ATENTIONβΌ New - CVE-2018-21037
π Read
via "National Vulnerability Database".
Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-18576
π Read
via "National Vulnerability Database".
The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI.π Read
via "National Vulnerability Database".
π΄ This Tax Season, Save the Scorn and Protect Customers from Phishing Scams π΄
π Read
via "Dark Reading: ".
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.π Read
via "Dark Reading: ".
Dark Reading
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
π΄ Security Lessons We've Learned (So Far) from COVID-19 π΄
π Read
via "Dark Reading: ".
Takeaways about fighting new fires, securely enabling remote workforces, and human nature during difficult times.π Read
via "Dark Reading: ".
Dark Reading
Security Lessons We've Learned (So Far) from COVID-19
Takeaways about fighting new fires, securely enabling remote workforces, and human nature during difficult times.
π Canadian Govt Prioritizing Rules Around Insider Threats π
π Read
via "Subscriber Blog RSS Feed ".
Following a high profile espionage case, Canada is set to roll out a new set of protocols designed to stop insider threats within government departments.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Canadian Govt Prioritizing Rules Around Insider Threats
Following a high profile espionage case, Canada is set to roll out a new set of protocols designed to stop insider threats within government departments.
π΄ Startup Offering Secure Access to Corporate Apps Emerges from Stealth π΄
π Read
via "Dark Reading: ".
Axis Security has raised $17 million in VC funding.π Read
via "Dark Reading: ".
Dark Reading
Startup Offering Secure Access to Corporate Apps Emerges from Stealth
Axis Security has raised $17 million in VC funding.
π΄ Attorney General Directs DoJ to Prioritize Coronavirus Crime π΄
π Read
via "Dark Reading: ".
Criminal activity related to the pandemic cannot be tolerated, William Barr states in memo.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β This Stalkerware Delivers Extra-Creepy Features β
π Read
via "Threatpost".
Stalkerware called Monitor Minor gives users the ability to creep on a targetβs missives swapped via Instagram, Skype and Snapchat.π Read
via "Threatpost".
Threat Post
This Stalkerware Delivers Extra-Creepy Features
Stalkerware called Monitor Minor gives users the ability to creep on a targetβs missives swapped via Instagram, Skype and Snapchat.
β A COVID-19 Cybersecurity Poll: Securing a Remote Workforce β
π Read
via "Threatpost".
COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll.π Read
via "Threatpost".
Threat Post
A COVID-19 Cybersecurity Poll: Securing a Remote Workforce
COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll.
ATENTIONβΌ New - CVE-2019-11939
π Read
via "National Vulnerability Database".
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.π Read
via "National Vulnerability Database".
β Magecart Cyberattack Targets NutriBullet Website β
π Read
via "Threatpost".
Researchers warn that a Magecart group has set up skimmers on the blender manufacturer's website, in hopes of stealing customer payment-card data.π Read
via "Threatpost".
Threat Post
Magecart Cyberattack Targets NutriBullet Website
Researchers warn that a Magecart group has set up skimmers on the blender manufacturer's website, in hopes of stealing customer payment-card data.
β Human traffickers use social media oversharing to gain victimsβ trust β
π Read
via "Naked Security".
Posts about money or family trouble are being used to gain trust by those who force victims into sex work or slavery, the FBI warns.π Read
via "Naked Security".
Naked Security
Human traffickers use social media oversharing to gain victimsβ trust
Posts about money or family trouble are being used to gain trust by those who force victims into sex work or slavery, the FBI warns.
β DDoS attack on US Health agency part of coordinated campaign β
π Read
via "Naked Security".
It coincided with a disinformation campaign carried out via SMS, email and social media claiming that national quarantine was imminent.π Read
via "Naked Security".
Naked Security
DDoS attack on US Health agency part of coordinated campaign
It coincided with a disinformation campaign carried out via SMS, email and social media claiming that national quarantine was imminent.
β Uber to file federal suit against LA over usersβ real-time location data β
π Read
via "Naked Security".
Real-time, in-trip geolocation data isn't good for traffic/bike lane planning, a draft of the suit says. What it's good for is surveillance.π Read
via "Naked Security".
Naked Security
Uber to file federal suit against LA over usersβ real-time location data
Real-time, in-trip geolocation data isnβt good for traffic/bike lane planning, a draft of the suit says. What itβs good for is surveillance.
β VMware patches virtualisation bugs β
π Read
via "Naked Security".
Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.π Read
via "Naked Security".
Naked Security
VMware patches virtualisation bugs
Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.
β Authorities Eye Using Mobile Phone Tracking COVID-19βs Spread β
π Read
via "Threatpost".
Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemicβs effect.π Read
via "Threatpost".
Threat Post
Authorities Eye Using Mobile Phone Tracking COVID-19βs Spread
Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemicβs effect.
β Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws β
π Read
via "Threatpost".
An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.π Read
via "Threatpost".
Threat Post
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.
π΄ What the Battle of Britain Can Teach Us About Cybersecurity's Human Element π΄
π Read
via "Dark Reading: ".
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.π Read
via "Dark Reading: ".
Darkreading
What the Battle of Britain Can Teach Us About Cybersecurity's Human Element
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.
π How to protect yourself from coronavirus-themed malware π
π Read
via "Security on TechRepublic".
Attackers are using phishing emails, ransomware, and malicious apps to target people curious about the virus, says security firm Cybereason.π Read
via "Security on TechRepublic".
TechRepublic
How to protect yourself from coronavirus-themed malware
Attackers are using phishing emails, ransomware, and malicious apps to target people curious about the virus, says security firm Cybereason.
π How to control what personal information people see in Android π
π Read
via "Security on TechRepublic".
Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.π Read
via "Security on TechRepublic".
TechRepublic
How to control what personal information people see in Android
Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.
π΄ Trend Micro Patches Two Zero-Days Under Attack π΄
π Read
via "Dark Reading: ".
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.π Read
via "Dark Reading: ".
Dark Reading
Trend Micro Patches Two Zero-Days Under Attack
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.