π΄ Google Chrome Redesign Puts Security & Privacy in Users' Hands π΄
π Read
via "Dark Reading: ".
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.π Read
via "Dark Reading: ".
Dark Reading
Google Chrome Redesign Puts Security & Privacy in Users' Hands
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
π Chrome, Firefox Introduce New Password Security Features π
π Read
via "Subscriber Blog RSS Feed ".
The line between browsers and password managers keeps blurring. Firefox and Chrome recently incorporated new ways for users to tell if passwords theyβre using are compromised.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Chrome, Firefox Introduce New Password Security Features
The line between browsers and password managers keeps blurring. Firefox and Chrome recently incorporated new ways for users to tell if passwords theyβre using are compromised.
π Productive pandemic: Searches for free online courses are up 309% π
π Read
via "Security on TechRepublic".
Available online classes include ways to upgrade your resume, add to current skills, or land a better job.π Read
via "Security on TechRepublic".
TechRepublic
Productive pandemic: Searches for free online courses are up 309%
Available online classes include ways to upgrade your resume, add to current skills, or land a better job.
π΄ Magecart Plants Card Skimmers via Old Magento Plugin Flaw π΄
π Read
via "Dark Reading: ".
The FBI has warned ecommerce sites about attacks targeting a more than three-year-old flaw in the Magmi mass importer.π Read
via "Dark Reading: ".
Dark Reading
Magecart Plants Card Skimmers via Old Magento Plugin Flaw
The FBI has warned ecommerce sites about attacks targeting a more than three-year-old flaw in the Magmi mass importer.
ATENTIONβΌ New - CVE-2019-11048
π Read
via "National Vulnerability Database".
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.π Read
via "National Vulnerability Database".
β FBI finally unlock shooterβs iPhones, berate Apple for not helping β
π Read
via "Naked Security".
The FBI's Apple problem.π Read
via "Naked Security".
Sophos News
FBI finally unlock shooterβs iPhones, Apple berated for not helping
The FBIβs Apple problem.
ATENTIONβΌ New - CVE-2019-5997
π Read
via "National Vulnerability Database".
Video Insight VMS 7.5 and earlier allows remote attackers to conduct code injection attacks via unspecified vectors.π Read
via "National Vulnerability Database".
β Office 365 exposed some internal search results to other companies β
π Read
via "Naked Security".
Itβs not clear how many accounts were involved, but Microsoft is said to have made URLs and metadata available so admins can investigate.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π Dark Web sees rise in postings selling access to corporate networks π
π Read
via "Security on TechRepublic".
These postings provide cybercriminals with the information needed to hack into networks where they can infect critical machines with malware, according to Positive Technologies.π Read
via "Security on TechRepublic".
β Alleged Hacker Behind Massive βCollection 1β Data Dump Arrested β
π Read
via "Threatpost".
The threat actor known as βSanixβ had terabytes of stolen credentials at his residence, authorities said.π Read
via "Threatpost".
Threat Post
Alleged Hacker Behind Massive βCollection 1β Data Dump Arrested
The threat actor known as βSanixβ had terabytes of stolen credentials at his residence, authorities said.
π Open source security report finds library-induced flaws in 70% of applications π
π Read
via "Security on TechRepublic".
Problems are everywhere, but most fixes are easy to find and implement, according to a Veracode report that analyzed .π Read
via "Security on TechRepublic".
TechRepublic
Open source security report finds library-induced flaws in 70% of applications
Problems are everywhere, but most fixes are easy to find and implement, according to a Veracode report that analyzed .
π΄ Is Zero Trust the Best Answer to the COVID-19 Lockdown? π΄
π Read
via "Dark Reading: ".
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.π Read
via "Dark Reading: ".
Dark Reading
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
β Verizon DBIR: Web App Attacks and Security Errors Surge β
π Read
via "Threatpost".
Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year's Data Breach Investigations Report.π Read
via "Threatpost".
Threat Post
Verizon DBIR: Web App Attacks and Security Errors Surge
Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year's Data Breach Investigations Report.
π΄ Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say π΄
π Read
via "Dark Reading: ".
As COVID-19-themed spam rises, phishing-not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.π Read
via "Dark Reading: ".
Dark Reading
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
As COVID-19-themed spam rises, phishing-not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.
π New phishing campaign impersonates LogMeIn to steal user credentials π
π Read
via "Security on TechRepublic".
LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security.π Read
via "Security on TechRepublic".
TechRepublic
New phishing campaign impersonates LogMeIn to steal user credentials
LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security.
π Nearly 70% of major companies will increase cybersecurity spending post-coronavirus π
π Read
via "Security on TechRepublic".
With more people working from home, cybercrimes skyrocketed, forcing companies to rethink tech budgets, LearnBonds found.π Read
via "Security on TechRepublic".
TechRepublic
Nearly 70% of major companies will increase cybersecurity spending post-coronavirus
With more people working from home, cybercrimes skyrocketed, forcing companies to rethink tech budgets, LearnBonds found.
π Working from home: Why it takes a pandemic to improve work-life "fusion" π
π Read
via "Security on TechRepublic".
Adjusting to remote work has created many opportunities and challenges in business and IT.π Read
via "Security on TechRepublic".
TechRepublic
Working from home: Why it takes a pandemic to improve work-life "fusion"
Adjusting to remote work has created many opportunities and challenges in business and IT.
π΄ Microsoft Warns of Vulnerability Affecting Windows DNS Server π΄
π Read
via "Dark Reading: ".
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
ATENTIONβΌ New - CVE-2020-10726
π Read
via "National Vulnerability Database".
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-10725
π Read
via "National Vulnerability Database".
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.π Read
via "National Vulnerability Database".
π Wireshark Analyzer 3.2.4 π
π Go!
via "Security Tool Files β Packet Storm".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Wireshark Analyzer 3.2.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers