π΄ What Should I Do If My Company Is Being Impersonated in a Phishing Campaign? π΄
π Read
via "Dark Reading: ".
Two security awareness advocates from KnowBe4 provide some solid suggestions.π Read
via "Dark Reading: ".
Dark Reading
What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?
Two security awareness advocates from KnowBe4 provide some solid suggestions.
ATENTIONβΌ New - CVE-2019-18626
π Read
via "National Vulnerability Database".
Harris Ormed Self Service before 2019.1.4 allows an authenticated user to view W-2 forms belonging to other users via an arbitrary empNo value to the ORMEDMIS/Data/PY/T4W2Service.svc/RetrieveW2EntriesForEmployee URI, thus exposing sensitive information including employee tax information, social security numbers, home addresses, and more.π Read
via "National Vulnerability Database".
β Apple Update Fixes WebKit Flaws in iOS, Safari β
π Read
via "Threatpost".
Apple's security update included a slew of vulnerabilities in various components of iOS, macOS and Safari - the most severe of which could enable remote code execution.π Read
via "Threatpost".
Threat Post
Apple Update Fixes WebKit Flaws in iOS, Safari
Apple's security update included a slew of vulnerabilities in various components of iOS, macOS and Safari - the most severe of which could enable remote code execution.
π΄ Tupperware Hit By Card Skimmer Attack π΄
π Read
via "Dark Reading: ".
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.π Read
via "Dark Reading: ".
Darkreading
Tupperware Hit by Card Skimmer Attack
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
π΄ Missing Patches, Misconfiguration Top Technical Breach Causes π΄
π Read
via "Dark Reading: ".
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?π Read
via "Dark Reading: ".
Dark Reading
Missing Patches, Misconfiguration Top Technical Breach Causes
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
π DoD's Data Access Program Needs Oversight, Evaluation π
π Read
via "Subscriber Blog RSS Feed ".
The Department of Defense and its research facilities could be taking more steps to ensure steps around data protection are taken when sharing sensitive data, a federal audit revealed.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
DoD's Data Access Program Needs Oversight, Evaluation
The Department of Defense and its research facilities could be taking more steps to ensure steps around data protection are taken when sharing sensitive data, a federal audit revealed.
β Tokyo Olympics Postponed, But 5G Security Lessons Shine β
π Read
via "Threatpost".
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.π Read
via "Threatpost".
Threat Post
Tokyo Olympics Postponed, But 5G Security Lessons Shine
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japanβ¦
π 5 things SMB IT departments should do to survive the impact of COVID-19 π
π Read
via "Security on TechRepublic".
The overnight transformation to telecommuting means security risks are even higher than during normal business times.π Read
via "Security on TechRepublic".
TechRepublic
5 things SMB IT departments should do to survive the impact of COVID-19
The overnight transformation to telecommuting means security risks are even higher than during normal business times.
π What is Microsoft Azure Sphere? Everything you need to know π
π Read
via "Security on TechRepublic".
Microsoft locks down the Internet of Things with its own Linux.π Read
via "Security on TechRepublic".
TechRepublic
What is Microsoft Azure Sphere? Everything you need to know
Microsoft locks down the Internet of Things with its own Linux.
β Hijacked Twitter accounts used to advertise face masks β
π Read
via "Naked Security".
The accounts were used to advertise a site selling products made scarce by COVID-19: face masks, forehead thermometers and toilet paper.π Read
via "Naked Security".
Naked Security
Hijacked Twitter accounts used to advertise face masks
The accounts were used to advertise a site selling products made scarce by COVID-19: face masks, forehead thermometers and toilet paper.
β Adobe issues emergency fix for file-munching bug β
π Read
via "Naked Security".
Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victims' files.π Read
via "Naked Security".
Naked Security
Adobe issues emergency fix for file-munching bug
Adobe has released another security patch outside of its usual routine, to deal with a bug that allows attackers to delete victimsβ files.
π΄ China-Based Threat Group Launches Widespread Malicious Campaign π΄
π Read
via "Dark Reading: ".
The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.π Read
via "Dark Reading: ".
Darkreading
China-Based Threat Group Launches Widespread Malicious Campaign
The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.
β Apple iOS 13.4 offers fixes for 30 vulnerabilities β
π Read
via "Naked Security".
Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS.π Read
via "Naked Security".
Naked Security
Apple iOS 13.4 offers fixes for 30 vulnerabilities
Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS.
β Responding to the New Normal: How to Prevent Added Risk in Your Business β
π Read
via "Threatpost".
With more employees than ever working remotely, there are numerous potential threats that organizations must be aware of.π Read
via "Threatpost".
Threat Post
Responding to the New Normal: How to Prevent Added Risk in Your Business
With more employees than ever working remotely, there are numerous potential threats that organizations must be aware of.
π How 4G and 5G networks are vulnerable to Denial-of-Service attacks π
π Read
via "Security on TechRepublic".
Existing 4G and early 5G networks use Diameter signaling protocol, which contains certain security holes that can lead to a range of attacks, says enterprise security provider Positive Technologies.π Read
via "Security on TechRepublic".
TechRepublic
How 4G and 5G networks are vulnerable to Denial-of-Service attacks
Existing 4G and early 5G networks use Diameter signaling protocol, which contains certain security holes that can lead to a range of attacks, says enterprise security provider Positive Technologies.
β Apple Safari now blocks all third-party cookies by default β
π Read
via "Naked Security".
Starting in 13.1, advertisers and analytics firms can't track us through browser cookies. Apple says this also kills login fingerprinting.π Read
via "Naked Security".
Naked Security
Apple Safari now blocks all third-party cookies by default
Starting in 13.1, advertisers and analytics firms canβt track us through browser cookies. Apple says this also kills login fingerprinting.
π΄ Introducing Zero-Trust Access π΄
π Read
via "Dark Reading: ".
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.π Read
via "Dark Reading: ".
Dark Reading
Introducing Zero-Trust Access
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
π How hackers are using COVID-19 fears to push new scams and malware π
π Read
via "Security on TechRepublic".
Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.π Read
via "Security on TechRepublic".
TechRepublic
How hackers are using COVID-19 fears to push new scams and malware
Cybercriminals may be staying home, but they're not taking a break from phishing attempts and password hacking during the coronavirus outbreak.
ATENTIONβΌ New - CVE-2019-15796
π Read
via "National Vulnerability Database".
Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. This allows downloads from unsigned repositories which shouldn't be allowed and has been fixed in verisions 1.9.5, 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.π Read
via "National Vulnerability Database".
β Hackers Hijack Routers to Spread Malware Via Coronavirus Apps β
π Read
via "Threatpost".
The router DNS hijacking attacks have targeted more than a thousand victims with the Oski info-stealing malware.π Read
via "Threatpost".
Threat Post
Hackers Hijack Routers to Spread Malware Via Coronavirus Apps
The router DNS hijacking attacks have targeted more than a thousand victims with the Oski info-stealing malware.