ATENTIONβΌ New - CVE-2019-11843
π Read
via "National Vulnerability Database".
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-18625
π Read
via "National Vulnerability Database".
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-18624
π Read
via "National Vulnerability Database".
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-18623
π Read
via "National Vulnerability Database".
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.π Read
via "National Vulnerability Database".
π NSA Warns of Exim Flaw Being Exploited by Russian Actors π
π Read
via "Subscriber Blog RSS Feed ".
In an advisory last week, the NSA warned that a flaw in the Exim mail transfer agent (MTA) has been exploited by Russian cyber military actors since last August.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
NSA Warns of Exim Flaw Being Exploited by Russian Actors
In an advisory last week, the NSA warned that a flaw in the Exim mail transfer agent (MTA) has been exploited by Russian cyber military actors since last August.
π΄ Amtrak Breach Rolls Over Frequent Travelers π΄
π Read
via "Dark Reading: ".
The breach exposed usernames and passwords of an undisclosed number of program members.π Read
via "Dark Reading: ".
Dark Reading
Amtrak Breach Rolls Over Frequent Travelers
The breach exposed usernames and passwords of an undisclosed number of program members.
π΄ Companies Fall Short on Mandatory Reporting of Cybercrimes π΄
π Read
via "Dark Reading: ".
Understaffed and under fire, companies fail to report cybercrimes even when they are legally obligated to notify authorities, results of a new survey show.π Read
via "Dark Reading: ".
Dark Reading
Companies Fall Short on Mandatory Reporting of Cybercrimes
Understaffed and under fire, companies fail to report cybercrimes even when they are legally obligated to notify authorities, results of a new survey show.
π΄ Mobile Phishing Attacks Increase Sharply π΄
π Read
via "Dark Reading: ".
Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests.π Read
via "Dark Reading: ".
Dark Reading
Mobile Phishing Attacks Increase Sharply
Organizations need to include smartphones and tablets in their phishing mitigation strategies, a new report suggests.
π΄ 10 Tips for Maintaining Information Security During Layoffs π΄
π Read
via "Dark Reading: ".
Insider cyber threats are always an issue during layoffs -- but with record numbers of home office workers heading for the unemployment line, it's never been harder to maintain cybersecurity during offboarding.π Read
via "Dark Reading: ".
Dark Reading
10 Tips for Maintaining Information Security During Layoffs
Insider cyber threats are always an issue during layoffs -- but with record numbers of home office workers heading for the unemployment line, it's never been harder to maintain cybersecurity during offboarding.
β Joomla Resources Directory Users Exposed in Leaky AWS Bucket β
π Read
via "Threatpost".
Full backup copies of website, including all user data, was exposed for 2,700 JRD users.π Read
via "Threatpost".
Threat Post
Joomla Resources Directory Users Exposed in Leaky AWS Bucket
Full backup copies of website, including all user data, was exposed for 2,700 JRD users.
β We won! Naked Security scoops βLegends of securityβ award β
π Read
via "Naked Security".
We're absolutely delighted - delighted and proud! - to report that we won not one but two awards at last night's European Security Blogger Awards 2020.π Read
via "Naked Security".
Naked Security
We won! Naked Security scoops βLegends of securityβ award
Weβre absolutely delighted β delighted and proud! β to report that we won not one but two awards at last nightβs European Security Blogger Awards 2020.
π Return to work: Three tech jobs that companies will be trying to fill π
π Read
via "Security on TechRepublic".
Cybersecurity, remote IT troubleshooting and cloud support will be the most sought-after skills for businesses in the months following the COVID-19 pandemic, according to a survey of CIOs and tech executives.π Read
via "Security on TechRepublic".
TechRepublic
Return to work: Three tech jobs that companies will be trying to fill
Cybersecurity, remote IT troubleshooting and cloud support will be the most sought-after skills for businesses in the months following the COVID-19 pandemic, according to a survey of CIOs and tech executives.
π Report: Working from home jeopardizes network security π
π Read
via "Security on TechRepublic".
Here's how employees in the US, UK, France and Germany are putting systems at risk, according to CyberArk.π Read
via "Security on TechRepublic".
TechRepublic
Report: Working from home jeopardizes network security
Here's how employees in the US, UK, France and Germany are putting systems at risk, according to CyberArk.
π Data breaches cost US companies more than $1.2 trillion last year π
π Read
via "Security on TechRepublic".
Unauthorized access was the most common type of attack in 2019, and it was responsible for 40% of all data breaches, says ForgeRock.π Read
via "Security on TechRepublic".
TechRepublic
Data breaches cost US companies more than $1.2 trillion last year
Unauthorized access was the most common type of attack in 2019, and it was responsible for 40% of all data breaches, says ForgeRock.
β Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic β
π Read
via "Threatpost".
Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.π Read
via "Threatpost".
Threat Post
Enterprise Mobile Phishing Attacks Skyrocket Amidst Pandemic
Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.
π΄ Social Distancing for Healthcare's IoT Devices π΄
π Read
via "Dark Reading: ".
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.π Read
via "Dark Reading: ".
Dark Reading
Social Distancing for Healthcare's IoT Devices
Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.
β Amtrak breached, some customersβ logins and PII potentially exposed β
π Read
via "Naked Security".
The US rail service hasn't disclosed the number of passengers affected in a 16 April breach.π Read
via "Naked Security".
Naked Security
Amtrak breached, some customersβ logins and PII potentially exposed
The US rail service hasnβt disclosed the number of passengers affected in a 16 April breach.
β VMware flaw allows takeover of multiple private clouds β
π Read
via "Naked Security".
VMWareβs VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure.π Read
via "Naked Security".
Naked Security
VMware flaw allows takeover of multiple private clouds
VMWareβs VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure.
π How to restrict the Nextcloud ONLYOFFICE to groups π
π Read
via "Security on TechRepublic".
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.π Read
via "Security on TechRepublic".
TechRepublic
How to restrict the Nextcloud ONLYOFFICE to groups
If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.
π΄ Many Exchange Servers Are Still Vulnerable to Remote Exploit π΄
π Read
via "Dark Reading: ".
A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.π Read
via "Dark Reading: ".
Darkreading
Many Exchange Servers Are Still Vulnerable to Remote Exploit
A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.
β Critical SAP ASE Flaws Allow Complete Control of Databases β
π Read
via "Threatpost".
Researchers warn of critical flaws in SAP's Sybase Adaptive Server Enterprise software.π Read
via "Threatpost".
Threat Post
Critical SAP ASE Flaws Allow Complete Control of Databases
Researchers warn of critical flaws in SAP's Sybase Adaptive Server Enterprise software.