π΄ Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls? π΄
π Read
via "Dark Reading: ".
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.π Read
via "Dark Reading: ".
Dark Reading
Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls?
If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.
π Holy Water watering hole attack targets visitors of certain websites with malware π
π Read
via "Security on TechRepublic".
This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.π Read
via "Security on TechRepublic".
TechRepublic
Holy Water watering hole attack targets visitors of certain websites with malware
This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.
π΄ Microsoft Alerts Healthcare to Human-Operated Ransomware π΄
π Read
via "Dark Reading: ".
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2020-10231
π Read
via "National Vulnerability Database".
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.π Read
via "National Vulnerability Database".
β Critical WordPress Plugin Bug Can Lock Admins Out of Websites β
π Read
via "Threatpost".
A second vulnerability could be used to prevent access to almost all of a siteβs existing content, by simply redirecting visitors.π Read
via "Threatpost".
Threat Post
Critical WordPress Plugin Bug Can Lock Admins Out of Websites
A second vulnerability could be used to prevent access to almost all of a siteβs existing content, by simply redirecting visitors.
π΄ Active Directory Attacks Hit the Mainstream π΄
π Read
via "Dark Reading: ".
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.π Read
via "Dark Reading: ".
Dark Reading
Active Directory Attacks Hit the Mainstream
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
ATENTIONβΌ New - CVE-2019-3945
π Read
via "National Vulnerability Database".
Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-3944
π Read
via "National Vulnerability Database".
Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-3942
π Read
via "National Vulnerability Database".
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11106
π Read
via "National Vulnerability Database".
NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.π Read
via "National Vulnerability Database".
π Zoomβs Privacy Problems Snowball as Two Zero Days Uncovered π
π Read
via "Subscriber Blog RSS Feed ".
Amid increased scrutiny from researchers and privacy activists, two new zero days in the teleconferencing app surfaced on Wednesday.π Read
via "Subscriber Blog RSS Feed ".
β Coronavirus βFinancial Reliefβ Phishing Attacks Spike β
π Read
via "Threatpost".
A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.π Read
via "Threatpost".
Threat Post
Coronavirus βFinancial Reliefβ Phishing Attacks Spike
A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.
π΄ Why All Employees Are Responsible for Company Cybersecurity π΄
π Read
via "Dark Reading: ".
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.π Read
via "Dark Reading: ".
Dark Reading
Why All Employees Are Responsible for Company Cybersecurity
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
π COVID-19 pandemic impact pushing smart home voice control devices to predicted 30% growth π
π Read
via "Security on TechRepublic".
Global shipments of smart home speakers will increase this year due to fear of coronavirus germs, according to ABI Research.π Read
via "Security on TechRepublic".
β Wiper Malware Called βCoronavirusβ Spreads Among Windows Victims β
π Read
via "Threatpost".
Like NotPetya, it overwrites the master boot record to render computers "trashed."π Read
via "Threatpost".
Threat Post
Wiper Malware Called βCoronavirusβ Spreads Among Windows Victims
Like NotPetya, it overwrites the master boot record to render computers "trashed".
ATENTIONβΌ New - CVE-2019-9163
π Read
via "National Vulnerability Database".
The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-11254
π Read
via "National Vulnerability Database".
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.π Read
via "National Vulnerability Database".
π΄ Attackers Leverage Excel File Encryption to Deliver Malware π΄
π Read
via "Dark Reading: ".
Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.π Read
via "Dark Reading: ".
Dark Reading
Attackers Leverage Excel File Encryption to Deliver Malware
Technique involves saving malicious Excel file as read-only and tricking users into opening it, Mimecast says.
ATENTIONβΌ New - CVE-2019-17564
π Read
via "National Vulnerability Database".
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-11802
π Read
via "National Vulnerability Database".
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).π Read
via "National Vulnerability Database".
β COVID-19 forces browser makers to continue supporting TLS 1.0 β
π Read
via "Naked Security".
In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the aging and insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols.π Read
via "Naked Security".
Naked Security
COVID-19 forces browser makers to continue supporting TLS 1.0
In one of the strangest stories of the year, the COVID-19 virus has halted plans by major browsers to drop support for the aging and insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols.