expertise in high-performance technology enterprises will be invaluable in driving our next phase of global growth,” said Amit Yoran, chairman and CEO, Tenable. “We look forward to working with Matt as we extend … [Read more...]

Physical Server vs. Virtual Server

<p>As a managed services provider (MSP), you’ll need to help your customers navigate profound technological change. Businesses are investing more than ever in the digital infrastructure necessary to stay competitive in an increasingly dynamic, fast-paced economic landscape. Read More … [Read more...]

Apple iPhone and iPad Devices Vulnerable After Reintroduction of SockPuppet Flaw in iOS 12.4 (CVE-2019-8605)

Previously disclosed and patched flaw was reintroduced in iOS 12.4, which could be used in combination with a separate vulnerability to hack into Apple mobile devices Background On August 18, unc0ver, a popular jailbreaking software, was updated to version 3.5.0 which includes a public jailbreak on a signed version of Apple’s firmware for the first time in years due to the reintroduction of a … [Read more...]

DEF CON 27 retrospective: badge life redux

Kickstarter or DEF CON attendee? Be forewarned, this light overview contains some mild spoilers. If you want the purest “Da Bomb” experience with no web-based OSINT hints, read no further. I’m not revealing any earth-shattering secrets here, but figured it was worth mentioning. Also DEF CON is over so… Defcon is what you make it Two years ago at DEF CON 25, I acquired the Ides of DEF CON … [Read more...]

Magecart criminals caught stealing with their poker face on

Earlier in June, we documented how Magecart credit card skimmers were found on Amazon S3. This was an interesting development, since threat actors weren’t actively targeting specific e-commerce shops, but rather were indiscriminately injecting any exposed S3 bucket. Ever since then, we’ve monitored other places where we believe a skimmer might be found next. However, we were … [Read more...]