ATENTIONβΌ New - CVE-2014-2721
π Read
via "National Vulnerability Database".
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect.π Read
via "National Vulnerability Database".
π COVID-19 demonstrates the need for disaster recovery and business continuity plans π
π Read
via "Security on TechRepublic".
The coronavirus may put organizations at risk through short staffing or unavailable workers and services, but disaster recovery and business continuity plans can help sustain business operations.π Read
via "Security on TechRepublic".
TechRepublic
COVID-19 demonstrates the need for disaster recovery and business continuity plans
The coronavirus may put organizations at risk through short staffing or unavailable workers and services, but disaster recovery and business continuity plans can help sustain business operations.
π Cybercriminals exploiting coronavirus outbreak with virus-themed sales on the dark web π
π Read
via "Security on TechRepublic".
Malicious COVID-19 domains and special virus-themed sales on the dark web are two ways criminals are using the outbreak to ramp up business, said security provider Check Point.π Read
via "Security on TechRepublic".
TechRepublic
Cybercriminals exploiting coronavirus outbreak with virus-themed sales on the dark web
Malicious COVID-19 domains and special virus-themed sales on the dark web are two ways criminals are using the outbreak to ramp up business, said security provider Check Point.
π Senators Press Google on Coronavirus Tracking, Screening Site Privacy π
π Read
via "Subscriber Blog RSS Feed ".
Privacy-conscious Senators are worried that technology used by the government to prevent the coronavirus from spreading could be exploited for profit and fear.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Senators Press Google on Coronavirus Tracking, Screening Site Privacy
Privacy-conscious Senators are worried that technology used by the government to prevent the coronavirus from spreading could be exploited for profit and fear.
π Bring sanity and security to infection outbreaks with a malware response plan π
π Read
via "Security on TechRepublic".
Find out how to deal with a security breach and protect your data and your network from another attack using this 37-step incident response checklist.π Read
via "Security on TechRepublic".
TechRepublic
Bring sanity and security to infection outbreaks with a malware response plan
Find out how to deal with a security breach and protect your data and your network from another attack using this 37-step incident response checklist.
π Infrared AI cameras at polling places could spot voters with a fever to detect potential coronavirus carriers π
π Read
via "Security on TechRepublic".
Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.π Read
via "Security on TechRepublic".
TechRepublic
Infrared AI cameras could help spot coronavirus carriers at polling places
Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.
β Coronavirus Poll: Cyberattacks Ramp Up as Work from Home Takes Hold β
π Read
via "Threatpost".
A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working.π Read
via "Threatpost".
Threat Post
Coronavirus Poll Results: Cyberattacks Ramp Up, WFH Prep Uneven
A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working.
π΄ Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records π΄
π Read
via "Dark Reading: ".
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.π Read
via "Dark Reading: ".
Darkreading
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
β βDirty little secretβ extortion email threatens to give your family coronavirus β
π Read
via "Naked Security".
...And it's got your password as "proof".π Read
via "Naked Security".
Naked Security
βDirty little secretβ extortion email threatens to give your family coronavirus
β¦And itβs got your password as βproofβ.
ATENTIONβΌ New - CVE-2018-20335
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20334
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20333
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.π Read
via "National Vulnerability Database".
β Location-tracking wristbands required on all incoming travelers to Hong Kong β
π Read
via "Naked Security".
The government says the wristband isn't privacy-invading because it won't track your location, per se; just if you wander from COVID-19 quarantine.π Read
via "Naked Security".
Naked Security
Location-tracking wristbands required on all incoming travelers to Hong Kong
The government says the wristband isnβt privacy-invading because it wonβt track your location, per se; just if you wander from COVID-19 quarantine.
β COVID-19 disruption delays release of Chrome version 81 β
π Read
via "Naked Security".
Itβs the COVID-19 shortage nobody expected - not toilet rolls, tinned goods or headache pills this time but Google software engineers.π Read
via "Naked Security".
Naked Security
COVID-19 disruption delays release of Chrome version 81
Itβs the COVID-19 shortage nobody expected β not toilet rolls, tinned goods or headache pills this time but Google software engineers.
β New Mirai Variant βMukashiβ Targets Zyxel NAS Devices β
π Read
via "Threatpost".
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.π Read
via "Threatpost".
Threat Post
New Mirai Variant βMukashiβ Targets Zyxel NAS Devices
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
π΄ Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis π΄
π Read
via "Dark Reading: ".
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.π Read
via "Dark Reading: ".
Dark Reading
Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
β Covid-19 Spurs Facial Recognition Tracking, Privacy Fears β
π Read
via "Threatpost".
The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.π Read
via "Threatpost".
Threat Post
Covid-19 Spurs Facial Recognition Tracking, Privacy Fears
The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.
π Friday Five: 3/20 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 3/20 Edition
Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!
π΄ Security Ratings Are a Dangerous Fantasy π΄
π Read
via "Dark Reading: ".
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.π Read
via "Dark Reading: ".
Darkreading
Security Ratings Are a Dangerous Fantasy
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
β Exchange rate serviceβs customer details hacked via AWS β
π Read
via "Naked Security".
Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.π Read
via "Naked Security".
Naked Security
Exchange rate serviceβs customer details hacked via AWS
Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.
π TrickBot and Emotet strains make process injection most prevalent attack technique π
π Read
via "Security on TechRepublic".
A Red Canary study analyzed six million leads to determine threats and found that worms had the most significant impact in 2019.π Read
via "Security on TechRepublic".
TechRepublic
TrickBot and Emotet strains make process injection most prevalent attack technique
A Red Canary study analyzed six million leads to determine threats and found that worms had the most significant impact in 2019.