β Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver β
π Read
via "Threatpost".
Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code execution and other malicious attacks.π Read
via "Threatpost".
Threat Post
Gamer Alert: Serious Nvidia Flaw Plagues Graphics Driver
Several flaws found in Nvidia's graphics drivers could enable denial of service, remote code execution and other malicious attacks.
β NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs β
π Read
via "Threatpost".
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.π Read
via "Threatpost".
Threat Post
NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs
The legitimate remote-access tool is being used to maliciously infect victims and allow remote code-execution.
π Phishing: Leading targets, breaking myths, and educating users π
π Read
via "Security on TechRepublic".
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.π Read
via "Security on TechRepublic".
TechRepublic
Phishing: Leading targets, breaking myths, and educating users
Vade Secure's Adrien Gendre explains why the end user is an important link in the security chain.
π΄ How Security Leads at Starbucks and Microsoft Prepare for Breaches π΄
π Read
via "Dark Reading: ".
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.π Read
via "Dark Reading: ".
Darkreading
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
π΄ Why Threat Intelligence Gathering Can Be a Legal Minefield π΄
π Read
via "Dark Reading: ".
In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.π Read
via "Dark Reading: ".
Dark Reading
Why Threat Intelligence Gathering Can Be a Legal Minefield
In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.
ATENTIONβΌ New - CVE-2018-5951
π Read
via "National Vulnerability Database".
An issue was discovered in Mikrotik RouterOS. Crafting a packet that has a size of 1 byte and sending it to an IPv6 address of a RouterOS box with IP Protocol 97 will cause RouterOS to reboot imminently. All versions of RouterOS that supports EoIPv6 are vulnerable to this attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20347
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20343
π Read
via "National Vulnerability Database".
Multiple buffer overflow vulnerabilities have been found in Ken Silverman Build Engine 1. An attacker could craft a special map file to execute arbitrary code when the map file is loaded.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19798
π Read
via "National Vulnerability Database".
Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any authenticated user can exploit this.π Read
via "National Vulnerability Database".
π CrowdStrike's 2020 Threat Report: Spammers finetune email thread hijacking π
π Read
via "Security on TechRepublic".
Existing controls are often not configured properly or deployed widely, allowing bad actors to steal data.π Read
via "Security on TechRepublic".
TechRepublic
CrowdStrike's 2020 Threat Report: Spammers fine-tune email thread hijacking
Existing controls are often not configured properly or deployed widely, allowing bad actors to steal data.
β XSS plugin vulnerabilities plague WordPress users β
π Read
via "Naked Security".
Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site.π Read
via "Naked Security".
Naked Security
XSS plugin vulnerabilities plague WordPress users
Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site.
β Nvidia patches severe flaws affecting GeForce, Quadro NVS and Tesla β
π Read
via "Naked Security".
In all, the update covers five Windows and Linux desktop CVE vulnerabilities, including one rated as critical.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla β
π Read
via "Threatpost".
Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.π Read
via "Threatpost".
Threat Post
DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla
Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.
β GoodRx stops sharing personal medical data with Google, Facebook β
π Read
via "Naked Security".
The mobile app saves people money but was letting 20 companies know who's taking antipsychotics, erectile dysfunction and HIV meds, and more.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Huge flaw found in how facial features are measured from images β
π Read
via "Naked Security".
It has to do with optics: faces appear to flatten out as we get further away. Our brains compensate, but AI-run facial recognition doesn't.π Read
via "Naked Security".
Naked Security
Huge flaw found in how facial features are measured from images
It has to do with optics: faces appear to flatten out as we get further away. Our brains compensate, but AI-run facial recognition doesnβt.
π΄ How Security Leaders at Starbucks and Microsoft Prepare for Breaches π΄
π Read
via "Dark Reading: ".
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.π Read
via "Dark Reading: ".
Darkreading
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
β Digital piggy bank sevice broken into by cybercrooks β
π Read
via "Naked Security".
A financial proivider that gives loans but locks them down to turn them into savings... didn't lock down its own network.π Read
via "Naked Security".
Naked Security
Digital piggy bank sevice broken into by cybercrooks
A financial proivider that gives loans but locks them down to turn them into savingsβ¦ didnβt lock down its own network.
π΄ The Cybercrime Pandemic Keeps Spreading π΄
π Read
via "Dark Reading: ".
The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.π Read
via "Dark Reading: ".
Darkreading
The Cybercrime Pandemic Keeps Spreading
The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.
π How to create a Linux user that cannot log in π
π Read
via "Security on TechRepublic".
For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to create a Linux user that cannot log in
For security reasons, you might need to create a Linux user without the ability to log in. Jack Wallen shows you how.
π΄ Chinese Nationals Charged with Laundering $100M in Cryptocurrency π΄
π Read
via "Dark Reading: ".
The two defendants allegedly laundered $100 million for the benefit of North Korean threat actors who stole the funds in 2018.π Read
via "Dark Reading: ".
Dark Reading
Chinese Nationals Charged with Laundering $100M in Cryptocurrency
The two defendants allegedly laundered $100 million for the benefit of North Korean threat actors who stole the funds in 2018.
π Cybercriminals and drug cartels are teaming up to spread malware and steal financial information across Latin America π
π Read
via "Security on TechRepublic".
Drug cartels are using cryptocurrency and partnering with hackers to scam banks in Latin American banks.π Read
via "Security on TechRepublic".