This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques.

This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions by the Multi-State Information Sharing & Analysis Center (MS-ISAC).

Proof of concept about the privilege escalation flaw identified in Google's Osconfig - irsl/google-osconfig-privesc

With the launch of the new GeForce 30 series, PCI Express 4.0 performance has come up into the discussion. To find out exactly what we're talking about,...

CVE-2020-1895: A critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device

The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.

View announcements and review known issues and fixes for Windows 10 version 1607 and Windows Server 2016

RIPGREP - аналог GREP, ASK, написан на RUST, быстрый поиск содержимого в файлах с возможностью замены

В репозитории ripgrep есть готовые пакеты под Linux, macOS, Windows

- понимает .gitignore, не следует за символическими ссылками, пропускает бинарные и скрытые файлы, можно использовать регулярные выражения
- быстрый, сотни файлов, в разы быстрее чем аналоги

Быстрое введение в ripgrep, со ссылками на репу, ссылки на сравнительные тесты там же в статье (скорость действительно впечатляет)

https://sys-adm.in/systadm/905-ripgrep-bystryj-umnyj-poisk-soderzhimogo-v-fajlakh-ustanovka-v-linux-macos.html

This document describes the security content of macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave.

Get Terraform, Packer, Vault, Consul, and Nomad up and running even faster on macOS with our new official Homebrew Tap.

Western Digital provides data storage solutions, including systems, HDD, Flash SSD, memory and personal data solutions to help customers capture and preserve their most valued data.

200K Businesses are Exposed to WFH Attack Scenario
Research by Niv Hertz and Lior Tashimov / SAM’s IoT Security Lab
Identifying the Fort
Many have written, and probably more will be told about the dramatic change in the way each of us works remotely following the Covid-19 pandemic. As security

Elastic Stack 7.9.2 has been released. Read about the updates and bug fixes that have been included in Elasticsearch, Kibana, and Beats.

•
FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) - including activists, journalists, and dissidents with the use of FinSpy in many countries, including Bahrain, Ethiopia, UAE, and more. Because of this, Amnesty International’s Security Lab tracks FinSpy usage and development as part of our continuous monitoring of digital threats to Human Rights Defenders.
•
Amnesty International published a report in March 2019 describing phishing attacks targeting Egyptian human rights defenders and media and civil society organizations staff carried out by an attacker group known as “NilePhish”. While continuing research into this group’s activity, we discovered it has distributed samples of FinSpy for Microsoft Windows through a fake Adobe Flash Player download website. Amnesty International has not documented human rights violations by NilePhish directly linked to FinFisher products.…

Microsoft Open Source: get involved in open source communities, discover projects and ecosystems Microsoft is involved in, and learn about the Microsoft open source program

Cynet’s new release expands the platform’s automated response flow from initial You have likely heard of the Zerologon vulnerability that provides a path for cybercriminals to gain admin access to the Domain Controller and from there to the entire network. Cynet detects and alerts you to any Zerologon exploitation in your environment. 

As of March 24, there were over 350,000 Microsoft Exchange servers exposing a version of the software with a vulnerability.

The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.