β Billions of Devices Open to Wi-Fi Eavesdropping Attacks β
π Read
via "Threatpost".
The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.π Read
via "Threatpost".
Threat Post
Billions of Devices Open to Wi-Fi Eavesdropping Attacks
The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.
π΄ 'Cloud Snooper' Attack Circumvents AWS Firewall Controls π΄
π Read
via "Dark Reading: ".
Possible nation-state supply chain attack acts like a "wolf in sheep's clothing," Sophos says.π Read
via "Dark Reading: ".
Dark Reading
'Cloud Snooper' Attack Circumvents AWS Firewall Controls
Possible nation-state supply chain attack acts like a wolf in sheep's clothing, Sophos says.
ATENTIONβΌ New - CVE-2019-12882
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19668
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17963. Reason: This candidate is a reservation duplicate of CVE-2018-17963. Notes: All CVE users should reference CVE-2018-17963 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6371
π Read
via "National Vulnerability Database".
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-6363
π Read
via "National Vulnerability Database".
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for development and testing purposes.'"π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-5861
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000020. Reason: This candidate is a reservation duplicate of CVE-2017-1000020. Notes: All CVE users should reference CVE-2017-1000020 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-5686
π Read
via "National Vulnerability Database".
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.π Read
via "National Vulnerability Database".
β Facebook bans coronavirus βmiracle cureβ ads β
π Read
via "Naked Security".
Facebook, like other platforms, has seen fake news, mass-buying of face masks, and misinformation about bleach being a cure for COVID-19.π Read
via "Naked Security".
Naked Security
Facebook bans coronavirus βmiracle cureβ ads
Facebook, like other platforms, has seen fake news, mass-buying of face masks, and misinformation about bleach being a cure for COVID-19.
π Why city and state governments may be unprepared for ransomware attacks π
π Read
via "Security on TechRepublic".
Despite the rise in ransomware, a lack of prevention training and stagnant security budgets are putting local governments at risk, according to IBM Security.π Read
via "Security on TechRepublic".
TechRepublic
Why city and state governments may be unprepared for ransomware attacks
Despite the rise in ransomware, a lack of prevention training and stagnant security budgets are putting local governments at risk, according to IBM Security.
β Chrome 80 encryption change blocks AZORult password stealer β
π Read
via "Naked Security".
Evidence is emerging that a change made to Chrome 80 might have disrupted the popular data and user profile stealing malware AZORult.π Read
via "Naked Security".
Naked Security
Chrome 80 encryption change blocks AZORult password stealer
Evidence is emerging that a change made to Chrome 80 might have disrupted the popular data and user profile stealing malware AZORult.
β Brave beats other browsers in privacy study β
π Read
via "Naked Security".
Users looking for a privacy-focused browser might want to consider Brave first, according to a study published this week.π Read
via "Naked Security".
Naked Security
Brave beats other browsers in privacy study
Users looking for a privacy-focused browser might want to consider Brave first, according to a study published this week.
β S2 Ep28: Stalkerware, when cybercrooks return, and phishing gone wild β Naked Security Podcast β
π Read
via "Naked Security".
Listen to the latest episode now!π Read
via "Naked Security".
Naked Security
S2 Ep28: Stalkerware, when cybercrooks return, and phishing gone wild β Naked Security Podcast
Listen to the latest episode now!
β IoT Insecurity: When Your Vacuum Turns on You β
π Read
via "Threatpost".
From vacuum cleaners to baby monitors, the IoT landscape continues to be plagued by concerning security issues that lead to privacy threats.π Read
via "Threatpost".
Threat Post
IoT Insecurity: When Your Vacuum Turns on You
From vacuum cleaners to baby monitors, the IoT landscape continues to be plagued by concerning security issues that lead to privacy threats.
β Slickwraps data breach earns scorn for all β
π Read
via "Naked Security".
The breach earned derision from both the hacker and observers after another hacker exploited the company's vulnerable setup.π Read
via "Naked Security".
Naked Security
Slickwraps data breach earns scorn for all
The breach earned derision from both the hacker and observers after another hacker exploited the companyβs vulnerable setup.
π΄ What Your Company Needs to Know About Hardware Supply Chain Security π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
What Your Company Needs to Know About Hardware Supply Chain Security
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
π How cybercriminals target organizations with new and old security threats π
π Read
via "Security on TechRepublic".
Spam, ransomware, and malware continue to haunt organizations, but bad actors are also cooking up new spins on these tried-and-true methods, according to security company Fortinet.π Read
via "Security on TechRepublic".
TechRepublic
How cybercriminals target organizations with new and old security threats
Spam, ransomware, and malware continue to haunt organizations, but bad actors are also cooking up new spins on these tried-and-true methods, according to security company Fortinet.
π UK company takes retro approach to security π
π Read
via "Security on TechRepublic".
Garrison wants to move security away from software and into hardwareπ Read
via "Security on TechRepublic".
TechRepublic
UK company takes retro approach to security
Garrison wants to move security away from software and into hardware
β How one man could have flooded your phone with Microsoft spam β
π Read
via "Naked Security".
What a difference one tiny little character can make to a phone number.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Cloud misconfigurations are a new risk for the enterprise π
π Read
via "Security on TechRepublic".
Cybersecurity is an imperfect science, similar to infectious disease control, according to McAfee CTO.π Read
via "Security on TechRepublic".
TechRepublic
Small cloud configuration mistakes can open up big security risks
Cybersecurity is an imperfect science, similar to infectious disease control, according to McAfee CTO.
π΄ Intel Analyzes Vulns Reported in its Products Last Year π΄
π Read
via "Dark Reading: ".
A new Intel report looks at the more than 250 CVEs affecting Intel products in 2019.π Read
via "Dark Reading: ".
Dark Reading
Intel Analyzes Vulns Reported in its Products Last Year
A new Intel report looks at the more than 250 CVEs affecting Intel products in 2019.