CVE-2020-11805 https://ift.tt/3cseX91 Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM
0 Comments
CVE-2020-12824 https://ift.tt/3cwlZcP Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2020-13387 https://ift.tt/36448Zp Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2020-23837 https://ift.tt/3kK81qD A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM CVE-2017-17477 https://ift.tt/3mOTX0Q Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. Digital Trends via National Vulnerability Database https://ift.tt/OD63ZH September 25, 2020 at 12:32AM
http://img.youtube.com/vi/QhENGl3XviM/0.jpg
8 Resources to Use to Ensure You're Using Inclusive Language https://ift.tt/3kBpSjw We've talked about it before, but diversity, inclusion, and belonging shouldn't be about filling a quota. Instead, the goal should be to foster a true sense of belonging among your team, which is likely filled with people from all backgrounds. One way to do this is by using inclusive language. Whether it's intentional or not, we all carry implicit biases in our everyday language. However, it's important to make a conscious effort to avoid this. This isn't just the right thing to do. It also makes good business sense. Additionally, creating a sense of belonging can lead to greater retention rates and even result in higher customer satisfaction. So, how can you use more inclusive language? Below, we'll review the top tools that can automate this process for you and resources that can help you use more inclusive language. 1. Better AlliesDuring an allyship meeting at HubSpot, we discussed tools that help people use more inclusive language. A colleague brought up a Slackbot, Better Allies. This Slackbot can help you shift your language to be more inclusive. The tool was inspired by the book Better Allies by Karen Catlin. This book can help you spot situations where you can create more inclusive culture. The Slackbot will automatically flag non-inclusive language and make alternate suggestions. You can even customize the tool by adding your own words to avoid and alternate suggestions. For example, I want to remove the words "guys" and "crazy" from my vocabulary. With this tool, I can put those words in the Slackbot and then include suggestions for myself to use instead. 2. Inclusive Language GuidesAn inclusive language guide is a document that will advise you on terms to avoid and alternative terms to use. The goal is to use more inclusive language that doesn't have biases, slang, or discriminatory terms. While an inclusive language guide won't help you automate this process, you can use this resource to inform your automation process. For example, you can add terms from an inclusive language guide to your Better Allies Slackbot. If your team doesn't have an inclusive language guide, we suggest you create one. Our inclusive language guides at HubSpot have sections on Gender, LGBTQIA+, Race, Ethnicity, Culture, and Accessibility. Here are some great examples to get you started:
3. Company BotsTo automate your inclusive language, you can create a bot that will alert you when you use exclusionary terms. As you saw above, Better Allies created one to help you on Slack. However, you might want a bot when you're using Google docs or other platforms. In that case, you can create your own. At HubSpot, we have a bot that HubSpotters can download on Chrome that will review content for HubSpot's style guide. 4. TextioAs a company, you produce a lot of content. Your employees have to write a lot. To automate your process, you can use Textio. Textio is an augmented writing platform that can give your team a score on the content they write. Plus, it provides suggestions on how to improve. This includes bias interruption, expanded language insights, and team analytics. The whole point is to help you write more insightful, inclusive content. You can use this for recruiting purposes or just to review your company blogs. 5. Gender DecoderA quick way to check your language for gender bias is to use this gender decoder. You can just copy and paste your content in it and get quick results. While this was created to analyze job ads to ensure you use inclusive language, you can put any content in there. I even put this blog content in to see the results. The tool told me, "This uses more words that are subtly coded as feminine than words that are subtly coded as masculine (according to the research). Fortunately, the research suggests this will have only a slight effect on how appealing this is to men, and will encourage women." 6. TEDTalk with Kimberlé CrenshawWhile using tools to help automate your inclusive language process is important, it's also necessary to focus efforts on continued learning. That's why we recommend watching this short (only 18 minutes) TEDTalk on the urgency of intersectionality. This talk discusses the reality of race and gender bias so we can understand how the two combine and create more harm. Ultimately, the goal is to broaden your understanding of intersectionality and implicit bias so you can recognize it when it occurs and speak up for victims of prejudice. 7. MTV DecodedFor an even shorter way to continue your education (5 minutes), you can watch this great video from MTV on phrases that have a racist origin. Again, this is an easy and quick way to continue learning about implicit bias so you can adjust your language to be more inclusive. You can consider sending these types of short videos to your employees to encourage them to use more inclusive language and continue learning. 8. Implicit Bias TestA great way to see if you're using inclusive language is to test yourself on implicit biases. This test will measure unconscious bias. This is an excellent step to take so you can examine, understand, and recognize your own biases and when you're using exclusionary language. We recommend sending this to people on your team as well. This will help your whole team begin to understand and use more inclusive language as a whole. Taking active steps to use inclusive language is an important part of allyship. Additionally, it's important for your employees and customers to see that you participate in and encourage others to continue learning about other people's experiences. Digital Trends via HubSpot https://ift.tt/1y9rdls September 24, 2020 at 03:36AM
https://ift.tt/3mP5xJu
Ripjar, founded by GCHQ alums, raises $36.8M for AI that detects financial crime https://ift.tt/32XytHd Financial crime as a wider category of cybercrime continues to be one of the most potent of online threats, covering nefarious actives as diverse as fraud, money laundering and funding terrorism. Today, one of the startups that has been building data intelligence solutions to help combat that is announcing a fundraise to continue fueling its growth. Ripjar, a UK company founded by five data scientists who previously worked together in British intelligence at the Government Communications Headquarters (GCHQ, the UK’s equivalent of the NSA), has raised $36.8 million (£28 million) in a Series B, money that it plans to use to continue expanding the scope of its AI platform — which it calls Labyrinth — and scaling the business. Labyrinth, as Ripjar describes it, works with both structured and unstructured data, using natural language processing and an API-based platform that lets organizations incorporate any data source they would like to analyse and monitor for activity. Sources close to the company say that the funding values the startup in the region of £100 million, or about $127 million. Ripjar is currently profitable, the company confirmed. The funding is being led by Long Ridge Equity Partners, a specialist fintech investor, with previous investors Winton Capital Ltd and Accenture plc also participating. Accenture is a strategic partner: the consultancy/systems integrator uses Ripjar’s tech to work with a number of clients in the financial services sector. Ripjar also has government clients, where its platform is used for counterterrorism work. It declines to disclose any specific names but it does note that its extensive partner list also includes the likes of PWC, BAE Systems, Dow Jones and more. “We are excited to partner with Long Ridge who bring expertise and resources in scaling fast-growing software companies,” said Jeremy Annis, the co-founder who is both the CEO and CTO of Ripjar. “This investment signals enormous confidence in our world-leading data intelligence technology and ability to protect companies and governments from criminal behaviour which threatens their assets and prosperity. With this funding, we will accelerate the expansion of Ripjar worldwide to provide our customers with the most advanced financial crime solutions, as well as creating new iterations of the Labyrinth platform.” The startup says that it’s had its biggest year yet — no surprise, given the circumstances. Not only has there been huge shift to online transactions in 2020 because of the rise of the Covid-19 global health pandemic; but a tightening of the world economy has led to more financial scrambling and new nefarious activity, as well as criminal acts to profit from the instability. That’s led to inking deals with six new enterprise customers and expanding deals with four existing major clients, and Ripjar said that it now has some 20,000 clients globally. London, as one of the world’s financial centers, has developed a strong reputation for hatching and growing interesting fintech startups, and that has also meant the UK — which also has a strong talent base in artificial intelligence — has become very fertile ground also for startups building services to help protect those fintechs. Ripjar’s raise, and rise, come within months of two other companies building AI to combat fraud and financial crime also raising money and growing. In July, ComplyAdvantage, which has also been building a database and platform to help combat financial crime, announced a $50 million raise. And a week before that, another UK company also building AI for financial and other cybercrime detection, Quantexa, raised $64.7 million. Ripjar counts both of these, as well as bigger targets like Palantir, among its competitors. As is most likely, the big institutions that are grappling with financial crime are most likely using a several companies’ technology at the same time. Indeed, with the issue of money laundering alone a $2 trillion problem (with only 1-2% of that ever identified and recovered), you can see why, at least for right now, banks, governments and others would be willing to put multiple resources on the problem to try to tackle it. “Financial institutions, corporates and government agencies face ever-increasing risks associated with financial crime and cyber threats” said Kevin Bhatt, a Managing Partner at Long Ridge, in a statement. “We believe Ripjar is well-positioned to provide artificial intelligence solutions that will allow its clients to reduce the cost of compliance, while uncovering new threats through automation. We are incredibly excited to partner with Ripjar to support their continued growth and look forward to working closely with the Ripjar team as they expand to new geographies, customers, and verticals.” Digital Trends via TechCrunch https://techcrunch.com September 24, 2020 at 03:34AM
https://ift.tt/3mRuYdw
Threat landscape for industrial automation systems. H1 2020 highlights https://ift.tt/2Eu5mlx Overall downward trend for percentages of attacked computers globallyBeginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments.
Percentage of ICS computers on which malicious objects were blocked (download) Variety of malwareThreats are becoming more targeted and more focused, and as a result, more varied and complex.
Main threat sourcesThe internet, removable media and email continue to be the main sources of threats in the ICS environment. Predictably, the percentages in the rankings for these threats have decreased.
Main sources of threats blocked on ICS computers* (download) * percentage of ICS computers on which malicious objects from different sources were blocked Regional differencesAsia and Africa were the least secure.
The situation is best in Australia, Europe, USA and Canada, which are in at the bottom in all of the rankings except by malicious email attachments.
Southern and Eastern Europe were the least secure regions in Europe.
Digital Trends via Securelist https://securelist.com September 24, 2020 at 03:06AM
https://ift.tt/2FVx7Eb
Small business challenger bank Finom raises another $12 million to expand in Europe https://ift.tt/3i3eomZ B2B financial service start-up Finom — which provides online financial services for SMEs, freelancers, and the self-employed in Europe — has raised an additional $12 million (€10.3 million) to add to its previous Seed round of €6.5 million last April. The total funding raised in 2020 is now €16.8 million, and this is before the company has done a Series A round. Investors include Target Global (Germany), Cogito Capital (Poland), Entree Capital (Israel), Avala Capital (Germany), Tal Capital (India), and Adfirst Ventures FJ Labs (USA). The additional investment round will allow Finom to extend its licensed activities, develop product and enter new European markets. Founded in 2019, Finom is based out of the Netherlands and was founded by the team previously responsible to Modulbank, a B2B online banks in Russia. So far it providing an e-invoicing service in Italy, and will launch in France this October. Similar to other online challenger banks aimed at SMEs, the company is aiming at countries where there is a relatively low penetration of online SME banking players, such as as Poland, Spain, Austria, Switzerland. Digital Trends via TechCrunch https://techcrunch.com September 24, 2020 at 02:56AM
https://ift.tt/3iZuT53
New 'Alien' malware can steal passwords from 226 Android apps https://ift.tt/3mNcHOl Security researchers have discovered and analyzed a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications. Named Alien, this new trojan has been active since the start of the year and has been offered as a Malware-as-a-Service (MaaS) offering on underground hacking forums. In a report shared this week with ZDNet, security researchers from ThreatFabric dug deep into forum posts and Alien samples to understand the malware's evolution, tricks, and features. Cerberus out, Alien inAccording to researchers, Alien is not truly a new piece of code but was actually based on the source code of a rival malware gang named Cerberus. Cerberus, while an active MaaS last year, fizzled out this year, with its owner trying to sell its codebase and customerbase, before eventually leaking it for free. ThreatFabric says Cerberus died out because Google's security team found a way to detect and clean infected devices. But even if Alien was based on an older Cerberus version, Alien doesn't seem to have this problem, and its MaaS stepped in to fill the void left by Cerberus' demise. And researchers say that Alien is even more advanced than Cerberus, a reputable and dangerous trojan in its own right. Alien can intercept some 2FA codes, phish ton of appsThreatFabric says Alien is part of a new generation of Android banking trojans that have also integrated remote-access features into their codebases. This makes Alien a dangerous concoction to get infected with. Not only can Alien show fake login screens and collect passwords for various apps and services, but it can also grant the hackers access to devices to use said credentials or even perform other actions. Currently, according to ThreatFabric, Alien boasts the following capabilities:
That's quite an impressive array of features. ThreatFabric says these are mostly used for fraud-related operations, as most Android trojans tend to be these days, with the hackers targeting online accounts, searching for money. During its analysis, researchers said they found that Alien had support for showing fake login pages for 226 other Android applications (full list in the ThreatFabric report). Most of these fake login pages were aimed at intercepting credentials for e-banking apps, clearly supporting its assessment that Alien was intended for fraud. However, Alien targeted other apps as well, such as email, social, instant messaging, and cryptocurrency apps (i.e., Gmail, Facebook, Telegram, Twitter, Snapchat, WhatsApp, etc.). Most of the banking apps targeted by Alien developers were for financial institutions based mostly in Spain, Turkey, Germany, the US, Italy, France, Poland, Australia, and the UK. ThreatFabric didn't include details about how Alien makes its way onto users' devices, primarily because this varies based on how the Alien MaaS customers (other criminal groups) chose to distribute it. Historically, however, Android malware is often disguised in apps distributed via third-party unofficial app stores, or by apps hosted on third-party sites, peddled to users via shady ads. Some malware-tainted apps make it on the Play Store, once in a while, but most of the time, they're distributed through other channels. These shady apps can be easily spotted as they often require users to grant them access to an admin user or to the Accessibility service. As self-evident of an advice "don't install apps from shady sites and grant them admin rights" might sound, not all Android users are technical enough to understand it, and many users will download and install apps from any location, and then just click through all the prompts during installations. This is how malware operates in general, targeting non-technical users, and not the "experts." And there are many of these non-technical users around, hence why Android malware is big business these days on hacking forums. So... don't install apps from shady sites and grant them admin rights. Digital Trends via ZDNet | Security https://www.zdnet.com/ September 24, 2020 at 02:12AM |
Categories
All
Archives
October 2020
|