ATENTION‼ New - CVE-2019-18864
📖 Read
via "National Vulnerability Database".
/server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine.📖 Read
via "National Vulnerability Database".
🔐 Web and network perimeter vulnerabilities slightly lower than 2019 🔐
📖 Read
via "Security on TechRepublic".
Yet, even with a 30% decline, web applications are still at risk and new scan targets have more vulnerabilities than others, according to a new Acunetix report.📖 Read
via "Security on TechRepublic".
TechRepublic
Web and network perimeter vulnerabilities slightly lower than 2019
Yet, even with a 30% decline, web applications are still at risk and new scan targets have more vulnerabilities than others, according to a new Acunetix report.
🔏 U.S., UK Govt: APT Groups Targeting Healthcare Orgs 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
It seems as if there are alerts almost daily now around how bad actors are leveraging the ongoing coronavirus (COVID-19) pandemic to target end users.The latest came this week after agencies from two countries, the U.S. and the U.K. warned about how advanced persistent threat (APT) groups are using the pandemic to their advantage. 📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
U.S., UK Govt: APT Groups Targeting Healthcare Orgs
A joint alert via cybersecurity agencies in the UK and U.S. this week warned about how APT groups are exploiting COVID-19 to collect PII, IP, and other intelligence.
🕴 Now More Than Ever? Securing the Software Life Cycle 🕴
📖 Read
via "Dark Reading: ".
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.📖 Read
via "Dark Reading: ".
Dark Reading
Now More Than Ever? Securing the Software Life Cycle
The more things change, the more they stay the same. That's true for software security, even in these turbulent times.
❌ Cisco Fixes High-Severity Flaws In Firepower Security Software, ASA ❌
📖 Read
via "Threatpost".
Cisco has fixed 12 high-severity flaws in its Adaptive Security Appliance software and Firepower Threat Defense software.📖 Read
via "Threatpost".
Threat Post
Cisco Fixes High-Severity Flaws In Firepower Security Software, ASA
Cisco has fixed 12 high-severity flaws in its Adaptive Security Appliance software and Firepower Threat Defense software.
🕴 Mac RAT Rides 2FA App Onto Systems 🕴
📖 Read
via "Dark Reading: ".
The new macOS remote access Trojan from the Lazarus Group uses a two-factor authentication app as its delivery mechanism.📖 Read
via "Dark Reading: ".
Dark Reading
Mac RAT Rides 2FA App Onto Systems
The new macOS remote access Trojan from the Lazarus Group uses a two-factor authentication app as its delivery mechanism.
🔐 How to properly secure sysctl on Linux 🔐
📖 Read
via "Security on TechRepublic".
Protecting your Linux servers against SYN attacks and IP spoofing isn't nearly as hard you think. Jack Wallen shows you how.📖 Read
via "Security on TechRepublic".
TechRepublic
How to properly secure sysctl on Linux
Protecting your Linux servers against SYN attacks and IP spoofing isn't nearly as hard you think. Jack Wallen shows you how.
ATENTION‼ New - CVE-2019-19164
📖 Read
via "National Vulnerability Database".
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.📖 Read
via "National Vulnerability Database".
❌ Blue Mockingbird Monero-Mining Campaign Exploits Web Apps ❌
📖 Read
via "Threatpost".
The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.📖 Read
via "Threatpost".
Threat Post
Blue Mockingbird Monero-Mining Campaign Exploits Web Apps
The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.
🕴 Microsoft Identity VP Shares How and Why to Ditch Passwords 🕴
📖 Read
via "Dark Reading: ".
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.📖 Read
via "Dark Reading: ".
Darkreading
Microsoft Identity VP Shares How and Why to Ditch Passwords
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
🕴 Malicious Bots Infiltrate Online Food Delivery 🕴
📖 Read
via "Dark Reading: ".
With grocery delivery in higher demand than ever, new add-ons have emerged to secure slots for consumers, presenting a new pathway for bad bots to wreak havoc.📖 Read
via "Dark Reading: ".
Dark Reading
Malicious Bots Infiltrate Online Food Delivery
With grocery delivery in higher demand than ever, new add-ons have emerged to secure slots for consumers, presenting a new pathway for bad bots to wreak havoc.
🕴 Cyber Subterfuge and Curious Sharks Threaten the World's Subsea Fiber-Optics Cables 🕴
📖 Read
via "Dark Reading: ".
Malware, spies and hackers, plus erosion and sharks, threaten fiber-optics that transmit almost all the world's data📖 Read
via "Dark Reading: ".
Dark Reading
Cyber Subterfuge and Curious Sharks Threaten the World's Subsea Fiber-Optics Cables
Malware, spies and hackers, plus erosion and sharks, threaten fiber-optics that transmit almost all the world's data
ATENTION‼ New - CVE-2015-7946
📖 Read
via "National Vulnerability Database".
Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2014-1423
📖 Read
via "National Vulnerability Database".
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-0953
📖 Read
via "National Vulnerability Database".
A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2012-0952
📖 Read
via "National Vulnerability Database".
A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53.📖 Read
via "National Vulnerability Database".
⚠ More crypto-stealing Chrome extensions swatted by Google ⚠
📖 Read
via "Naked Security".
Google deleted more malicious extensions from the Chrome Web Store after they were found to be phishing cryptocurrency users.📖 Read
via "Naked Security".
Naked Security
More crypto-stealing Chrome extensions swatted by Google
Google deleted more malicious extensions from the Chrome Web Store after they were found to be phishing cryptocurrency users.
⚠ Vote for Naked Security in the European Blogger Awards 2020! ⚠
📖 Read
via "Naked Security".
If you enjoy what you read, hear and see from the Naked Security team, please vote for us - it means a lot!📖 Read
via "Naked Security".
Naked Security
Vote for Naked Security in the European Blogger Awards 2020!
If you enjoy what you read, hear and see from the Naked Security team, please vote for us – it means a lot!
❌ Podcast: Shifting Cloud Security Left With Infrastructure-as-Code ❌
📖 Read
via "Threatpost".
Companies are looking to "shift left" with Infrastructure-as-Code (IaC) security capabilities to boost improve developer productivity, avoid misconfigurations and prevent policy violations.📖 Read
via "Threatpost".
Threat Post
Podcast: Shifting Cloud Security Left With Infrastructure-as-Code
Companies are looking to "shift left" with Infrastructure-as-Code (IaC) security capabilities to improve developer productivity, avoid misconfigurations and prevent policy violations.
🕴 Why DevSecOps Is Critical for Containers and Kubernetes 🕴
📖 Read
via "Dark Reading: ".
DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.📖 Read
via "Dark Reading: ".
Dark Reading
Why DevSecOps Is Critical for Containers and Kubernetes
DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.
🕴 Cyber Subterfuge and Curious Sharks Threaten the World's Subsea Fiber-Optic Cables 🕴
📖 Read
via "Dark Reading: ".
Malware, spies, and hackers, plus erosion and sharks, pose huge risks to the fiber optics that transmit almost all the world's data.📖 Read
via "Dark Reading: ".
Dark Reading
Cyber Subterfuge and Curious Sharks Threaten the World's Subsea Fiber-Optic Cables
Malware, spies, and hackers, plus erosion and sharks, pose huge risks to the fiber optics that transmit almost all the world's data.