β Trial for accused CIA leaker ends in hung jury β
π Read
via "Naked Security".
The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIA's cyber arsenal.π Read
via "Naked Security".
Naked Security
Trial for accused CIA leaker ends in hung jury
The US is expected to press for a retrial in the high-stakes trial of Joshua Schulte, suspected of raiding the CIAβs cyber arsenal.
β FBI arrests alleged owner of Deer.io, top market for stolen accounts β
π Read
via "Naked Security".
Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.π Read
via "Naked Security".
Naked Security
FBI arrests alleged owner of Deer.io, top market for stolen accounts
Started around 2013, the site claims to host over 24,000 active shops doing brisk business in stolen PII and hacking services.
β Necurs Botnet in Crosshairs of Global Takedown Offensive β
π Read
via "Threatpost".
The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the worldβs most prolific botnet used to distribute malware and infect victim computers.π Read
via "Threatpost".
Threat Post
Necurs Botnet in Crosshairs of Global Takedown Offensive
The tech giant will take control of the U.S.-based infrastructure used by the criminals behind the worldβs most prolific botnet used to distribute malware and infect victim computers.
π Local governments: Don't pay ransoms to hackers π
π Read
via "Security on TechRepublic".
A Deloitte survey about ransomware also recommends that local governments use air-gapped system backups.π Read
via "Security on TechRepublic".
TechRepublic
Local governments: Don't pay ransoms to hackers
A Deloitte survey about ransomware also recommends that local governments use air-gapped system backups.
β The Ultimate Security Budget Excel Template β The Easiest Way to Plan and Monitor Your Security Spending β
π Read
via "Threatpost".
The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend, ensuring that security needs are addressed while maintaining the budgetary frame.π Read
via "Threatpost".
Threat Post
The Ultimate Security Budget Excel Template β The Easiest Way to Plan and Monitor Your Security Spending
The Ultimate Security Budget Plan & Track Excel template provides security executives with a clear and intuitive tool to keep track of planned vs. actual spend.
π΄ Why CSP Isn't Enough to Stop Magecart-Like Attacks π΄
π Read
via "Dark Reading: ".
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.π Read
via "Dark Reading: ".
Darkreading
Why CSP Isn't Enough to Stop Magecart-Like Attacks
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.
β More Than Half of IoT Devices Vulnerable to Severe Attacks β
π Read
via "Threatpost".
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.π Read
via "Threatpost".
Threat Post
More Than Half of IoT Devices Vulnerable to Severe Attacks
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
π Media and e-commerce brands are top targets for phishing attacks π
π Read
via "Security on TechRepublic".
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.π Read
via "Security on TechRepublic".
TechRepublic
Media and e-commerce brands are top targets for phishing attacks
Some 84% of phishing URLs seen by content delivery network Akamai were abusing media and e-commerce companies.
π Trend Micro VP talks cloud security, IoT risks, and ransomware π
π Read
via "Security on TechRepublic".
In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.π Read
via "Security on TechRepublic".
TechRepublic
Trend Micro VP talks cloud security, IoT risks, and ransomware
In an interview at RSA 2020, Greg Young, the vice present of cybersecurity at Trend Micro, said that companies need to focus on cloud security posture management to make sure all cloud instances are configured correctly and securely.
π Hackers are working harder to make phishing and malware look legitimate π
π Read
via "Security on TechRepublic".
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.π Read
via "Security on TechRepublic".
TechRepublic
Hackers are working harder to make phishing and malware look legitimate
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.
β New TrickBot Variant Updates Anti-Analysis Tricks β
π Read
via "Threatpost".
A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.π Read
via "Threatpost".
Threat Post
New TrickBot Variant Updates Anti-Analysis Tricks
A new TrickBot variant shows that the malware is continuing to swap out new anti-analysis and persistence tactics.
ATENTIONβΌ New - CVE-2012-1101
π Read
via "National Vulnerability Database".
systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).π Read
via "National Vulnerability Database".
β S2 Ep30: Letβs Encrypt, ULTRASOUND attacks, backups for ransom β Naked Security Podcast β
π Read
via "Naked Security".
Listen to the latest episode now!π Read
via "Naked Security".
Naked Security
S2 Ep30: Letβs Encrypt, ULTRASOUND attacks, backups for ransom β Naked Security Podcast
Listen to the latest episode now!
π΄ Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals π΄
π Read
via "Dark Reading: ".
Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.π Read
via "Dark Reading: ".
Darkreading
Blacklists Miss 21% of Phishing Attacks, Internet Traffic Reveals
Visibility into phishing attacks by content delivery networks and security firms shows many domains fail to be classified as malicious.
β Wormable, Unpatched Microsoft Bug Threatens Corporate LANs β
π Read
via "Threatpost".
CVE-2020-0796 affects version 3.1.1 of Microsoftβs SMB file-sharing system and was not included in Patch Tuesday.π Read
via "Threatpost".
Threat Post
Microsoft Releases Patch for Wormable Bug That Threatens Corporate LANs
CVE-2020-0796 affects version 3.1.1 of Microsoftβs SMB file-sharing system and was not included in Patch Tuesday, but patched the following day.
β Microsoft leaves critical bug unpatched on Patch Tuesday β
π Read
via "Naked Security".
Microsoft fixed bugs across a range of products on patch Tuesday, issuing patches for 115 distinct CVEs, with 26 rated critical.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Gender Equality in Cybersecurity Could Drive Economic Boost π΄
π Read
via "Dark Reading: ".
If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.π Read
via "Dark Reading: ".
Dark Reading
Gender Equality in Cybersecurity Could Drive Economic Boost
If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.
β TRRespass research reveals rowhammering is alive and well β
π Read
via "Naked Security".
"TRRespass" is a new trick for rowhammering - an attack where you write to a memory chip by reading it over and over (and over) again.π Read
via "Naked Security".
Naked Security
TRRespass research reveals rowhammering is alive and well
βTRRespassβ is a new trick for rowhammering β an attack where you write to a memory chip by reading it over and over (and over) again.
π΄ How the Rise of IoT Is Changing the CISO Role π΄
π Read
via "Dark Reading: ".
Prepare for the future by adopting a risk-based approach. Following these five steps can help.π Read
via "Dark Reading: ".
Darkreading
How the Rise of IoT Is Changing the CISO Role
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
ATENTIONβΌ New - CVE-2013-1753
π Read
via "National Vulnerability Database".
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2011-2487
π Read
via "National Vulnerability Database".
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.π Read
via "National Vulnerability Database".