ATENTIONβΌ New - CVE-2019-12001
π Read
via "National Vulnerability Database".
A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.π Read
via "National Vulnerability Database".
π Microsoft: Our new machine learning model spots critical security bugs 97% of the time π
π Read
via "Security on TechRepublic".
Microsoft claims a machine learning models its built for software developers can distinguish between security and non-security bugs 99% of the time.π Read
via "Security on TechRepublic".
π Friday Five: 4/17 Edition π
π Read
via "Subscriber Blog RSS Feed ".
San Francisco International Airport was hacked, Pentagon networks are at risk, and a TikTok hack circulates Coronavirus consipiracy theories. Catch up on the news of the week with the Friday Five!π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 4/17 Edition
San Francisco International Airport was hacked, Pentagon networks are at risk, and a TikTok hack circulates Coronavirus consipiracy theories. Catch up on the news of the week with the Friday Five!
β Critical bug in Google Chrome β get your update now β
π Read
via "Naked Security".
Here's the short version: Google just issued a Chrome update with a note that says, "This update includes 1 critical security fix."π Read
via "Naked Security".
Naked Security
Critical bug in Google Chrome β get your update now
Hereβs the short version: Google just issued a Chrome update with a note that says, βThis update includes 1 critical security fix.β
β Attacks on Linksys Routers Trigger Mass Password Reset β
π Read
via "Threatpost".
Linksys Smart Wi-Fi users were forced to reset their passwords after researchers discovered a router hack.π Read
via "Threatpost".
Threat Post
Attacks on Linksys Routers Trigger Mass Password Reset
Linksys Smart Wi-Fi users were forced to reset their passwords after researchers discovered a router hack.
π΄ Researchers Explore Details of Critical VMware Vulnerability π΄
π Read
via "Dark Reading: ".
The vCenter vulnerability, patched on April 9, could give an intruder access to administrative credentials in three steps.π Read
via "Dark Reading: ".
Dark Reading
Researchers Explore Details of Critical VMware Vulnerability
The vCenter vulnerability, patched on April 9, could give an intruder access to administrative credentials in three steps.
π΄ COVID-Themed Phishing Messages Fill Phishing Filters on Gmail π΄
π Read
via "Dark Reading: ".
In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.π Read
via "Dark Reading: ".
Dark Reading
COVID-Themed Phishing Messages Fill Phishing Filters on Gmail
In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.
β DHS Urges Pulse Secure VPN Users To Update Passwords β
π Read
via "Threatpost".
The DHS urged organizations to update their passwords and make sure that a critical Pulse Secure VPN flaw has been patched, as attackers continue to exploit the flaw.π Read
via "Threatpost".
Threat Post
DHS Urges Pulse Secure VPN Users To Update Passwords
The DHS urged organizations to update their passwords and make sure that a critical Pulse Secure VPN flaw has been patched, as attackers continue to exploit the flaw.
π Zoom: A cheat sheet about the video conferencing solution π
π Read
via "Security on TechRepublic".
Zoom has become a household name because lots of people are working from home and using the video conferencing software. Here is your guide to Zoom basics, including its security vulnerabilities.π Read
via "Security on TechRepublic".
TechRepublic
Zoom: A cheat sheet about the video conferencing solution
Zoom is now a household name for work-from-home employees. Here is your guide to Zoom basics, including its security vulnerabilities and video conferencing alternatives such as Microsoft Teams.
π΄ Pen-Test Results Hint at Improvements in Enterprise Security π΄
π Read
via "Dark Reading: ".
Though many problems remain, organizations are making attackers work harder.π Read
via "Dark Reading: ".
Dark Reading
Pen-Test Results Hint at Improvements in Enterprise Security
Though many problems remain, organizations are making attackers work harder.
β Monday review β the hot 13 stories of the week β
π Read
via "Naked Security".
From the critical bug in Google Chrome to Signal's fears over the EARN Act, get yourself up to date with everything we've written in the last week.π Read
via "Naked Security".
Naked Security
Monday review β the hot 13 stories of the week
From the critical bug in Google Chrome to Signalβs fears over the EARN Act, get yourself up to date with everything weβve written in the last week.
β Bot creates millions of fake eyeballs to rip off smart-TV advertisers β
π Read
via "Naked Security".
The massive ICEBUCKET scheme has, so far, impersonated more than 2m people in 30+ countries, defrauding more than 300 brands of ad dollars.π Read
via "Naked Security".
Naked Security
Bot creates millions of fake eyeballs to rip off smart-TV advertisers
The massive ICEBUCKET scheme has, so far, impersonated more than 2m people in 30+ countries, defrauding more than 300 brands of ad dollars.
π Scammers exploiting stimulus payments with phishing attacks and malicious domains π
π Read
via "Security on TechRepublic".
Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Scammers exploiting stimulus payments with phishing attacks and malicious domains
Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.
β New sextortion scam: βHigh level of risk. Your account has been hacked.β β
π Read
via "Naked Security".
The latest sextortion emails try to fool you with technical terms they hope you won't understand.π Read
via "Naked Security".
Naked Security
New sextortion scam: βHigh level of risk. Your account has been hacked.β
The latest sextortion emails try to fool you with technical terms they hope you wonβt understand.
ATENTIONβΌ New - CVE-2017-18852
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18851
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D8500 through 1.0.3.28, R6400 through 1.0.1.22, R6400v2 through 1.0.2.18, R8300 through 1.0.2.94, R8500 through 1.0.2.94, and R6100 through 1.0.1.12.π Read
via "National Vulnerability Database".
β Fan vibrations can be used transmit data from air-gapped machines β
π Read
via "Naked Security".
The scientists known for finding ways to transmit software from non-networked computers, have figured out a way to do it using computer fan vibrations.π Read
via "Naked Security".
Naked Security
Fan vibrations can be used to transmit data from air-gapped machines
Scientists known for finding ways to transmit software from non-networked computers have figured out a way to do it with computer fan vibrations.
π΄ Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19 π΄
π Read
via "Dark Reading: ".
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.π Read
via "Dark Reading: ".
Dark Reading
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
β Maze ransomware hits US giant Cognizant β
π Read
via "Naked Security".
The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze.π Read
via "Naked Security".
Naked Security
Maze ransomware hits US giant Cognizant
The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze.
ATENTIONβΌ New - CVE-2017-18850
π Read
via "National Vulnerability Database".
Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.44, R8300 before 1.0.2.100_1.0.82, and R8500 before 1.0.2.100_1.0.82.π Read
via "National Vulnerability Database".
β Bitcoin Stealers Hide in 700+ Ruby Developer Libraries β
π Read
via "Threatpost".
Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.π Read
via "Threatpost".
Threat Post
Bitcoin Stealers Hide in 700+ Ruby Developer Libraries
Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers.