ATENTIONβΌ New - CVE-2016-11025
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).π Read
via "National Vulnerability Database".
π Experts question abrupt decision by New York City to ban Zoom from use in all public schools π
π Read
via "Security on TechRepublic".
The hotly debated move does little to address underlying issues many teachers and parents are having with the platform and other tools, educators say.π Read
via "Security on TechRepublic".
TechRepublic
Experts question abrupt decision by New York City to ban Zoom from use in all public schools
The hotly debated move does little to address underlying issues many teachers and parents are having with the platform and other tools, educators say.
π΄ The Coronavirus & Cybersecurity: 3 Areas of Exploitation π΄
π Read
via "Dark Reading: ".
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.π Read
via "Dark Reading: ".
Dark Reading
The Coronavirus & Cybersecurity: 3 Areas of Exploitation - Dark Reading
Criminal, political, and strategic factors are combining to create a perfect storm of cyber infections that target the global supply chain.
ATENTIONβΌ New - CVE-2017-18647
π Read
via "National Vulnerability Database".
An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 (November 2017).π Read
via "National Vulnerability Database".
π NYDFS Postpones Cybersecurity Certification of Compliance Deadline π
π Read
via "Subscriber Blog RSS Feed ".
The New York Department of Financial Services has extended its usual April 15 cybersecurity Certification of Compliance deadline for entities experiencing issues arising from COVID-19π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NYDFS Postpones Cybersecurity Certification of Compliance Deadline
The New York Department of Financial Services has extended its usual April 15 cybersecurity Certification of Compliance deadline for entities experiencing issues arising from COVID-19
π΄ Mature DevOps Teams Are Secure DevOps Teams π΄
π Read
via "Dark Reading: ".
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.π Read
via "Dark Reading: ".
Dark Reading
Mature DevOps Teams Are Secure DevOps Teams
New research shows the relationship between mature DevOps processes, secure applications, and happy developers.
π΄ How Do I Make Sure My Work-From-Home Users Install Updates? π΄
π Read
via "Dark Reading: ".
Most enterprise endpoint solutions will support policies to enforce recommended updates.π Read
via "Dark Reading: ".
Dark Reading
How Do I Make Sure My Work-From-Home Users Install Updates?
Most enterprise endpoint solutions will support policies to enforce recommended updates.
ATENTIONβΌ New - CVE-2015-9545
π Read
via "National Vulnerability Database".
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-9544
π Read
via "National Vulnerability Database".
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2013-7488
π Read
via "National Vulnerability Database".
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.π Read
via "National Vulnerability Database".
β Serious Exchange Flaw Still Plagues 350K Servers β
π Read
via "Threatpost".
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.π Read
via "Threatpost".
Threat Post
Serious Exchange Flaw Still Plagues 350K Servers
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.
π΄ The Edge Names 'Holy Cow' Cartoon Caption Winners π΄
π Read
via "Dark Reading: ".
What can cows possibly have to do with cybersecurity?π Read
via "Dark Reading: ".
Dark Reading
The Edge
What can cows possibly have to do with cybersecurity?
π΄ Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates π΄
π Read
via "Dark Reading: ".
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.π Read
via "Dark Reading: ".
Dark Reading
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.
π΄ Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign π΄
π Read
via "Dark Reading: ".
Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.π Read
via "Dark Reading: ".
Dark Reading
Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign
Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.
π΄ Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits π΄
π Read
via "Dark Reading: ".
Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.π Read
via "Dark Reading: ".
Dark Reading
Privacy & Digital-Rights Experts Worry Contact-Tracing Apps Lack Limits
Mobile-phone-based tracking of people can help fight pandemics, but privacy and security researchers stress that it needs to be done right.
β As if the world couldnβt get any weirder, this AI toilet scans your anus to identify you β
π Read
via "Naked Security".
It's what the researchers call "A mountable toilet system for personalized health monitoring via the analysis of excreta."π Read
via "Naked Security".
Naked Security
As if the world couldnβt get any weirder, this AI toilet scans your anus to identify you
Itβs what the researchers call βA mountable toilet system for personalized health monitoring via the analysis of excreta.β
β Microsoft project proposed to aid Linux IoT code integrity β
π Read
via "Naked Security".
Imagine a computer user from 2010 dreaming of a world in which Microsoft is not only an enthusiastic proponent of open source software but actively contributes to it with its own ideas. The time is now.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Update Firefox again β more RCEs and an Android βtakeoverβ bug too β
π Read
via "Naked Security".
Hot on the heels of Firefox's emergency update over the weekend are the four-weekly fixes that Mozilla had in train already. Get 'em now!π Read
via "Naked Security".
Naked Security
Update Firefox again β more RCEs and an Android βtakeoverβ bug too
Hot on the heels of Firefoxβs emergency update over the weekend are the four-weekly fixes that Mozilla had in train already. Get βem now!
β COVID-19 CISO Checklist for Securing a Remote Workforce β
π Read
via "Threatpost".
The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.π Read
via "Threatpost".
Threat Post
COVID-19 CISO Checklist for Securing a Remote Workforce
The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, to ensure their organization is well-protected.
β βFake Fingerprintsβ Bypass Scanners with 3D Printing β
π Read
via "Threatpost".
New research used 3D printing technology to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products.π Read
via "Threatpost".
Threat Post
βFake Fingerprintsβ Bypass Scanners with 3D Printing
New research used 3D printing technology to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products.
π Talos researchers fabricate a fake that frequently fooled fingerprint locks π
π Read
via "Security on TechRepublic".
The 3D printed duplicates worked on phone and a MacBook Pro laptop but not on Windows machines or two USB jump drives.π Read
via "Security on TechRepublic".
TechRepublic
Talos researchers fabricate a fake that frequently fooled fingerprint locks
The 3D printed duplicates worked on phone and a MacBook Pro laptop but not on Windows machines or two USB jump drives.