β Google sent ~40K warnings to targets of state-backed attackers in 2019 β
π Read
via "Naked Security".
Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters.π Read
via "Naked Security".
Naked Security
Google sent ~40K warnings to targets of state-backed attackers in 2019
Google has seen a rising number of attackers impersonating news outlets and journalists to spread fake news among other reporters.
β Should governments track your location to fight COVID-19? β
π Read
via "Naked Security".
Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.π Read
via "Naked Security".
Naked Security
Should governments track your location to fight COVID-19?
Google Maps data could help governments track patients that a newly-diagnosed COVID-19 sufferer has been in contact with.
β Chrome may bring back βwwwβ with option to show full URLs β
π Read
via "Naked Security".
Google's doing so grudgingly: it still thinks that showing too much will confuse users trying to assess a site's security.π Read
via "Naked Security".
Naked Security
Chrome may bring back βwwwβ with option to show full URLs
Googleβs doing so grudgingly: it still thinks that showing too much will confuse users trying to assess a siteβs security.
β Appleβs iOS 13.4 hit by VPN bypass vulnerability β
π Read
via "Naked Security".
Itβs less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.π Read
via "Naked Security".
Naked Security
Appleβs iOS 13.4 hit by VPN bypass vulnerability
Itβs less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.
π΄ Securing Your Remote Workforce: A Coronavirus Guide for Businesses π΄
π Read
via "Dark Reading: ".
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.π Read
via "Dark Reading: ".
Darkreading
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
ATENTIONβΌ New - CVE-2020-10560
π Read
via "National Vulnerability Database".
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.π Read
via "National Vulnerability Database".
β How to stay on top of coronavirus scams β and all the others too β
π Read
via "Naked Security".
The bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, too...π Read
via "Naked Security".
Naked Security
How to stay on top of coronavirus scams β and all the others too
The bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, tooβ¦
π Recon Informer π
π Go!
via "Security Tool Files β Packet Storm".
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Recon Informer β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π How to protect your organization and remote workers against ransomware π
π Read
via "Security on TechRepublic".
Phishing emails and unsecure remote desktop protocol access are two common types of attack methods used to spread ransomware, says cyber breach firm Beazley Breach Response Services.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your organization and remote workers against ransomware
Phishing emails and unsecure remote desktop protocol access are two common types of attack methods used to spread ransomware, says cyber breach firm Beazley Breach Response Services.
π How to use an iPhone or Android device as the security key for your Google account π
π Read
via "Security on TechRepublic".
Your smartphone can act as your security key to authenticate your Google credentials on the web. Learn how to set that up on an Android device or an iPhone.π Read
via "Security on TechRepublic".
TechRepublic
How to use an iPhone or Android device as the security key for your Google account
Your smartphone can act as your security key to authenticate your Google credentials on the web. Learn how to set that up on an Android device or an iPhone.
β Zeus Sphinx Banking Trojan Arises Amid COVID-19 β
π Read
via "Threatpost".
The malware is back after three years, looking to cash in on interest in government relief efforts around coronavirus.π Read
via "Threatpost".
Threat Post
Zeus Sphinx Banking Trojan Arises Amid COVID-19
The malware is back after three years, looking to cash in on interest in government relief efforts around coronavirus.
π Top 5 remote access threats π
π Read
via "Security on TechRepublic".
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 remote access threats
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.
ATENTIONβΌ New - CVE-2019-7755
π Read
via "National Vulnerability Database".
In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.π Read
via "National Vulnerability Database".
π Top 5 remote access threats π
π Read
via "Security on TechRepublic".
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 remote access threats
When working from home, it's important to understand the security risks. Tom Merritt lists five remote access threats so you can secure your system.
π Security policies explain step-by-step solutions for strengthening IT defenses π
π Read
via "Security on TechRepublic".
These TechRepublic Premium resources offer a comprehensive solution from responding to a data breach to explaining company-wide security responsibilities.π Read
via "Security on TechRepublic".
TechRepublic
Security policies explain step-by-step solutions for strengthening IT defenses
These TechRepublic Premium resources offer a comprehensive solution from responding to a data breach to explaining company-wide security responsibilities.
π The dark web: Where coronavirus fraud, profiteering, malware, and scams are discussed π
π Read
via "Security on TechRepublic".
COVID-19 is fueling new dark web conversations about cybercriminal activity, says cyber intelligence company Sixgill.π Read
via "Security on TechRepublic".
TechRepublic
The dark web: Where coronavirus fraud, profiteering, malware, and scams are discussed
COVID-19 is fueling new dark web conversations about cybercriminal activity, says cyber intelligence company Sixgill.
β Zoom Kills iOS Appβs Data-Sharing Facebook Feature β
π Read
via "Threatpost".
Zoom removed its Facebook SDK for iOS feature after a report found the app sending Facebook "unnecessary" user data.π Read
via "Threatpost".
Threat Post
Zoom Kills iOS Appβs Data-Sharing Facebook Feature
Zoom removed its Facebook SDK for iOS feature after a report found the app sending Facebook "unnecessary" user data.
π΄ HackerOne Drops Mobile Voting App Vendor Voatz π΄
π Read
via "Dark Reading: ".
Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.π Read
via "Dark Reading: ".
Dark Reading
HackerOne Drops Mobile Voting App Vendor Voatz
Bug bounty platform provider cited Voatz's pattern of interactions with the research community in its decision to halt the app vendor's vuln disclosure program on HackerOne.
π Groups Seek to Bump CCPA Enforcement Date Amid Coronavirus Confusion π
π Read
via "Subscriber Blog RSS Feed ".
As with many things currently, details of the California Consumer Privacy Act are unclear. That, plus confusion around COVID-19, has many interest groups hoping enforcement around the law is postponed.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Groups Seek to Bump CCPA Enforcement Date Amid Coronavirus Confusion
As with many things currently, details of the California Consumer Privacy Act are unclear. That, plus confusion around COVID-19, has many interest groups hoping enforcement around the law is postponed.
ATENTIONβΌ New - CVE-2019-17561
π Read
via "National Vulnerability Database".
The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-17560
π Read
via "National Vulnerability Database".
The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. Γ’β¬œApache NetBeans" versions up to and including 11.2 are affected by this vulnerability.π Read
via "National Vulnerability Database".