π΄ Pandemic Could Make Schools Bigger Targets of Ransomware Attacks π΄
π Read
via "Dark Reading: ".
Most have had to implement distance learning, making them much more vulnerable, Armor says.π Read
via "Dark Reading: ".
Dark Reading
Pandemic Could Make Schools Bigger Targets of Ransomware Attacks
Most have had to implement distance learning, making them much more vulnerable, Armor says.
β Overlay Malware Leverages Chrome Browser, Targets Banks and Heads to Spain β
π Read
via "Threatpost".
The Grandoreiro banking malware uses remote overlay and a fake Chrome browser plugin to steal from banking customers.π Read
via "Threatpost".
Threat Post
Overlay Malware Leverages Chrome Browser, Targets Banks and Heads to Spain
Researchers warn that the Grandoreiro banking malware has broadened in its targeting from Brazil to Spain.
π SEC Settles With Two Traders Involved in 2016 Hack π
π Read
via "Subscriber Blog RSS Feed ".
Two of the illicit traders indicted in a 2016 hack of the SEC have agreed to settle and in turn, give back six figure sums of money they made with information stolen from a SEC system.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
SEC Settles With Two Traders Involved in 2016 Hack
Two of the illicit traders indicted in a 2016 hack of the SEC have agreed to settle and in turn, give back six figure sums of money they made with information stolen from a SEC system.
β Monday review β the hot 15 stories of the week β
π Read
via "Naked Security".
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 15 stories of the week
Get yourself up to date with everything weβve written in the last seven days β itβs weekly roundup time.
β Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update β
π Read
via "Threatpost".
Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.π Read
via "Threatpost".
Threat Post
Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update
Company will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.
π The end of passwords: Industry experts explore the possibilities and challenges π
π Read
via "Security on TechRepublic".
Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.π Read
via "Security on TechRepublic".
TechRepublic
The end of passwords: Industry experts explore the possibilities and challenges
Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.
π΄ Dutch Police Shut Down 15 DDoS-for-Hire Services π΄
π Read
via "Dark Reading: ".
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.π Read
via "Dark Reading: ".
Dark Reading
Dutch Police Shut Down 15 DDoS-for-Hire Services
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.
π΄ Dell Releases Security Tool to Defend PCs from BIOS Attacks π΄
π Read
via "Dark Reading: ".
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.π Read
via "Dark Reading: ".
Dark Reading
Dell Releases Security Tool to Defend PCs from BIOS Attacks
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.
π΄ Network Data Shows Spikes, Vulnerability of Work-at-Home Shift π΄
π Read
via "Dark Reading: ".
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.π Read
via "Dark Reading: ".
Dark Reading
Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.
ATENTIONβΌ New - CVE-2020-11668 (linux_kernel)
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11647 (wireshark)
π Read
via "National Vulnerability Database".
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11557 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11556 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11555 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11554 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.π Read
via "National Vulnerability Database".
β Microsoft and Google delay online authentication change β
π Read
via "Naked Security".
Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ATENTIONβΌ New - CVE-2020-11553 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11002 (dropwizard_validation)
π Read
via "National Vulnerability Database".
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions.π Read
via "National Vulnerability Database".
β ICANN asks registrars to crack down on scam coronavirus websites β
π Read
via "Naked Security".
It doesn't have regulatory authority, so it can't do much, but the hundreds of registrars it authorizes can and should.π Read
via "Naked Security".
Naked Security
ICANN asks registrars to crack down on scam coronavirus websites
It doesnβt have regulatory authority, so it canβt do much, but the hundreds of registrars it authorizes can and should.
β TikTok users beware: Hackers could swap your videos with their own β
π Read
via "Naked Security".
TikTok doesn't use HTTPS for its images and videos - so crooks could swap out the videos you see and you would never know.π Read
via "Naked Security".
Naked Security
TikTok users beware: Hackers could swap your videos with their own
TikTok doesnβt use HTTPS for its images and videos β so crooks could swap out the videos you see and you would never know.
ATENTIONβΌ New - CVE-2019-11480
π Read
via "National Vulnerability Database".
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16π Read
via "National Vulnerability Database".