π΄ Network Data Shows Spikes, Vulnerability of Work-at-Home Shift π΄
π Read
via "Dark Reading: ".
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.π Read
via "Dark Reading: ".
Dark Reading
Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.
ATENTIONβΌ New - CVE-2020-11668 (linux_kernel)
π Read
via "National Vulnerability Database".
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11647 (wireshark)
π Read
via "National Vulnerability Database".
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11557 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11556 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11555 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11554 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.π Read
via "National Vulnerability Database".
β Microsoft and Google delay online authentication change β
π Read
via "Naked Security".
Both Microsoft and Google have postponed a change that would have forced better application security by shutting down an insecure access protocol called Basic Authentication.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ATENTIONβΌ New - CVE-2020-11553 (snmpc_online)
π Read
via "National Vulnerability Database".
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-11002 (dropwizard_validation)
π Read
via "National Vulnerability Database".
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions.π Read
via "National Vulnerability Database".
β ICANN asks registrars to crack down on scam coronavirus websites β
π Read
via "Naked Security".
It doesn't have regulatory authority, so it can't do much, but the hundreds of registrars it authorizes can and should.π Read
via "Naked Security".
Naked Security
ICANN asks registrars to crack down on scam coronavirus websites
It doesnβt have regulatory authority, so it canβt do much, but the hundreds of registrars it authorizes can and should.
β TikTok users beware: Hackers could swap your videos with their own β
π Read
via "Naked Security".
TikTok doesn't use HTTPS for its images and videos - so crooks could swap out the videos you see and you would never know.π Read
via "Naked Security".
Naked Security
TikTok users beware: Hackers could swap your videos with their own
TikTok doesnβt use HTTPS for its images and videos β so crooks could swap out the videos you see and you would never know.
ATENTIONβΌ New - CVE-2019-11480
π Read
via "National Vulnerability Database".
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16π Read
via "National Vulnerability Database".
β Malware Risks Triple on WFH Networks: Experts Offer Advice β
π Read
via "Threatpost".
New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.π Read
via "Threatpost".
Threat Post
Malware Risks Triple on WFH Networks: Experts Offer Advice
New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.
π΄ 7 Ways COVID-19 Has Changed Our Online Lives π΄
π Read
via "Dark Reading: ".
The pandemic has driven more of our personal and work lives online - and for the bad guys, business is booming. Here's how you can protect yourself.π Read
via "Dark Reading: ".
Dark Reading
7 Ways COVID-19 Has Changed Our Online Lives
The pandemic has driven more of our personal and work lives online - and for the bad guys, business is booming. Here's how you can protect yourself.
β TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds β
π Read
via "Threatpost".
The popular video-sharing appsβs use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.π Read
via "Threatpost".
Threat Post
TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds
The popular video-sharing appsβs use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.
β Safe Remote Access to Critical Infrastructure Networks in a Time of Global Crisis β
π Read
via "Threatpost".
As operators struggle to balance the recommendations of social distancing with the need to keep vital services functioning, there is no getting around the fact that conventional remote connections into industrial control networks are a very bad idea.π Read
via "Threatpost".
Threat Post
Safe Remote Access to Critical Infrastructure Networks in a Time of Global Crisis
As operators struggle to balance safety with keeping vital services active, conventional remote connections into industrial control networks are a bad idea.
π΄ Web Pioneers Launch Identity Startup That Ditches Passwords π΄
π Read
via "Dark Reading: ".
Legendary founders of Netscape and @Home Network roll out a new cloud-based identity management firm that makes the user his or her own certificate authority.π Read
via "Dark Reading: ".
Dark Reading
Web Pioneers Launch Identity Startup That Ditches Passwords
Legendary founders of Netscape and @Home Network roll out a new cloud-based identity management firm that makes the user his or her own certificate authority.
π΄ You're One Misconfiguration Away from a Cloud-Based Data Breach π΄
π Read
via "Dark Reading: ".
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.π Read
via "Dark Reading: ".
Dark Reading
You're One Misconfiguration Away from a Cloud-Based Data Breach
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
π Going phishing: The most imitated big name brands π
π Read
via "Security on TechRepublic".
Criminals are using familiar company names to steal user information and payment credentials, Check Point found.π Read
via "Security on TechRepublic".
TechRepublic
Going phishing: The most imitated big name brands
Criminals are using familiar company names to steal user information and payment credentials, Check Point found.
β Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines β
π Read
via "Threatpost".
Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.π Read
via "Threatpost".
Threat Post
Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines
Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.