ATENTIONβΌ New - CVE-2016-1487
π Read
via "National Vulnerability Database".
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-4538
π Read
via "National Vulnerability Database".
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-3269
π Read
via "National Vulnerability Database".
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut.π Read
via "National Vulnerability Database".
π΄ How Microsoft Disabled Legacy Authentication Across the Company π΄
π Read
via "Dark Reading: ".
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Operations recent news | Dark Reading
Explore the latest news and expert commentary on Cybersecurity Operations, brought to you by the editors of Dark Reading
β Spear-Phishing Attack Lures Victims With βHIV Resultsβ β
π Read
via "Threatpost".
Attackers are purporting to send victims HIV test results - but in reality are convincing them to download the Koadic RAT.π Read
via "Threatpost".
Threat Post
Spear-Phishing Attack Lures Victims With βHIV Resultsβ
Attackers are purporting to send victims HIV test results - but in reality are convincing them to download the Koadic RAT.
β Phone carriers may soon be forced to adopt anti-robocall tech β
π Read
via "Naked Security".
US carriers haven't been doing enough to block robocalls voluntarily. The Federal Communications Commission's response? Fine - we'll make you.π Read
via "Naked Security".
Naked Security
Phone carriers may soon be forced to adopt anti-robocall tech
US carriers havenβt been doing enough to block robocalls voluntarily. The Federal Communications Commissionβs response? Fine β weβll make you.
π΄ Keys to Hiring Cybersecurity Pros When Certification Can't Help π΄
π Read
via "Dark Reading: ".
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.π Read
via "Dark Reading: ".
Dark Reading
Keys to Hiring Cybersecurity Pros When Certification Can't Help
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
β Ex-Inspector General indicted for stealing data on 250k govt colleagues β
π Read
via "Naked Security".
Crime doesn't pay, even if you have the audacity to try to sell your employer its own, free software and personal data on your own colleagues.π Read
via "Naked Security".
Naked Security
Ex-Inspector General indicted for stealing data on 250k govt colleagues
Crime doesnβt pay, even if you have the audacity to try to sell your employer its own, free software and personal data on your own colleagues.
β Google data puts innocent man at the scene of a crime β
π Read
via "Naked Security".
The man became a suspect because location data from his Android phone was swept up in a surveillance dragnet called a geofence warrant.π Read
via "Naked Security".
Naked Security
Google data puts innocent man at the scene of a crime
The man became a suspect because location data from his Android phone was swept up in a surveillance dragnet called a geofence warrant.
β Variant of Paradise Ransomware Targets Office IQY Files β
π Read
via "Threatpost".
Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.π Read
via "Threatpost".
Threat Post
Variant of Paradise Ransomware Targets Office IQY Files
Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.
β Watch out for Office 365 and G Suite scams, FBI warns businesses β
π Read
via "Naked Security".
The FBI has warned users of Microsoft Office 365 and Google G Suite hosted email about Business Email Compromise (BEC) scams.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Over 80% of Medical Imaging Devices Run on Outdated Operating Systems π΄
π Read
via "Dark Reading: ".
New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.π Read
via "Dark Reading: ".
Dark Reading
Over 80% of Medical Imaging Devices Run on Outdated Operating Systems
New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.
π΄ How Network Metadata Can Transform Compromise Assessment π΄
π Read
via "Dark Reading: ".
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secretπ Read
via "Dark Reading: ".
Darkreading
How Network Metadata Can Transform Compromise Assessment
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
ATENTIONβΌ New - CVE-2019-10065
π Read
via "National Vulnerability Database".
An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-18894
π Read
via "National Vulnerability Database".
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-14502
π Read
via "National Vulnerability Database".
controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.π Read
via "National Vulnerability Database".
π Intel's data center CPUs vulnerability could lead to "devastating" attacks π
π Read
via "Security on TechRepublic".
Security researchers found vulnerabilities that can affect multi-tenant environments such as public clouds or shared enterprise workloads.π Read
via "Security on TechRepublic".
TechRepublic
Intel's data center CPUs vulnerability could lead to "devastating" attacks
Security researchers found vulnerabilities that can affect multi-tenant environments such as public clouds or shared enterprise workloads.
π΄ What Should I Do About Vulnerabilities Without Fixes? π΄
π Read
via "Dark Reading: ".
With better tools that identify potential threats even before developers address them, a new problem has arisen.π Read
via "Dark Reading: ".
Dark Reading
What Should I Do About Vulnerabilities Without Fixes?
With better tools that identify potential threats even before developers address them, a new problem has arisen.
ATENTIONβΌ New - CVE-2017-10992
π Read
via "National Vulnerability Database".
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.π Read
via "National Vulnerability Database".
π HHS Finalizes New Health Data Rules To Improve Data Governance π
π Read
via "Subscriber Blog RSS Feed ".
The U.S. Department of Health and Human Services finalized two new rules designed to give patients better control over their data.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
HHS Finalizes New Health Data Rules To Improve Data Governance
The U.S. Department of Health and Human Services finalized two new rules designed to give patients better control over their data.