π΄ NRC Health Ransomware Attack Prompts Patient Data Concerns π΄
π Read
via "Dark Reading: ".
The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed.π Read
via "Dark Reading: ".
Darkreading
NRC Health Ransomware Attack Prompts Patient Data Concerns
The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed.
ATENTIONβΌ New - CVE-2013-4088
π Read
via "National Vulnerability Database".
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-3551
π Read
via "National Vulnerability Database".
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-0063
π Read
via "National Vulnerability Database".
Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan.π Read
via "National Vulnerability Database".
β Burning Man Tickets for $225? Yep, Too Good to Be True β
π Read
via "Threatpost".
Scammers are posing as event organizers in a sophisticated fraud effort.π Read
via "Threatpost".
Threat Post
Burning Man Tickets for $225? Yep, Too Good to Be True
Scammers are posing as event organizers in a sophisticated fraud effort.
β RSAC 2020: Editorsβ Preview of Hottest Sessions, Speakers and Themes β
π Read
via "Threatpost".
From data privacy to industrial IoT cybersecurity concerns, Threatpost editors discuss the top stories they expect to see at this year's RSA Conference, which kicks off next week in San Francisco.π Read
via "Threatpost".
Threat Post
RSAC 2020: Editorsβ Preview of Hottest Sessions, Speakers and Themes
From data privacy to industrial IoT cybersecurity concerns, Threatpost editors discuss the top stories they expect to see at this year's RSA Conference, which kicks off next week in San Francisco.
β The Amazon Prime phishing attack that wasnβtβ¦ β
π Read
via "Naked Security".
When we followed the phishing trail, we found ourselves at a web page we weren't expecting...π Read
via "Naked Security".
Naked Security
The Amazon Prime phishing attack that wasnβtβ¦
When we followed the phishing trail, we found ourselves at a web page we werenβt expectingβ¦
π Friday Five: 2/21 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Chinese hackers breach online gambling sites, CISA warns of ransomware attacks across the critical infrastructure sector, and more - catch up on the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 2/21 Edition
Chinese hackers breach online gambling sites, CISA warns of ransomware attacks across the critical infrastructure sector, and more - catch up on the week's news with the Friday Five.
π΄ California Man Arrested for Politically Motivated DDoS π΄
π Read
via "Dark Reading: ".
The distributed denial-of-service attacks took a congressional candidate's website offline for a total of 21 hours during the campaign for office.π Read
via "Dark Reading: ".
Darkreading
California Man Arrested for Politically Motivated DDoS
The distributed denial-of-service attacks took a congressional candidate's website offline for a total of 21 hours during the campaign for office.
π 70% of IT leaders say security concerns restrict adoption of public cloud π
π Read
via "Security on TechRepublic".
While the concerns are legitimate, Barracuda also wants IT professionals to know that practical solutions exist.π Read
via "Security on TechRepublic".
TechRepublic
70% of IT leaders say security concerns restrict adoption of public cloud
While the concerns are legitimate, Barracuda also wants IT professionals to know that practical solutions exist.
π 92% of Americans would delete an app that sold their personal information π
π Read
via "Security on TechRepublic".
Smartphone users don't want government encryption backdoors and would rather read "terms and conditions" than watch the movie "Cats."π Read
via "Security on TechRepublic".
TechRepublic
92% of Americans would delete an app that sold their personal information
Smartphone users don't want government encryption backdoors and would rather read "terms and conditions" than watch the movie "Cats."
ATENTIONβΌ New - CVE-2013-3587
π Read
via "National Vulnerability Database".
The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-6277
π Read
via "National Vulnerability Database".
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of underlying issues" in which "some of these cases demonstrated memory corruption with attacker-controlled input and could be exploited to run arbitrary code."π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-0844
π Read
via "National Vulnerability Database".
Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2012-0828
π Read
via "National Vulnerability Database".
Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP).π Read
via "National Vulnerability Database".
π MGM Hotel breach highlights need for sophisticated cloud security π
π Read
via "Security on TechRepublic".
Cybercriminals posted the information of more than 10 million customers on a hacker forum a year after the initial attack on a cloud server.π Read
via "Security on TechRepublic".
TechRepublic
MGM Hotel breach highlights need for sophisticated cloud security
Cybercriminals posted the information of more than 10 million customers on a hacker forum a year after the initial attack on a cloud server.
β Active Attacks Target Popular Duplicator WordPress Plugin β
π Read
via "Threatpost".
When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.π Read
via "Threatpost".
Threat Post
Active Attacks Target Popular Duplicator WordPress Plugin
When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.
π 5 best practices for IIoT project success π
π Read
via "Security on TechRepublic".
Based on years of pilot projects and proofs-of-concept, the Industrial Internet Consortium has detailed the best-practices organizations can use to ensure successful deployments.π Read
via "Security on TechRepublic".
TechRepublic
5 best practices for IIoT project success
Based on years of pilot projects and proofs-of-concept, the Industrial Internet Consortium has detailed the best practices organizations can use to ensure successful deployments.
β Lawsuit Claims Google Collects Minorsβ Locations, Browsing History β
π Read
via "Threatpost".
A new lawsuit alleges that Googleβs G Suite for Education program covertly collects data from students, violating both COPPA and other data privacy regulations.π Read
via "Threatpost".
Threat Post
Lawsuit Claims Google Collects Minorsβ Locations, Browsing History
A new lawsuit alleges that Googleβs G Suite for Education program covertly collects data from students, violating both COPPA and other data privacy regulations.
ATENTIONβΌ New - CVE-2012-1093
π Read
via "National Vulnerability Database".
The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.π Read
via "National Vulnerability Database".
π΄ Emotet Malware Rears Its Ugly Head Again π΄
π Read
via "Dark Reading: ".
A resurgence in Emotet malware may make it one of the most pervasive security threats of 2020.π Read
via "Dark Reading: ".
Darkreading
Emotet Malware Rears Its Ugly Head Again
A resurgence in Emotet malware may make it one of the most pervasive security threats of 2020.