β TrickBot App Bypasses Non-SMS Banking 2FA β
π Read
via "Threatpost".
TrickBot victims are being fooled into downloading an app that records their screens - stealing non-SMS 2FA passcodes for banking websites.π Read
via "Threatpost".
Threat Post
TrickBot App Bypasses Non-SMS Banking 2FA
TrickBot victims are being fooled into downloading an app that records their screens - stealing non-SMS 2FA passcodes for banking websites.
π Boost security defenses against Kwampirs RAT malware with new list of IOCs π
π Read
via "Security on TechRepublic".
ReversingLabs did a forensic analysis of attacks from the remote access trojan to understand the malware control structure.π Read
via "Security on TechRepublic".
TechRepublic
Boost security defenses against Kwampirs RAT malware with new list of IOCs
ReversingLabs did a forensic analysis of attacks from the remote access trojan to understand the malware control structure.
π΄ COVID-19: Getting Ready for the Next Business Continuity Challenge π΄
π Read
via "Dark Reading: ".
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.π Read
via "Dark Reading: ".
Dark Reading
COVID-19: Getting Ready for the Next Business Continuity Challenge
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.
π΄ FBI Shutters Russian-Based Hacker Platform, Makes Arrest π΄
π Read
via "Dark Reading: ".
The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.π Read
via "Dark Reading: ".
Dark Reading
FBI Shutters Russian-Based Hacker Platform, Makes Arrest
The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.
β GE Employees Lit Up with Sensitive Doc Breach β
π Read
via "Threatpost".
Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack.π Read
via "Threatpost".
Threat Post
GE Employees Lit Up with Sensitive Doc Breach
Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack.
ATENTIONβΌ New - CVE-2019-19127
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability is present in the standalone SITS:Vision 9.7.0 component of Tribal SITS in its default configuration, related to unencrypted communications sent by the client each time it is launched. This occurs because the Uniface TLS Driver is not enabled by default. This vulnerability allows attackers to gain access to credentials or execute arbitrary SQL queries on the SITS backend as long as they have access to the client executable or can intercept traffic from a user who does.π Read
via "National Vulnerability Database".
β Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign β
π Read
via "Threatpost".
Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor "in recent years."π Read
via "Threatpost".
Threat Post
Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign
Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor "in recent years."
π Organizations are moving their security to the cloud, but concerns remain π
π Read
via "Security on TechRepublic".
Businesses see advantages in migrating to cloud-based security tools but are worried about such issues as data privacy and unauthorized access, says Exabeam.π Read
via "Security on TechRepublic".
TechRepublic
Organizations are moving their security to the cloud, but concerns remain
Businesses see advantages in migrating to cloud-based security tools but are worried about such issues as data privacy and unauthorized access, says Exabeam.
π΄ Do DevOps Teams Need a Company Attorney on Speed Dial? π΄
π Read
via "Dark Reading: ".
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.π Read
via "Dark Reading: ".
Darkreading
Do DevOps Teams Need a Company Attorney on Speed Dial?
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
π΄ What Should I Do If My Company Is Being Impersonated in a Phishing Campaign? π΄
π Read
via "Dark Reading: ".
Two security awareness advocates from KnowBe4 provide some solid suggestions.π Read
via "Dark Reading: ".
Dark Reading
What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?
Two security awareness advocates from KnowBe4 provide some solid suggestions.
ATENTIONβΌ New - CVE-2019-18626
π Read
via "National Vulnerability Database".
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.π Read
via "National Vulnerability Database".
β Apple Update Fixes WebKit Flaws in iOS, Safari β
π Read
via "Threatpost".
Apple's security update included a slew of vulnerabilities in various components of iOS, macOS and Safari - the most severe of which could enable remote code execution.π Read
via "Threatpost".
Threat Post
Apple Update Fixes WebKit Flaws in iOS, Safari
Apple's security update included a slew of vulnerabilities in various components of iOS, macOS and Safari - the most severe of which could enable remote code execution.
π΄ Tupperware Hit By Card Skimmer Attack π΄
π Read
via "Dark Reading: ".
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.π Read
via "Dark Reading: ".
Darkreading
Tupperware Hit by Card Skimmer Attack
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
π΄ Missing Patches, Misconfiguration Top Technical Breach Causes π΄
π Read
via "Dark Reading: ".
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?π Read
via "Dark Reading: ".
Dark Reading
Missing Patches, Misconfiguration Top Technical Breach Causes
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
π DoD's Data Access Program Needs Oversight, Evaluation π
π Read
via "Subscriber Blog RSS Feed ".
The Department of Defense and its research facilities could be taking more steps to ensure steps around data protection are taken when sharing sensitive data, a federal audit revealed.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
DoD's Data Access Program Needs Oversight, Evaluation
The Department of Defense and its research facilities could be taking more steps to ensure steps around data protection are taken when sharing sensitive data, a federal audit revealed.
β Tokyo Olympics Postponed, But 5G Security Lessons Shine β
π Read
via "Threatpost".
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.π Read
via "Threatpost".
Threat Post
Tokyo Olympics Postponed, But 5G Security Lessons Shine
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japanβ¦
π 5 things SMB IT departments should do to survive the impact of COVID-19 π
π Read
via "Security on TechRepublic".
The overnight transformation to telecommuting means security risks are even higher than during normal business times.π Read
via "Security on TechRepublic".
TechRepublic
5 things SMB IT departments should do to survive the impact of COVID-19
The overnight transformation to telecommuting means security risks are even higher than during normal business times.
π What is Microsoft Azure Sphere? Everything you need to know π
π Read
via "Security on TechRepublic".
Microsoft locks down the Internet of Things with its own Linux.π Read
via "Security on TechRepublic".
TechRepublic
What is Microsoft Azure Sphere? Everything you need to know
Microsoft locks down the Internet of Things with its own Linux.
β Hijacked Twitter accounts used to advertise face masks β
π Read
via "Naked Security".
The accounts were used to advertise a site selling products made scarce by COVID-19: face masks, forehead thermometers and toilet paper.π Read
via "Naked Security".
Naked Security
Hijacked Twitter accounts used to advertise face masks
The accounts were used to advertise a site selling products made scarce by COVID-19: face masks, forehead thermometers and toilet paper.
β Adobe issues emergency fix for file-munching bug β
π Read
via "Naked Security".
Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victims' files.π Read
via "Naked Security".
Naked Security
Adobe issues emergency fix for file-munching bug
Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victimsβ files.
π΄ China-Based Threat Group Launches Widespread Malicious Campaign π΄
π Read
via "Dark Reading: ".
The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.π Read
via "Dark Reading: ".
Darkreading
China-Based Threat Group Launches Widespread Malicious Campaign
The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.