β TikTok users beware: Hackers could swap your videos with their own β
π Read
via "Naked Security".
TikTok doesn't use HTTPS for its images and videos - so crooks could swap out the videos you see and you would never know.π Read
via "Naked Security".
Naked Security
TikTok users beware: Hackers could swap your videos with their own
TikTok doesnβt use HTTPS for its images and videos β so crooks could swap out the videos you see and you would never know.
ATENTIONβΌ New - CVE-2019-11480
π Read
via "National Vulnerability Database".
The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16π Read
via "National Vulnerability Database".
β Malware Risks Triple on WFH Networks: Experts Offer Advice β
π Read
via "Threatpost".
New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.π Read
via "Threatpost".
Threat Post
Malware Risks Triple on WFH Networks: Experts Offer Advice
New research found that almost half of companies had malware on their corporate-associated home networks - in comparison to malware being found on only 13 percent of corporate networks.
π΄ 7 Ways COVID-19 Has Changed Our Online Lives π΄
π Read
via "Dark Reading: ".
The pandemic has driven more of our personal and work lives online - and for the bad guys, business is booming. Here's how you can protect yourself.π Read
via "Dark Reading: ".
Dark Reading
7 Ways COVID-19 Has Changed Our Online Lives
The pandemic has driven more of our personal and work lives online - and for the bad guys, business is booming. Here's how you can protect yourself.
β TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds β
π Read
via "Threatpost".
The popular video-sharing appsβs use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.π Read
via "Threatpost".
Threat Post
TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds
The popular video-sharing appsβs use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform.
β Safe Remote Access to Critical Infrastructure Networks in a Time of Global Crisis β
π Read
via "Threatpost".
As operators struggle to balance the recommendations of social distancing with the need to keep vital services functioning, there is no getting around the fact that conventional remote connections into industrial control networks are a very bad idea.π Read
via "Threatpost".
Threat Post
Safe Remote Access to Critical Infrastructure Networks in a Time of Global Crisis
As operators struggle to balance safety with keeping vital services active, conventional remote connections into industrial control networks are a bad idea.
π΄ Web Pioneers Launch Identity Startup That Ditches Passwords π΄
π Read
via "Dark Reading: ".
Legendary founders of Netscape and @Home Network roll out a new cloud-based identity management firm that makes the user his or her own certificate authority.π Read
via "Dark Reading: ".
Dark Reading
Web Pioneers Launch Identity Startup That Ditches Passwords
Legendary founders of Netscape and @Home Network roll out a new cloud-based identity management firm that makes the user his or her own certificate authority.
π΄ You're One Misconfiguration Away from a Cloud-Based Data Breach π΄
π Read
via "Dark Reading: ".
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.π Read
via "Dark Reading: ".
Dark Reading
You're One Misconfiguration Away from a Cloud-Based Data Breach
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
π Going phishing: The most imitated big name brands π
π Read
via "Security on TechRepublic".
Criminals are using familiar company names to steal user information and payment credentials, Check Point found.π Read
via "Security on TechRepublic".
TechRepublic
Going phishing: The most imitated big name brands
Criminals are using familiar company names to steal user information and payment credentials, Check Point found.
β Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines β
π Read
via "Threatpost".
Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.π Read
via "Threatpost".
Threat Post
Cyberattacks Target Healthcare Orgs on Coronavirus Frontlines
Cybercriminals aren't sparing medical professionals, hospitals and healthcare orgs on the frontlines of the coronavirus pandemic when it comes to cyberattacks, ransomware attacks and malware.
π΄ Apple Is Top Pick for Brand Phishing Attempts π΄
π Read
via "Dark Reading: ".
Ten percent of all brand phishing attempts in the first quarter of 2020 tried to deceive victims by imitating the Apple brand.π Read
via "Dark Reading: ".
Dark Reading
Apple Is Top Pick for Brand Phishing Attempts
Ten percent of all brand phishing attempts in the first quarter of 2020 tried to deceive victims by imitating the Apple brand.
β TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover β
π Read
via "Threatpost".
The custom RAT offers persistent access, data exfiltration and lateral network movement.π Read
via "Threatpost".
Threat Post
TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover
The custom RAT offers persistent access, data exfiltration and lateral network movement.
π Balancing public safety and privacy during COVID-19: The rise of mass surveillance π
π Read
via "Security on TechRepublic".
One tech company is harnessing artificial intelligence, thermal imaging, and real-time surveillance data to mitigate the spread of the coronavirus. However, serious privacy questions remain.π Read
via "Security on TechRepublic".
TechRepublic
Balancing public safety and privacy during COVID-19: The rise of mass surveillance
One tech company is harnessing artificial intelligence, thermal imaging, and real-time surveillance data to mitigate the spread of the coronavirus. However, serious privacy questions remain.
π΄ How Company Cultures Dictated Work-from-Home Readiness π΄
π Read
via "Dark Reading: ".
Companies large and small are discovering just how prepared they were for all employees to work remotelyπ Read
via "Dark Reading: ".
Dark Reading
How Company Cultures Dictated Work-from-Home Readiness
Companies large and small are discovering just how prepared they were for all employees to work remotely
ATENTIONβΌ New - CVE-2020-10383
π Read
via "National Vulnerability Database".
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10382
π Read
via "National Vulnerability Database".
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10381
π Read
via "National Vulnerability Database".
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-16879
π Read
via "National Vulnerability Database".
The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities.π Read
via "National Vulnerability Database".
π Now That The SHIELD Act Is In Effect, Does Your Company Comply? π
π Read
via "Subscriber Blog RSS Feed ".
The data security requirements of New York's Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, went into effect last month.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Now That The SHIELD Act Is In Effect, Does Your Company Comply?
The data security requirements of New York's Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, went into effect last month.
β Adobe Fixes βImportantβ Flaws in ColdFusion, After Effects and Digital Editions β
π Read
via "Threatpost".
While Adobe's regularly scheduled security updates were light this month, they fixed "important" severity vulnerabilities.π Read
via "Threatpost".
Threat Post
Adobe Fixes βImportantβ Flaws in ColdFusion, After Effects and Digital Editions
While Adobe's regularly scheduled security updates were light this month, they fixed "important" severity vulnerabilities.
π΄ TikTok Vulnerability Leaves Users Open to Fake News π΄
π Read
via "Dark Reading: ".
A vulnerability in the way TikTok requests and receives video content could leave users streaming video from bogus servers.π Read
via "Dark Reading: ".
Dark Reading
TikTok Vulnerability Leaves Users Open to Fake News
A vulnerability in the way TikTok requests and receives video content could leave users streaming video from bogus servers.