ATENTIONβΌ New - CVE-2019-10483
π Read
via "National Vulnerability Database".
Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130π Read
via "National Vulnerability Database".
π Packet Fence 10.0.0 π
π Go!
via "Security Tool Files β Packet Storm".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Packet Fence 10.0.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Fraud guides a hot commodity on the dark web π
π Read
via "Security on TechRepublic".
Such guides provide instructions so that even novices can learn how to become cybercriminals, says web intelligence company Terbium Labs.π Read
via "Security on TechRepublic".
TechRepublic
Fraud guides a hot commodity on the dark web
Such guides provide instructions so that even novices can learn how to become cybercriminals, says web intelligence company Terbium Labs.
β TikTok announces βFamily Pairingβ β bust your moves but cap the risk β
π Read
via "Naked Security".
Having someone older to watch out for you while you're online can be reassuring. That seems to be the idea behind TikTok's Family Pairing.π Read
via "Naked Security".
Naked Security
TikTok announces βFamily Pairingβ β bust your moves but cap the risk
Having someone older to watch out for you while youβre online can be reassuring. That seems to be the idea behind TikTokβs Family Pairing.
π΄ Arxan Technologies Joins New Software Company Digital.ai π΄
π Read
via "Dark Reading: ".
The application security provider teams up with CollabNet VersionOne and XebiaLabs to create Digital.ai, a new enterprise DevOps platform.π Read
via "Dark Reading: ".
Dark Reading
Arxan Technologies Joins New Software Company Digital.ai
The application security provider teams up with CollabNet VersionOne and XebiaLabs to create Digital.ai, a new enterprise DevOps platform.
π΄ Post Pandemic, Technologists Pose Secure Certification for Immunity π΄
π Read
via "Dark Reading: ".
Going digital with immunity passports could speed rollout and allow for better warnings of potential hot spots. But security and privacy issues remain.π Read
via "Dark Reading: ".
Dark Reading
Post Pandemic, Technologists Pose Secure Certification for Immunity
Going digital with immunity passports could speed rollout and allow for better warnings of potential hot spots. But security and privacy issues remain.
π Report: US facing four times as many DDoS attacks as China π
π Read
via "Security on TechRepublic".
Atlas VPN found the United States was targeted more than any other country partially because of its size and the openness of the internet.π Read
via "Security on TechRepublic".
TechRepublic
Report: US facing four times as many DDoS attacks as China
Atlas VPN found the United States was targeted more than any other country partially because of its size and the openness of the internet.
π Understanding the dangers of social networking questionnaires π
π Read
via "Security on TechRepublic".
With people spending more time on Facebook and Twitter, it's important to know what to watch out for. Jack Wallen addresses the social networking behaviors you should avoid at all costs.π Read
via "Security on TechRepublic".
TechRepublic
Understanding the dangers of social networking questionnaires
With people spending more time on Facebook and Twitter, it's important to know what to watch out for. Jack Wallen addresses the social networking behaviors you should avoid at all costs.
π΄ 4 Cybersecurity Lessons from the Pandemic π΄
π Read
via "Dark Reading: ".
An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.π Read
via "Dark Reading: ".
Dark Reading
4 Cybersecurity Lessons from the Pandemic
An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.
β Cisco IP Phone Harbors Critical RCE Flaw β
π Read
via "Threatpost".
Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code execution by an unauthenticated attacker.π Read
via "Threatpost".
Threat Post
Cisco IP Phone Harbors Critical RCE Flaw
Cisco stomped out a critical vulnerability in its IP Phone web server that could enable remote code execution by an unauthenticated attacker.
π Self Driving Car Startup Admits to Trade Secret Theft, Settles With Tesla π
π Read
via "Subscriber Blog RSS Feed ".
The startup acknowledged that former Tesla employees had possession of Tesla documents relating to shipping, receiving, and warehouse procedures despite leaving the company.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Self Driving Car Startup Admits to Trade Secret Theft, Settles With Tesla
The startup acknowledged that former Tesla employees had possession of Tesla documents relating to shipping, receiving, and warehouse procedures despite leaving the company.
ATENTIONβΌ New - CVE-2019-11999
π Read
via "National Vulnerability Database".
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. * For OCMP version 4.4.X - please upgrade to OCMP 4.4.8 and then install RP806 * For OCMP 4.5.x please contact HPE Technical Support to obtain the necessary software updates.π Read
via "National Vulnerability Database".
π Onfido raises additional $100 million in funding for new identity standard π
π Read
via "Security on TechRepublic".
The global ID verification and authentication company's latest fundraiser will further assist worldwide secure access to digital services.π Read
via "Security on TechRepublic".
TechRepublic
Onfido raises additional $100 million in funding for new identity standard
The global ID verification and authentication company's latest fundraiser will further assist worldwide secure access to digital services.
π΄ Small Business Is Big Target for Ransomware π΄
π Read
via "Dark Reading: ".
Small businesses are being hit by ransomware, and a majority are paying up to get their data back.π Read
via "Dark Reading: ".
Dark Reading
Small Business Is Big Target for Ransomware
Small businesses are being hit by ransomware, and a majority are paying up to get their data back.
π΄ How Enterprises Are Developing and Maintaining Secure Applications π΄
π Read
via "Dark Reading: ".
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.π Read
via "Dark Reading: ".
π΄ Massive Bot-Enabled Ad Fraud Campaign Targeted Connected TVs π΄
π Read
via "Dark Reading: ".
ICEBUCKET operation is the largest ever to attempt to steal from advertisers by using bots to impersonate human smart-TV viewers, White Ops says.π Read
via "Dark Reading: ".
Dark Reading
Massive Bot-Enabled Ad Fraud Campaign Targeted Connected TVs
ICEBUCKET operation is the largest ever to attempt to steal from advertisers by using bots to impersonate human smart-TV viewers, White Ops says.
β New PoetRAT Hits Energy Sector With Data-Stealing Tools β
π Read
via "Threatpost".
A never-before-seen RAT is targeting Azerbaijan energy companies with various tools aimed at stealing credentials and exfiltrating valuable data.π Read
via "Threatpost".
Threat Post
New PoetRAT Hits Energy Sector With Data-Stealing Tools
A never-before-seen RAT is targeting Azerbaijan energy companies with various tools aimed at stealing credentials and exfiltrating valuable data.
π΄ Neglected Infrastructure, Invasive Tech to Plague Infosec in 2022 π΄
π Read
via "Dark Reading: ".
Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.π Read
via "Dark Reading: ".
Dark Reading
Neglected Infrastructure, Invasive Tech to Plague Infosec in 2022
Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.
β Poorly Secured Docker Image Comes Under Rapid Attack β
π Read
via "Threatpost".
A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable cloud infrastructure.π Read
via "Threatpost".
Threat Post
Poorly Secured Docker Image Comes Under Rapid Attack
A honeypot experiment shows just how quickly cybercriminals will move to compromise vulnerable cloud infrastructure.
π΄ Could Return of Ghost Squad Hackers Signal Rise in COVID-19-Related Hactivism? π΄
π Read
via "Dark Reading: ".
New research suggests GSH is active in Southeast Asia following a couple of quiet years.π Read
via "Dark Reading: ".
Dark Reading
Could Return of Ghost Squad Hackers Signal Rise in COVID-19-Related Hactivism?
New research suggests GSH is active in Southeast Asia following a couple of quiet years.
ATENTIONβΌ New - CVE-2019-11285
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".