β Monday review β the hot 15 stories of the week β
π Read
via "Naked Security".
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 15 stories of the week
Get yourself up to date with everything weβve written in the last seven days β itβs weekly roundup time.
β Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update β
π Read
via "Threatpost".
Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.π Read
via "Threatpost".
Threat Post
Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update
Company will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.
π The end of passwords: Industry experts explore the possibilities and challenges π
π Read
via "Security on TechRepublic".
Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.π Read
via "Security on TechRepublic".
TechRepublic
The end of passwords: Industry experts explore the possibilities and challenges
Passwords have been an industry standard and industry headache for decades. Learn some best practice tips for password administration from tech security insiders.
π΄ Dutch Police Shut Down 15 DDoS-for-Hire Services π΄
π Read
via "Dark Reading: ".
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.π Read
via "Dark Reading: ".
Dark Reading
Dutch Police Shut Down 15 DDoS-for-Hire Services
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.
π΄ Dell Releases Security Tool to Defend PCs from BIOS Attacks π΄
π Read
via "Dark Reading: ".
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.π Read
via "Dark Reading: ".
Dark Reading
Dell Releases Security Tool to Defend PCs from BIOS Attacks
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.
π΄ Network Data Shows Spikes, Vulnerability of Work-at-Home Shift π΄
π Read
via "Dark Reading: ".
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.π Read
via "Dark Reading: ".
Dark Reading
Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.
ATENTIONβΌ New - CVE-2020-11668 (linux_kernel)
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11647 (wireshark)
π Read
via "National Vulnerability Database".
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11557 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11556 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11555 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11554 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.π Read
via "National Vulnerability Database".
β Microsoft and Google delay online authentication change β
π Read
via "Naked Security".
Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ATENTIONβΌ New - CVE-2020-11553 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11002 (dropwizard_validation)
π Read
via "National Vulnerability Database".
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions.π Read
via "National Vulnerability Database".
β ICANN asks registrars to crack down on scam coronavirus websites β
π Read
via "Naked Security".
It doesn't have regulatory authority, so it can't do much, but the hundreds of registrars it authorizes can and should.π Read
via "Naked Security".
Naked Security
ICANN asks registrars to crack down on scam coronavirus websites
It doesnβt have regulatory authority, so it canβt do much, but the hundreds of registrars it authorizes can and should.
β TikTok users beware: Hackers could swap your videos with their own β
π Read
via "Naked Security".
TikTok doesn't use HTTPS for its images and videos - so crooks could swap out the videos you see and you would never know.π Read
via "Naked Security".
Naked Security
TikTok users beware: Hackers could swap your videos with their own
TikTok doesnβt use HTTPS for its images and videos β so crooks could swap out the videos you see and you would never know.
ATENTIONβΌ New - CVE-2019-11480
π Read
via "National Vulnerability Database".
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16π Read
via "National Vulnerability Database".
β Malware Risks Triple on WFH Networks: Experts Offer Advice β
π Read
via "Threatpost".
New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.π Read
via "Threatpost".
Threat Post
Malware Risks Triple on WFH Networks: Experts Offer Advice
New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.
π΄ 7 Ways COVID-19 Has Changed Our Online Lives π΄
π Read
via "Dark Reading: ".
The pandemic has driven more of our personal and work lives online - and for the bad guys, business is booming. Here's how you can protect yourself.π Read
via "Dark Reading: ".
Dark Reading
7 Ways COVID-19 Has Changed Our Online Lives
The pandemic has driven more of our personal and work lives online - and for the bad guys, business is booming. Here's how you can protect yourself.
β TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds β
π Read
via "Threatpost".
The popular video-sharing appsβs use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.π Read
via "Threatpost".
Threat Post
TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds
The popular video-sharing appsβs use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.