β Report calls for web pre-screening to end UKβs child abuse βexplosionβ β
π Read
via "Naked Security".
The IICSA report cited "unprecedented levels of depravity" and said that encryption is getting in the way of current screening.π Read
via "Naked Security".
Naked Security
Report calls for web pre-screening to end UKβs child abuse βexplosionβ
The IICSA report cited βunprecedented levels of depravityβ and said that encryption is getting in the way of current screening.
β Microsoft patches wormable Windows 10 βSMBGhostβ flaw β
π Read
via "Naked Security".
Whatβs the difference between a scheduled security update and one thatβs out-of-band? In this case, it's two days.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 4 Ways Thinking 'Childishly' Can Empower Security Professionals π΄
π Read
via "Dark Reading: ".
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.π Read
via "Dark Reading: ".
Darkreading
4 Ways Thinking 'Childishly' Can Empower Security Professionals
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.
π Report: US Health and Human Services department hit by cyberattack amidst coronavirus fears π
π Read
via "Security on TechRepublic".
The Sunday cybersecurity attack was designed to slow down the agency's systems as it tries to grapple with the spread of COVID-19.π Read
via "Security on TechRepublic".
TechRepublic
Report: US Health and Human Services department hit by cyberattack amidst coronavirus fears
The Sunday cybersecurity attack was designed to slow down the agency's systems as it tries to grapple with the spread of COVID-19.
ATENTIONβΌ New - CVE-2019-10091
π Read
via "National Vulnerability Database".
When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-13063
π Read
via "National Vulnerability Database".
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-13060
π Read
via "National Vulnerability Database".
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-10125
π Read
via "National Vulnerability Database".
Contao before 4.5.7 has XSS in the system log.π Read
via "National Vulnerability Database".
π΄ Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady π΄
π Read
via "Dark Reading: ".
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.π Read
via "Dark Reading: ".
Dark Reading
Fewer Vulnerabilities in Web Frameworks, but Exploits Remain Steady
Attackers continue to focus on web and application frameworks, such as Apache Struts and WordPress, fighting against a decline in vulnerabilities, according to an analysis.
π΄ Hellman & Friedman Acquires Checkmarx for $1.5B π΄
π Read
via "Dark Reading: ".
The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.π Read
via "Dark Reading: ".
Dark Reading
Hellman & Friedman Acquires Checkmarx for $1.5B
The private equity firm will buy Checkmarx from Insight Partners, which will continue to own a minority interest.
π How to enable 2FA on a per-user basis in Nextcloud π
π Read
via "Security on TechRepublic".
If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.π Read
via "Security on TechRepublic".
TechRepublic
How to enable 2FA on a per-user basis in Nextcloud
If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.
π How to enable 2FA on a per-user basis in Nextcloud π
π Read
via "Security on TechRepublic".
If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.π Read
via "Security on TechRepublic".
TechRepublic
How to enable 2FA on a per-user basis in Nextcloud
If you want to enable two-factor authentication for Nextcloud on a per-user basis, it's just a simple app installation away.
β Microsoft Edge Shares Privacy-Busting Telemetry, Research Alleges β
π Read
via "Threatpost".
An academic study found Microsoft's Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers.π Read
via "Threatpost".
Threat Post
Microsoft Edge Shares Privacy-Busting Telemetry, Research Alleges
An academic study found Microsoft's Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers.
π 88% of IT pros say world is in permanent state of cyberwar π
π Read
via "Security on TechRepublic".
A Venafi study looked into what digital infrastructure will suffer from cyberattacks, which are most vulnerable, and what it means.π Read
via "Security on TechRepublic".
TechRepublic
88% of IT pros say world is in permanent state of cyberwar
A Venafi study looked into what digital infrastructure will suffer from cyberattacks, which are most vulnerable, and what it means.
π Case Almost Closed: Motorola Wins Multimillion Dollar Trade Secret Case π
π Read
via "Subscriber Blog RSS Feed ".
A jury ruled the telecom is owed upwards to $420 million in damages after a Chinese company was caught stealing its trade secrets for radios.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Case Almost Closed: Motorola Wins Multimillion Dollar Trade Secret Case
A jury ruled the telecom is owed upwards to $420 million in damages after a Chinese company was caught stealing its trade secrets for radios.
π΄ Five Indicted on Romance and Lottery Fraud Charges π΄
π Read
via "Dark Reading: ".
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.π Read
via "Dark Reading: ".
Darkreading
Five Indicted on Romance and Lottery Fraud Charges
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.
ATENTIONβΌ New - CVE-2019-11073
π Read
via "National Vulnerability Database".
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-19325
π Read
via "National Vulnerability Database".
tcpdump 4.9.2 (and probably lower versions) is prone to a heap-based buffer over-read in the EXTRACT_32BITS function (extract.h, called from the rx_cache_find function, print-rx.c) due to improper serviceId sanitization.π Read
via "National Vulnerability Database".
β Convincing Google Impersonation Opens Door to MiTM, Phishing β
π Read
via "Threatpost".
Using homographic characters is an easy way to execute a convincing fake site.π Read
via "Threatpost".
Threat Post
Convincing Google Impersonation Opens Door to MiTM, Phishing
Using homographic characters is an easy way to execute a convincing fake site.
π΄ Privacy in a Pandemic: What You Can (and Can't) Ask Employees π΄
π Read
via "Dark Reading: ".
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.π Read
via "Dark Reading: ".
Dark Reading
Privacy in a Pandemic: What You Can (and Can't) Ask Employees
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.
ATENTIONβΌ New - CVE-2017-12842
π Read
via "National Vulnerability Database".
Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount.π Read
via "National Vulnerability Database".