β Apple Modernizes Its Hardware Security with T2 β
π Read
via "The first stop for security news | Threatpost ".
Apple has widened the range of Macs running its T2 security chip. Is macOS finally catching up with other platforms when it comes to secure computing?π Read
via "The first stop for security news | Threatpost ".
Threat Post
Apple Modernizes Its Hardware Security with T2
Apple has widened the range of Macs running its T2 security chip. Is macOS finally catching up with other platforms when it comes to secure computing?
β Ranting researcher publishes VM-busting zero-day without warning β
π Read
via "Naked Security".
A security researcher has published a zero-day flaw in a commonly-used virtual machine management system without notifying the vendor, justifying it with a scathing critique of the infosecurity industry.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Podcast: Troy Hunt Talks Bad Passwords β and Whoβs to Blame for Them β
π Read
via "The first stop for security news | Threatpost ".
Troy Hunt sounds off on how both consumers and services have a joint role in creating and enforcing strong passwords.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Podcast: Troy Hunt Talks Bad Passwords β and Whoβs to Blame for Them
Troy Hunt sounds off on how both consumers and services have a joint role in creating and enforcing strong passwords.
π΄ The Executive Summit Returns to Black Hat Europe 2018 π΄
π Read
via "Dark Reading: ".
This day-long event for CISOs and execs will show you the way to next-level skills, strategies, and techniques that will bolster your relevance and wow the board.π Read
via "Dark Reading: ".
Dark Reading
The Executive Summit Returns to Black Hat Europe 2018 - Dark Reading
This day-long event for CISOs and execs will show you the way to next-level skills, strategies, and techniques that will bolster your relevance and wow the board.
β DJI Patches Forum Bug That Allowed Drone Account Takeovers β
π Read
via "The first stop for security news | Threatpost".
Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers.π Read
via "The first stop for security news | Threatpost".
Threat Post
DJI Patches Forum Bug That Allowed Drone Account Takeovers
Bug opened door for malicious link attack, giving hacker access to stored DJI drone data of commercial and consumer customers.
π Watch out for bogus warnings to downgrade Windows 10 π
π Read
via "Security on TechRepublic".
Windows 10 users running genuine copies of the Pro edition are being told to swap to Windows 10 Home after what appears to be an issue with Microsoft's activation servers.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2018-11777
π Read
via "National Vulnerability Database".
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.π Read
via "National Vulnerability Database".
π΄ 5 Things the Most Secure Software Companies Do (and How You Can Be Like Them) π΄
π Read
via "Dark Reading: ".
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.π Read
via "Dark Reading: ".
Darkreading
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
π How to disable simultaneous multithreading on Lenovo ThinkPads π
π Read
via "Security on TechRepublic".
Major side-channel exploits demonstrated the feasibility of programs extracting data from a program in an adjacent thread in the same core. Here's how and why to protect your ThinkPad.π Read
via "Security on TechRepublic".
TechRepublic
How to disable simultaneous multithreading on Lenovo ThinkPads | TechRepublic
Major side-channel exploits demonstrated the feasibility of programs extracting data from a program in an adjacent thread in the same core. Here's how and why to protect your ThinkPad.
β βDerpTrollβ Faces 10 Years in Prison for DDoSing Gaming Sites as a Teen β
π Read
via "Threatpost | The first stop for security news".
He admitted to taking Steam, EA Origin and Sony Online Entertainment offline in 2013 and 2014, causing at least $95,000 in damages.π Read
via "Threatpost | The first stop for security news".
Threat Post
βDerpTrollβ Faces 10 Years in Prison for DDoSing Gaming Sites as a Teen
He admitted to taking Steam, EA Origin and Sony Online Entertainment offline in 2013 and 2014, causing at least $95,000 in damages.
ATENTIONβΌ New - CVE-2018-0284
π Read
via "National Vulnerability Database".
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited.π Read
via "National Vulnerability Database".
β Cisco Accidentally Released Dirty Cow Exploit Code in Software β
π Read
via "Threatpost | The first stop for security news".
Cisco revealed that it had "inadvertently" shipped an in-house exploit code that was used in test scripts as part of its TelePresence Video Communication Server and Expressway Series software.π Read
via "Threatpost | The first stop for security news".
Threat Post
Cisco Accidentally Released Dirty Cow Exploit Code in Software
The most severe vulnerability, CVE-2018-15439, has a CVSS severity score of 9.8 (out of 10).
β Apple 0, JosΓ© 3 β Man versus Megacorp! [PODCAST] β
π Read
via "Naked Security".
Here's the latest Naked Security Podcast - enjoy!π Read
via "Naked Security".
Naked Security
Apple 0, JosΓ© 3 β Man versus Megacorp! [PODCAST]
Hereβs the latest Naked Security Podcast β enjoy!
π΄ Banking Malware Takes Aim at Brazilians π΄
π Read
via "Dark Reading: ".
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.π Read
via "Dark Reading: ".
Darkreading
Banking Malware Takes Aim at Brazilians
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.
π΄ User Behavior Analytics Could Find a Home in the OT World of the IIoT π΄
π Read
via "Dark Reading: ".
The technology never really took off in IT, but it could be very helpful in the industrial world.π Read
via "Dark Reading: ".
Darkreading
User Behavior Analytics Could Find a Home in the OT World of the IIoT
The technology never really took off in IT, but it could be very helpful in the industrial world.
β Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal β
π Read
via "Threatpost | The first stop for security news".
Two samples have already been added to the malware zoo, indicating a new openness from the federal government when it comes to cyber.π Read
via "Threatpost | The first stop for security news".
Threat Post
Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal
Two samples have already been added to the malware zoo, indicating a new openness from the federal government when it comes to cyber.
π΄ Microsoft President: Governments Must Cooperate on Cybersecurity π΄
π Read
via "Dark Reading: ".
Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Symantec Uncovers North Korean Group's ATM Attack Malware π΄
π Read
via "Dark Reading: ".
Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.π Read
via "Dark Reading: ".
Darkreading
Symantec Uncovers North Korean Group's ATM Attack Malware
Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.
ATENTIONβΌ New - CVE-2017-1119
π Read
via "National Vulnerability Database".
IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-9749
π Read
via "National Vulnerability Database".
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.π Read
via "National Vulnerability Database".
β DerpTrolling game server DDoS attacker pleads guilty β
π Read
via "Naked Security".
Austin Thompson pleaded guilty on November 6 in a San Diego Federal court to knowingly causing damage to third-party computers.π Read
via "Naked Security".
Naked Security
DerpTrolling game server DDoS attacker pleads guilty
Austin Thompson pleaded guilty on November 6 in a San Diego Federal court to knowingly causing damage to third-party computers.