ATENTIONβΌ New - CVE-2019-20768
π Read
via "National Vulnerability Database".
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.π Read
via "National Vulnerability Database".
β Adult live-streaming site CAM4 leaks millions of emails, private chats β
π Read
via "Naked Security".
The leak exposed millions of records with full names, emails, user conversations, payment logs, and IP addresses dating back to March.π Read
via "Naked Security".
Naked Security
Adult live-streaming site CAM4 leaks millions of emails, private chats
The leak exposed millions of records with full names, emails, user conversations, payment logs, and IP addresses dating back to March.
β Air gap security beaten by turning PC capacitors into speakers β
π Read
via "Naked Security".
Researchers have poked another small hole in air gapped security by showing how the electronics inside computer power supply units (PSUs) can be turned into covert data transmission devices.π Read
via "Naked Security".
Naked Security
Air gap security beaten by turning PC capacitors into speakers
Researchers have poked another small hole in air gapped security by showing how the electronics inside computer power supply units (PSUs) can be turned into covert data transmission devices.
π΅ PrivateVPN and Betternet vulnerabilities allow for fake or malicious updates π΅
π Read
via "VPNpro".
π Read
via "VPNpro".
VPNpro
PrivateVPN and Betternet vulnerabilities allow for fake or malicious updates
PrivateVPN and Betternet have crucial vulnerabilities that allow hackers to push fake updates and install malicious programs or steal user data.
π Big data: It's important to know where it is, how secure it is, and who is using it π
π Read
via "Security on TechRepublic".
Track and monitor who has access, when it's accessed, and why, to keep it safe and use it to its full potential.π Read
via "Security on TechRepublic".
TechRepublic
Why big data tracking and monitoring is essential to security and optimization
In order to keep company data safe and use it to its full potential, follow these tips on tracking and monitoring data access and usage.
π Apple and Google to prevent contact tracing apps from tracking your location π
π Read
via "Security on TechRepublic".
The built-in technology would ban the use of GPS location data to monitor contact with people who test positive for COVID-19.π Read
via "Security on TechRepublic".
TechRepublic
Apple and Google to prevent contact tracing apps from tracking your location
The built-in technology would ban the use of GPS location data to monitor contact with people who test positive for COVID-19.
β Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials β
π Read
via "Threatpost".
Investment brokers are the target of a new wave of socially engineered phishing attacks, warns FINRA.π Read
via "Threatpost".
Threat Post
Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials
Investment brokers are the target of a new wave of socially engineered phishing attacks, warns FINRA.
π΄ Is CVSS the Right Standard for Prioritization? π΄
π Read
via "Dark Reading: ".
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.π Read
via "Dark Reading: ".
Dark Reading
Is CVSS the Right Standard for Prioritization?
More than 55% of open source vulnerabilities are rated high or critical. To truly understand a vulnerability and how it might affect an organization or product, we need much more than a number.
π Cybersecurity: Half of businesses have had remote working security scares π
π Read
via "Security on TechRepublic".
The rapid move to remote working has left many businesses more vulnerable to cybersecurity threats, with nearly half saying they've encountered at least one scare as a direct result of the shift.π Read
via "Security on TechRepublic".
TechRepublic
Cybersecurity: Half of businesses have had remote working security scares
The rapid move to remote working has left many businesses more vulnerable to cybersecurity threats, with nearly half saying they've encountered at least one scare as a direct result of the shift.
π Security concerns intensify amid shift to remote working π
π Read
via "Security on TechRepublic".
More than half of the professionals surveyed for Barracuda Networks said their workforce isn't properly trained to handle the risks associated with remote working.π Read
via "Security on TechRepublic".
TechRepublic
Security concerns intensify amid shift to remote working
More than half of the professionals surveyed for Barracuda Networks said their workforce isn't properly trained to handle the risks associated with remote working.
π 'Hackers Google people': Millions still using sports team, hometown, band, or child names as passwords π
π Read
via "Security on TechRepublic".
Ahead of World Password Day, researchers are finding troubling trends despite numerous breaches and hacks.π Read
via "Security on TechRepublic".
TechRepublic
'Hackers Google people': Millions still using sports team, hometown, band, or child names as passwords
Ahead of World Password Day, researchers are finding troubling trends despite numerous breaches and hacks.
β Ransomware Attack Takes Down Toll Group Systems, Again β
π Read
via "Threatpost".
Australian transportation company Toll Group has been hit by the Nefilim ransomware, causing customers to experience delays.π Read
via "Threatpost".
Threat Post
Ransomware Attack Takes Down Toll Group Systems, Again
Australian transportation company Toll Group has been hit by a ransomware attack for the second time in three months, causing customers to experience delays.
ATENTIONβΌ New - CVE-2019-19169
π Read
via "National Vulnerability Database".
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19168
π Read
via "National Vulnerability Database".
Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.π Read
via "National Vulnerability Database".
β Firefox 76.0 released with critical security patches β update now β
π Read
via "Naked Security".
Firefox's latest version is out, with new password management features and a raft of security fixes.π Read
via "Naked Security".
Naked Security
Firefox 76.0 released with critical security patches β update now
Firefoxβs latest version is out, with new password management features and a raft of security fixes.
ATENTIONβΌ New - CVE-2019-19167
π Read
via "National Vulnerability Database".
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19166
π Read
via "National Vulnerability Database".
Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-4266
π Read
via "National Vulnerability Database".
IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199.π Read
via "National Vulnerability Database".
β Microsoft Shells Out $100K for IoT Security β
π Read
via "Threatpost".
A three-month Azure Sphere bug-bounty challenge will offer top rewards for compromising Pluton or Secure World within Microsoft's IoT security suite.π Read
via "Threatpost".
Threat Post
Microsoft Shells Out $100K for IoT Security
A three-month bug-bounty challenge will offer top rewards for compromising Pluton or Secure World within the Azure Sphere IoT security suite.
π Healthcare organizations targeted with password spraying attacks π
π Read
via "Security on TechRepublic".
Malicious campaigns are using password spraying as a type of brute-force attack to find weak passwords at healthcare and medical facilities.π Read
via "Security on TechRepublic".
TechRepublic
Healthcare organizations targeted with password spraying attacks
Malicious campaigns are using password spraying as a type of brute-force attack to find weak passwords at healthcare and medical facilities.
π Survey: Over half of employees admit to watching adult content on work devices π
π Read
via "Security on TechRepublic".
A study from Kaspersky also reveals significant changes in the ways people work since COVID-19.π Read
via "Security on TechRepublic".
TechRepublic
Survey: Over half of employees admit to watching adult content on work devices
A study from Kaspersky also reveals significant changes in the ways people work since COVID-19.