☢ Ransomware campaign targets businesses with fake invoice message ☢
📖 Read
via "Latest topics for ZDNet in Security".
Locky ransomware was once of the most prolific forms of ransomware - a new 'PyLocky' ransomware campaign by attempting to piggyback on its past success.📖 Read
via "Latest topics for ZDNet in Security".
ZDNET
Ransomware campaign targets businesses with fake invoice message
Locky ransomware was once of the most prolific forms of ransomware - a new 'PyLocky' ransomware campaign by attempting to piggyback on its past success.
ATENTION‼ New - CVE-2016-7078
📖 Read
via "National Vulnerability Database".
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-7077
📖 Read
via "National Vulnerability Database".
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-7075
📖 Read
via "National Vulnerability Database".
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-7071
📖 Read
via "National Vulnerability Database".
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-7067
📖 Read
via "National Vulnerability Database".
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.📖 Read
via "National Vulnerability Database".
❌ Apple Finally Boots Sneaky Adware Doctor App from Mac App Store ❌
📖 Read
via "The first stop for security news | Threatpost ".
Hours after researchers publicly disclosed an app that was caught stealing and uploading browser history data, Apple removed it from the Mac App Store.📖 Read
via "The first stop for security news | Threatpost ".
Threat Post
Apple Finally Boots Sneaky Adware Doctor App from Mac App Store
Hours after researchers publicly disclosed an app that was caught stealing and uploading browser history data, Apple removed it from the Mac App Store.
🕴 The Equifax Breach One Year Later: 6 Action Items for Security Pros 🕴
📖 Read
via "Dark Reading: ".
The Equifax breach last September was the largest consumer breach in history. We talked to experts about lessons learned and steps companies can take to prevent and minimize future breaches.📖 Read
via "Dark Reading: ".
Dark Reading
Slideshows - Dark Reading
Dark Reading: Connecting The Information Security Community. Explore our slideshows.
❌ Tor Brings Onion Browser to Android Devices ❌
📖 Read
via "The first stop for security news | Threatpost ".
In parts of the developing world, dissidents and journalists face hostile governments and other threats -- and mobile is their only access to the internet.📖 Read
via "The first stop for security news | Threatpost ".
Threat Post
Tor Brings Onion Browser to Android Devices
In parts of the developing world, dissidents and journalists face hostile governments and other threats — and mobile is their only access to the internet.
🔐 Top 5 riskiest airport Wi-Fi 🔐
📖 Read
via "Security on TechRepublic".
Whatever you do, try to avoid connecting to free wifi at these airports, begs TechRepublic's Tom Merritt📖 Read
via "Security on TechRepublic".
TechRepublic
Top 5 riskiest airport Wi-Fi
Whatever you do, try to avoid connecting to free Wi-Fi at these airports, begs Tom Merritt.
🔐 5 riskiest airport Wi-Fi 🔐
📖 Read
via "Security on TechRepublic".
TechRepublic's Tom Merritt counts down the top 5 riskiest wifi at airports in the U.S.📖 Read
via "Security on TechRepublic".
TechRepublic
Top 5 riskiest airport Wi-Fi
Whatever you do, try to avoid connecting to free wifi at these airports, begs TechRepublic's Tom Merritt
ATENTION‼ New - CVE-2016-7061
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-7056
📖 Read
via "National Vulnerability Database".
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-7041
📖 Read
via "National Vulnerability Database".
Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2016-7035
📖 Read
via "National Vulnerability Database".
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.📖 Read
via "National Vulnerability Database".
🔐 The secret to get employees to go back to school for cybersecurity: Pay their tuition 🔐
📖 Read
via "Security on TechRepublic".
With the growing need for cybersecurity professionals in the enterprise, sponsored tuition could help fill skill gaps, and 72% of workers are willing to go back to school for it.📖 Read
via "Security on TechRepublic".
TechRepublic
The secret to get employees to go back to school for cybersecurity: Pay their tuition
With the growing need for cybersecurity professionals in the enterprise, sponsored tuition could help fill skill gaps, and 72% of workers are willing to go back to school for it.
❌ ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation ❌
📖 Read
via "The first stop for security news | Threatpost ".
The flaws disclosed this month are related to a critical bug previously discovered by VerSprite in April 2018.📖 Read
via "The first stop for security news | Threatpost ".
Threat Post
ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation
The flaws disclosed this month are related to a critical bug previously discovered by VerSprite in April 2018.
🕴 GAO Says Equifax Missed Flaws, Intrusion in Massive Breach 🕴
📖 Read
via "Dark Reading: ".
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.📖 Read
via "Dark Reading: ".
Darkreading
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
🕴 Three Trend Micro Apps Caught Collecting MacOS User Data 🕴
📖 Read
via "Dark Reading: ".
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.📖 Read
via "Dark Reading: ".
Dark Reading
Three Trend Micro Apps Caught Collecting MacOS User Data
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
☢ Microsoft details for the first time how it classifies Windows security bugs ☢
📖 Read
via "Latest topics for ZDNet in Security".
The Microsoft Security Response Center publishes two documents detailing internal procedures used by its staff to prioritize and classify security bugs.📖 Read
via "Latest topics for ZDNet in Security".
ZDNET
Microsoft details for the first time how it classifies Windows security bugs
The Microsoft Security Response Center publishes two documents detailing internal procedures used by its staff to prioritize and classify security bugs.
🕴 New Campaign Brings Return of Old Malware 🕴
📖 Read
via "Dark Reading: ".
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.📖 Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading