π Infrared AI cameras at polling places could spot voters with a fever to detect potential coronavirus carriers π
π Read
via "Security on TechRepublic".
Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.π Read
via "Security on TechRepublic".
TechRepublic
Infrared AI cameras could help spot coronavirus carriers at polling places
Security company is using thermal imaging and AI to identify people with a temperature of 100 degrees.
β Coronavirus Poll: Cyberattacks Ramp Up as Work from Home Takes Hold β
π Read
via "Threatpost".
A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working.π Read
via "Threatpost".
Threat Post
Coronavirus Poll Results: Cyberattacks Ramp Up, WFH Prep Uneven
A poll of Threatpost readers shows that security preparedness is uneven as organizations make an unprecedented transition to remote working.
π΄ Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records π΄
π Read
via "Dark Reading: ".
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.π Read
via "Dark Reading: ".
Darkreading
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
β βDirty little secretβ extortion email threatens to give your family coronavirus β
π Read
via "Naked Security".
...And it's got your password as "proof".π Read
via "Naked Security".
Naked Security
βDirty little secretβ extortion email threatens to give your family coronavirus
β¦And itβs got your password as βproofβ.
ATENTIONβΌ New - CVE-2018-20335
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APP_Installation.asp?= URI.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20334
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-20333
π Read
via "National Vulnerability Database".
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can request /update_applist.asp to see if a USB device is attached to the router and if there are apps installed on the router.π Read
via "National Vulnerability Database".
β Location-tracking wristbands required on all incoming travelers to Hong Kong β
π Read
via "Naked Security".
The government says the wristband isn't privacy-invading because it won't track your location, per se; just if you wander from COVID-19 quarantine.π Read
via "Naked Security".
Naked Security
Location-tracking wristbands required on all incoming travelers to Hong Kong
The government says the wristband isnβt privacy-invading because it wonβt track your location, per se; just if you wander from COVID-19 quarantine.
β COVID-19 disruption delays release of Chrome version 81 β
π Read
via "Naked Security".
Itβs the COVID-19 shortage nobody expected - not toilet rolls, tinned goods or headache pills this time but Google software engineers.π Read
via "Naked Security".
Naked Security
COVID-19 disruption delays release of Chrome version 81
Itβs the COVID-19 shortage nobody expected β not toilet rolls, tinned goods or headache pills this time but Google software engineers.
β New Mirai Variant βMukashiβ Targets Zyxel NAS Devices β
π Read
via "Threatpost".
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.π Read
via "Threatpost".
Threat Post
New Mirai Variant βMukashiβ Targets Zyxel NAS Devices
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices.
π΄ Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis π΄
π Read
via "Dark Reading: ".
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.π Read
via "Dark Reading: ".
Dark Reading
Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
β Covid-19 Spurs Facial Recognition Tracking, Privacy Fears β
π Read
via "Threatpost".
The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.π Read
via "Threatpost".
Threat Post
Covid-19 Spurs Facial Recognition Tracking, Privacy Fears
The coronavirus pandemic is creating a lucrative market for facial recognition manufacturers. But privacy issues need to be top of mind, tech experts warn.
π Friday Five: 3/20 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 3/20 Edition
Hackers take advantage of the COVID-19 pandemic, Magecart group targets NutriBullet, and many countries at risk for violating data privacy laws - catch up on the week's infosec news with this roundup!
π΄ Security Ratings Are a Dangerous Fantasy π΄
π Read
via "Dark Reading: ".
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.π Read
via "Dark Reading: ".
Darkreading
Security Ratings Are a Dangerous Fantasy
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
β Exchange rate serviceβs customer details hacked via AWS β
π Read
via "Naked Security".
Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.π Read
via "Naked Security".
Naked Security
Exchange rate serviceβs customer details hacked via AWS
Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database.
π TrickBot and Emotet strains make process injection most prevalent attack technique π
π Read
via "Security on TechRepublic".
A Red Canary study analyzed six million leads to determine threats and found that worms had the most significant impact in 2019.π Read
via "Security on TechRepublic".
TechRepublic
TrickBot and Emotet strains make process injection most prevalent attack technique
A Red Canary study analyzed six million leads to determine threats and found that worms had the most significant impact in 2019.
π Network address-based security: How to implement better controls π
π Read
via "Security on TechRepublic".
Traditional network address-based security controls aren't as effective for the cloud or internal networks. Here's what to do about these security issues.π Read
via "Security on TechRepublic".
TechRepublic
Network address-based security: How to implement better controls
Traditional network address-based security controls aren't as effective for the cloud or internal networks. Here's what to do about these security issues.
ATENTIONβΌ New - CVE-2019-10221
π Read
via "National Vulnerability Database".
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-10179
π Read
via "National Vulnerability Database".
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.π Read
via "National Vulnerability Database".
π How to create a Kubernetes security policy π
π Read
via "Security on TechRepublic".
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.π Read
via "Security on TechRepublic".
TechRepublic
How to create a Kubernetes security policy
If you're looking to take your Kubernetes security to the next level, you'll want to start working with pod security policies. Here's a quick introduction to this feature.
π΄ Proof of Concept Released for kr00k Wi-Fi Vulnerability π΄
π Read
via "Dark Reading: ".
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.π Read
via "Dark Reading: ".
Darkreading
Proof of Concept Released for kr00k Wi-Fi Vulnerability
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.