β DDoS attack on US Health agency part of coordinated campaign β
π Read
via "Naked Security".
It coincided with a disinformation campaign carried out via SMS, email and social media claiming that national quarantine was imminent.π Read
via "Naked Security".
Naked Security
DDoS attack on US Health agency part of coordinated campaign
It coincided with a disinformation campaign carried out via SMS, email and social media claiming that national quarantine was imminent.
β Uber to file federal suit against LA over usersβ real-time location data β
π Read
via "Naked Security".
Real-time, in-trip geolocation data isn't good for traffic/bike lane planning, a draft of the suit says. What it's good for is surveillance.π Read
via "Naked Security".
Naked Security
Uber to file federal suit against LA over usersβ real-time location data
Real-time, in-trip geolocation data isnβt good for traffic/bike lane planning, a draft of the suit says. What itβs good for is surveillance.
β VMware patches virtualisation bugs β
π Read
via "Naked Security".
Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.π Read
via "Naked Security".
Naked Security
VMware patches virtualisation bugs
Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.
β Authorities Eye Using Mobile Phone Tracking COVID-19βs Spread β
π Read
via "Threatpost".
Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemicβs effect.π Read
via "Threatpost".
Threat Post
Authorities Eye Using Mobile Phone Tracking COVID-19βs Spread
Privacy advocates advise caution when tracking the movements of patients or those infected with the new coronavirus, as an effort to minimize the pandemicβs effect.
β Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws β
π Read
via "Threatpost".
An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.π Read
via "Threatpost".
Threat Post
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products.
π΄ What the Battle of Britain Can Teach Us About Cybersecurity's Human Element π΄
π Read
via "Dark Reading: ".
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.π Read
via "Dark Reading: ".
Darkreading
What the Battle of Britain Can Teach Us About Cybersecurity's Human Element
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.
π How to protect yourself from coronavirus-themed malware π
π Read
via "Security on TechRepublic".
Attackers are using phishing emails, ransomware, and malicious apps to target people curious about the virus, says security firm Cybereason.π Read
via "Security on TechRepublic".
TechRepublic
How to protect yourself from coronavirus-themed malware
Attackers are using phishing emails, ransomware, and malicious apps to target people curious about the virus, says security firm Cybereason.
π How to control what personal information people see in Android π
π Read
via "Security on TechRepublic".
Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.π Read
via "Security on TechRepublic".
TechRepublic
How to control what personal information people see in Android
Do you know what information you share within the Google ecosystem? You can easily control what is visible or hidden, from with your Android device. Find out how.
π΄ Trend Micro Patches Two Zero-Days Under Attack π΄
π Read
via "Dark Reading: ".
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.π Read
via "Dark Reading: ".
Dark Reading
Trend Micro Patches Two Zero-Days Under Attack
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.
π OpenSSL Toolkit 1.1.1e π
π Go!
via "Security Tool Files β Packet Storm".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
OpenSSL Toolkit 1.1.1e β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Falco 0.21.0 π
π Go!
via "Security Tool Files β Packet Storm".
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Falco 0.21.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2019-11689
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-11688
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10682
π Read
via "National Vulnerability Database".
django-nopassword before 5.0.0 stores cleartext secrets in the database.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10146
π Read
via "National Vulnerability Database".
A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.π Read
via "National Vulnerability Database".
β TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal β
π Read
via "Threatpost".
A fresh module aims to compromise remote desktop accounts to access corporate resources.π Read
via "Threatpost".
Threat Post
TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal
A fresh module aims to compromise remote desktop accounts to access corporate resources.
π Ransomware: A security expert explains what makes us vulnerable and how to prevent it π
π Read
via "Security on TechRepublic".
Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.π Read
via "Security on TechRepublic".
TechRepublic
Ransomware: A security expert explains what makes us vulnerable and how to prevent it
Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.
π Ransomware: A security expert explains what makes us vulnerable and how to prevent it π
π Read
via "Security on TechRepublic".
Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.π Read
via "Security on TechRepublic".
TechRepublic
Ransomware: A security expert explains what makes us vulnerable and how to prevent it
Ransomware attacks are still happening, and more employees need to be trained on how to prevent them.
β Trend Micro Fixes Critical Flaws Under Attack β
π Read
via "Threatpost".
Fixes are now available for five critical and high-severity Trend Micro flaws, two of which are being actively targeted by attackers.π Read
via "Threatpost".
Threat Post
Trend Micro Fixes Critical Flaws Under Attack
Fixes are now available for five critical and high-severity Trend Micro flaws, two of which are being actively targeted by attackers.
π΄ Facebook Got Tagged, but not Hard Enough π΄
π Read
via "Dark Reading: ".
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.π Read
via "Dark Reading: ".
Dark Reading
Cyber Risk recent news | Dark Reading
Explore the latest news and expert commentary on Cyber Risk, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2019-10178
π Read
via "National Vulnerability Database".
It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.π Read
via "National Vulnerability Database".