🛡 Cybersecurity & Privacy 🛡 - News

Top Email Protections Fail in Latest COVID-19 Phishing Campaign

An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.

138 views14:05

🕴 The SOC Emergency Room Faces Malware Pandemic 🕴

To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.

📖 Read

via "Dark Reading: ".

The SOC Emergency Room Faces Malware Pandemic

To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.

142 views14:11

🕴 COVID-19: Latest Security News & Commentary 🕴

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

📖 Read

via "Dark Reading: ".

COVID-19: Latest Security News & Commentary

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

143 views14:41

❌ Two Zoom Zero-Day Flaws Uncovered ❌

The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.

📖 Read

via "Threatpost".

Two Zoom Zero-Day Flaws Uncovered

The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.

146 views16:05

🕴 Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls? 🕴

If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.

📖 Read

via "Dark Reading: ".

Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls?

If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.

133 views16:11

Holy Water watering hole attack targets visitors of certain websites with malware

🔐 Holy Water watering hole attack targets visitors of certain websites with malware 🔐

This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.

📖 Read

via "Security on TechRepublic".

TechRepublic

This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.

131 views16:44

🕴 Microsoft Alerts Healthcare to Human-Operated Ransomware 🕴

Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.

📖 Read

via "Dark Reading: ".

Vulnerabilities & Threats recent news | Dark Reading

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

127 views17:11

ATENTION‼ New - CVE-2020-10231

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.

📖 Read

via "National Vulnerability Database".

131 views17:28

❌ Critical WordPress Plugin Bug Can Lock Admins Out of Websites ❌

A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.

📖 Read

via "Threatpost".

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.

127 views18:05

🕴 Active Directory Attacks Hit the Mainstream 🕴

Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.

📖 Read

via "Dark Reading: ".

Active Directory Attacks Hit the Mainstream

Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.

126 views18:41

ATENTION‼ New - CVE-2019-3945

Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length.

📖 Read

via "National Vulnerability Database".

123 views18:58

ATENTION‼ New - CVE-2019-3944

Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.

📖 Read

via "National Vulnerability Database".

124 views18:58

ATENTION‼ New - CVE-2019-3942

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

📖 Read

via "National Vulnerability Database".

126 views18:58

ATENTION‼ New - CVE-2018-11106

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

📖 Read

via "National Vulnerability Database".

126 views18:58

🔏 Zoom’s Privacy Problems Snowball as Two Zero Days Uncovered 🔏

Amid increased scrutiny from researchers and privacy activists, two new zero days in the teleconferencing app surfaced on Wednesday.

📖 Read

via "Subscriber Blog RSS Feed ".

132 views19:55

❌ Coronavirus ‘Financial Relief’ Phishing Attacks Spike ❌

A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.

📖 Read

via "Threatpost".

Coronavirus ‘Financial Relief’ Phishing Attacks Spike

A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.

121 views20:05

🕴 Why All Employees Are Responsible for Company Cybersecurity 🕴

It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.

📖 Read

via "Dark Reading: ".

Why All Employees Are Responsible for Company Cybersecurity

It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.

127 views20:11

🔐 COVID-19 pandemic impact pushing smart home voice control devices to predicted 30% growth 🔐

Global shipments of smart home speakers will increase this year due to fear of coronavirus germs, according to ABI Research.

📖 Read

via "Security on TechRepublic".

138 views20:14

❌ Wiper Malware Called “Coronavirus” Spreads Among Windows Victims ❌

Like NotPetya, it overwrites the master boot record to render computers "trashed."

📖 Read

via "Threatpost".

Wiper Malware Called “Coronavirus” Spreads Among Windows Victims

Like NotPetya, it overwrites the master boot record to render computers "trashed".

139 views21:35

ATENTION‼ New - CVE-2019-9163

The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.

📖 Read

via "National Vulnerability Database".

135 views22:28