β How scammers abuse Google Searchβs open redirect feature β
π Read
via "Naked Security".
Google Search uses open redirects by design, which is handy if you're a scammer trying to hide an iffy-looking URL.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Paying Ransomware Crooks Doubles Clean-up Costs, Report β
π Read
via "Threatpost".
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.π Read
via "Threatpost".
Threat Post
Paying Ransomware Crooks Doubles Clean-up Costs, Report
Paying ransom to cybercriminals costs companies hit with ransomware attacks more than recovering data on their own, according to a new research.
β S2 Ep 39: Thunderspy, government encryption, and reply all mistakes β Naked Security Podcast β
π Read
via "Naked Security".
In this episode Mark discusses government encryption, Duck tells us why turning your computer off is a cool idea and Greg regales us with his reply all woes. Host Anna Brading is joined by Sophos experts Mark Stockley, Paul Ducklin, Greg Iddon and Producer Alice Duckett. Listen now! LISTEN NOW Click-and-drag on the soundwaves below [β¦]π Read
via "Naked Security".
Naked Security
S2 Ep 39: Thunderspy, government encryption, and reply all mistakes β Naked Security Podcast
Reply all woes, DHS says no to DoH and why turning your computer off is good for security.
π΄ 4 Challenges with Existing VPNs π΄
π Read
via "Dark Reading: ".
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.π Read
via "Dark Reading: ".
Dark Reading
4 Challenges with Existing VPNs
A VPN is a step in the right direction, but it's not the be-all and end-all when it comes to security and falls short in many ways.
π How to restrict the Nextcloud ONLYOFFICE to groups π
π Read
via "Security on TechRepublic".
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to restrict the Nextcloud ONLYOFFICE to groups
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.
π Coronavirus-themed phishing templates used to capture personal information π
π Read
via "Security on TechRepublic".
Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.π Read
via "Security on TechRepublic".
TechRepublic
Coronavirus-themed phishing templates used to capture personal information
Spoofing government and health organizations, these templates help attackers create and customize their own phishing pages to exploit the COVID-19 pandemic, says Proofpoint.
β Quantum Security Goes Live with Samsung Galaxy β
π Read
via "Threatpost".
Quantum encryption, which has been touted as "unhackable," debuts with Samsung, SK Telecom in a world's first.π Read
via "Threatpost".
Threat Post
Quantum Security Goes Live with Samsung Galaxy
Quantum technology, which has been touted as "unhackable," debuts with Samsung, SK Telecom in a world's first.
β RATicate Group Hits Industrial Firms With Revolving Payloads β
π Read
via "Threatpost".
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.π Read
via "Threatpost".
Threat Post
RATicate Group Hits Industrial Firms With Revolving Payloads
A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.
π΄ The Entertainment Biz Is Changing, But the Cybersecurity Script Is One We've Read Before π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Dark Reading
The Entertainment Biz Is Changing, But the Cybersecurity Script Is One We've Read Before
Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
π Friday Five: 5/15 Edition π
π Read
via "Subscriber Blog RSS Feed ".
ChatBooks suffers a data breach, the Texas court system disables its network following a ransomware attack, and the FBI issues a security warning to healthcare organizations - catch up on the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 5/15 Edition
ChatBooks suffers a data breach, the Texas court system disables its network following a ransomware attack, and the FBI issues a security warning to healthcare organizations - catch up on the week's news with the Friday Five.
ATENTIONβΌ New - CVE-2018-10756
π Read
via "National Vulnerability Database".
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.π Read
via "National Vulnerability Database".
π Average US citizen had personal information stolen at least 4 times in 2019 π
π Read
via "Security on TechRepublic".
A new study of publicly reported data shows the average person experienced a breach every three months last year.π Read
via "Security on TechRepublic".
TechRepublic
Average US citizen had personal information stolen at least 4 times in 2019
A new study of publicly reported data shows the average person experienced a breach every three months last year.
β News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries β
π Read
via "Threatpost".
Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.π Read
via "Threatpost".
Threat Post
News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries
Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.
π΄ Microsoft Open Sources Its Coronavirus Threat Data π΄
π Read
via "Dark Reading: ".
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Templates Make Coronavirus Phishing Campaigns Easy π΄
π Read
via "Dark Reading: ".
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.π Read
via "Dark Reading: ".
Dark Reading
Templates Make Coronavirus Phishing Campaigns Easy
Ready-made website templates make it simple for criminals to create fake government and NGO websites for COVID-19-related phishing campaigns.
ATENTIONβΌ New - CVE-2019-20390
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20389
π Read
via "National Vulnerability Database".
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19721
π Read
via "National Vulnerability Database".
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18666
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization.π Read
via "National Vulnerability Database".
π How to enable SSL on Ubuntu Linux for testing π
π Read
via "Security on TechRepublic".
Sometimes admins need to be able to test a web-based solution before deciding it's worth using. When that software requires SSL, you can enable a snake-oil SSL key for testing purposes.π Read
via "Security on TechRepublic".
TechRepublic
How to enable SSL on Ubuntu Linux for testing | TechRepublic
Sometimes admins need to be able to test a web-based solution before deciding it's worth using. When that software requires SSL, you can enable a snake-oil SSL key for testing purposes.