ATENTIONβΌ New - CVE-2016-7061
π Read
via "National Vulnerability Database".
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7056
π Read
via "National Vulnerability Database".
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7041
π Read
via "National Vulnerability Database".
Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7035
π Read
via "National Vulnerability Database".
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.π Read
via "National Vulnerability Database".
π The secret to get employees to go back to school for cybersecurity: Pay their tuition π
π Read
via "Security on TechRepublic".
With the growing need for cybersecurity professionals in the enterprise, sponsored tuition could help fill skill gaps, and 72% of workers are willing to go back to school for it.π Read
via "Security on TechRepublic".
TechRepublic
The secret to get employees to go back to school for cybersecurity: Pay their tuition
With the growing need for cybersecurity professionals in the enterprise, sponsored tuition could help fill skill gaps, and 72% of workers are willing to go back to school for it.
β ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation β
π Read
via "The first stop for security news | Threatpost ".
The flaws disclosed this month are related to a critical bug previously discovered by VerSprite in April 2018.π Read
via "The first stop for security news | Threatpost ".
Threat Post
ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation
The flaws disclosed this month are related to a critical bug previously discovered by VerSprite in April 2018.
π΄ GAO Says Equifax Missed Flaws, Intrusion in Massive Breach π΄
π Read
via "Dark Reading: ".
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.π Read
via "Dark Reading: ".
Darkreading
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
π΄ Three Trend Micro Apps Caught Collecting MacOS User Data π΄
π Read
via "Dark Reading: ".
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.π Read
via "Dark Reading: ".
Dark Reading
Three Trend Micro Apps Caught Collecting MacOS User Data
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
β’ Microsoft details for the first time how it classifies Windows security bugs β’
π Read
via "Latest topics for ZDNet in Security".
The Microsoft Security Response Center publishes two documents detailing internal procedures used by its staff to prioritize and classify security bugs.π Read
via "Latest topics for ZDNet in Security".
ZDNET
Microsoft details for the first time how it classifies Windows security bugs
The Microsoft Security Response Center publishes two documents detailing internal procedures used by its staff to prioritize and classify security bugs.
π΄ New Campaign Brings Return of Old Malware π΄
π Read
via "Dark Reading: ".
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ New 'Fallout' EK Brings Return of Old Ransomware π΄
π Read
via "Dark Reading: ".
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.π Read
via "Dark Reading: ".
Darkreading
New 'Fallout' EK Brings Return of Old Ransomware
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
β’ Tech support scammers find a home on Microsoft TechNet pages β’
π Read
via "Latest topics for ZDNet in Security".
Security researchers finds over 3,000 TechNet pages flooded with tech support scams pushing shady phone numbers for cryptocurrency exchanges and social media platforms.π Read
via "Latest topics for ZDNet in Security".
ZDNET
Tech support scammers find a home on Microsoft TechNet pages
Security researcher finds over 3,000 TechNet pages flooded with tech support scams pushing shady phone numbers for cryptocurrency exchanges and social media platforms.
β’ Internet Architecture Board warns Australian encryption-busting laws could fragment the internet β’
π Read
via "Latest topics for ZDNet in Security".
Industry groups, associations, and people that know what they are talking about, line up to warn of drawbacks from Canberra's proposed Assistance and Access Bill.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Internet Architecture Board warns Australian encryption-busting laws could fragment the internet
Industry groups, associations, and people that know what they are talking about, line up to warn of drawbacks from Canberra's proposed Assistance and Access Bill.
β’ How the industry expects to secure information in a quantum world β’
π Read
via "Latest topics for ZDNet in Security".
With all of the good a quantum computer promises, one of the side effects is that it will be able to break the mechanisms currently used to secure information. But the industry is onto it, and Australia's QuintessenceLabs is playing a key role.π Read
via "Latest topics for ZDNet in Security".
ZDNet
How the industry expects to secure information in a quantum world
With all of the good a quantum computer promises, one of the side effects is that it will be able to break the mechanisms currently used to secure information. But the industry is onto it, and Australia's QuintessenceLabs is playing a key role.
β’ Singapore payments vendor takes app global with UnionPay partnership β’
π Read
via "Latest topics for ZDNet in Security".
Network for Electronic Transfers of Singapore (Nets) has inked an agreement with China's UnionPay to enable consumers to scan and pay for purchases at 7.5 million participating merchants worldwide.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Singapore payments vendor takes app global with UnionPay partnership
Network for Electronic Transfers of Singapore (Nets) has inked an agreement with China's UnionPay to enable consumers to scan and pay for purchases at 7.5 million participating merchants worldwide.
β’ British Airways breach caused by the same group that hit Ticketmaster β’
π Read
via "Latest topics for ZDNet in Security".
Security researchers find clues connecting the Magecart group to the breach at British Airways.π Read
via "Latest topics for ZDNet in Security".
ZDNET
British Airways breach caused by the same group that hit Ticketmaster
Security researchers find clues connecting the Magecart group to the breach at British Airways.
β Microsoft extends security patch support for some Windows 7 users β
π Read
via "Naked Security".
Microsoft will provide security updates until 2023 to help business customers migrate to Windows 10 - if they pay.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Keybase browser extension weakness discovered β
π Read
via "Naked Security".
Respected researcher Wladimir Palant has recommended users βuninstall the Keybase browser extension ASAPβ after discovering a gap in its end-to-end encryption.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β’ How to steal a Tesla Model S in seconds β’
π Read
via "Latest topics for ZDNet in Security".
An attack technique has been revealed which allows threat actors to unlock a Tesla vehicle in no time at all.π Read
via "Latest topics for ZDNet in Security".
ZDNET
How to steal a Tesla Model S in seconds
An attack technique has been revealed which allows threat actors to unlock a Tesla vehicle in no time at all.
β’ βTrend Micro says sorry after apps grabbed Mac browser history β’
π Read
via "Latest topics for ZDNet in Security".
The company has now removed a browser history data collection feature from its macOS products.π Read
via "Latest topics for ZDNet in Security".
ZDNet
βTrend Micro says sorry after apps grabbed Mac browser history | ZDNet
The company has now removed a browser history data collection feature from its macOS products.
β Yikes: 1 in 5 employees share their email passwords with coworkers β
π Read
via "Naked Security".
19% of employees of small and medium-sized businesses share their passwords with coworkers or assistants, according to a recent survey.π Read
via "Naked Security".
Naked Security
Yikes: 1 in 5 employees share their email passwords with coworkers
19% of employees of small and medium-sized businesses share their passwords with coworkers or assistants, according to a recent survey.