β Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams β
π Read
via "Threatpost".
Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to steal various U.S. government payouts.π Read
via "Threatpost".
Threat Post
Hackers Dumpster Dive for Taxpayer Data in COVID-19 Relief Money Scams
Threat actors are buying and selling taxpayer data on hacker forums as well as using phishing and other campaigns to steal various U.S. government payouts.
π΄ Pandemic Could Accelerate Passwordless Authentication π΄
π Read
via "Dark Reading: ".
As we celebrate another World Password Day, security pros are hopeful that when we move out of the stay-at-home period, companies will continue to focus on digital technologies - and ditching passwords.π Read
via "Dark Reading: ".
Dark Reading
Pandemic Could Accelerate Passwordless Authentication
As we celebrate another World Password Day, security pros are hopeful that when we move out of the stay-at-home period, companies will continue to focus on digital technologies - and ditching passwords.
π΄ Cybersecurity Home School: Garfield Teaches Security π΄
π Read
via "Dark Reading: ".
The famous cartoon cat can help kids ages 6 to 11 learn to be more secure when they're online.π Read
via "Dark Reading: ".
Dark Reading
Cybersecurity Home School: Garfield Teaches Security
The famous cartoon cat can help kids ages 6 to 11 learn to be more secure when they're online.
β S2 Ep38: Crashing iPhones, ransomware tales and human chatbots β Naked Security Podcast β
π Read
via "Naked Security".
Get the latest cybersecurity news, opinion and advice.π Read
via "Naked Security".
Naked Security
S2 Ep38: Crashing iPhones, ransomware tales and human chatbots β Naked Security Podcast
Get the latest cybersecurity news, opinion and advice.
π΄ Threat-Modeling Basics Using MITRE ATT&CK π΄
π Read
via "Dark Reading: ".
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.π Read
via "Dark Reading: ".
Dark Reading
Threat-Modeling Basics Using MITRE ATT&CK
When risk managers consider the role ATT&CK plays in the classic risk equation, they have to understand the role of threat modeling in building a complete risk scenario.
π Credit card skimmer caught hiding behind website favicon π
π Read
via "Security on TechRepublic".
A website seemingly offering images and icons for download is actually a cover-up for a credit card skimming operation, says Malwarebytes.π Read
via "Security on TechRepublic".
TechRepublic
Credit card skimmer caught hiding behind website favicon
A website seemingly offering images and icons for download is actually a cover-up for a credit card skimming operation, says Malwarebytes.
π How to combat cyberattacks that exploit Microsoft's Remote Desktop Protocol π
π Read
via "Security on TechRepublic".
Hackers who gain access to a remote system can launch malware, spread spam, and perform identity theft, according to McAfee.π Read
via "Security on TechRepublic".
ATENTIONβΌ New - CVE-2019-18868
π Read
via "National Vulnerability Database".
Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18867
π Read
via "National Vulnerability Database".
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18865
π Read
via "National Vulnerability Database".
Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-5493
π Read
via "National Vulnerability Database".
ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS).π Read
via "National Vulnerability Database".
β Vcrypt ransomware holds your files hostage without encrypting them β
π Read
via "Naked Security".
Here's a ransomware story with a bit of a difference. Some of your files get wiped out, but others can be recovered without paying.π Read
via "Naked Security".
Naked Security
Vcrypt ransomware brings along a buddy to do the encryption
Hereβs a ransomware story with a difference. Some of your files can be recovered without paying, while others get wiped out forever.
π World Password Day: We're moving toward a passwordless infrastructure π
π Read
via "Security on TechRepublic".
As we celebrate World Password Day, companies of all sizes are looking to password alternatives including YubiKeys, Google Titan keys, and biometrics. A Gartner analyst weighs in.π Read
via "Security on TechRepublic".
TechRepublic
World Password Day: We're moving toward a passwordless infrastructure
As we celebrate World Password Day, companies of all sizes are looking to password alternatives including YubiKeys, Google Titan keys, and biometrics. A Gartner analyst weighs in.
π 13% of SMBs have already experienced a cyberattack since the COVID-19 pandemic began π
π Read
via "Security on TechRepublic".
More than one in five also acknowledge transitioning to remote work without a policy, according to an Alliant Cybersecurity report.π Read
via "Security on TechRepublic".
TechRepublic
13% of SMBs have already experienced a cyberattack since the COVID-19 pandemic began
More than one in five also acknowledge transitioning to remote work without a policy, according to an Alliant Cybersecurity report.
ATENTIONβΌ New - CVE-2019-18872
π Read
via "National Vulnerability Database".
Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18871
π Read
via "National Vulnerability Database".
A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18870
π Read
via "National Vulnerability Database".
A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18869
π Read
via "National Vulnerability Database".
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18866
π Read
via "National Vulnerability Database".
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database.π Read
via "National Vulnerability Database".
π΄ Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats π΄
π Read
via "Dark Reading: ".
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.π Read
via "Dark Reading: ".
Dark Reading
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
β Zoom Beefs Up End-to-End Encryption to Thwart βZoombombersβ β
π Read
via "Threatpost".
As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22.π Read
via "Threatpost".
Threat Post
Zoom Beefs Up End-to-End Encryption to Thwart βZoombombersβ
As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. A full cryptographic draft architecture will be available on May 22.