π΄ Canada's Fitness Depot Alerts Customers to Data Breach π΄
π Read
via "Dark Reading: ".
The retailer reports cybercriminals infected its online store and used a fraudulent form to steal shoppers' information.π Read
via "Dark Reading: ".
Dark Reading
Canada's Fitness Depot Alerts Customers to Data Breach
The retailer reports cybercriminals infected its online store and used a fraudulent form to steal shoppers' information.
ATENTIONβΌ New - CVE-2019-19412
π Read
via "National Vulnerability Database".
Some Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. The affected products and versions are: ALP-AL00B Versions earlier than 9.0.0.181(C00E87R2P20T8) ALP-L09 Versions earlier than 9.0.0.201(C432E4R1P9) ALP-L29 Versions earlier than 9.0.0.177(C185E2R1P12T8), Versions earlier than 9.0.0.195(C636E2R1P12) Anne-AL00 Versions earlier than 8.0.0.168(C00) BLA-AL00B Versions earlier than 9.0.0.181(C00E88R2P15T8) BLA-L09C Versions earlier than 9.0.0.177(C185E2R1P13T8), Versions earlier than 9.0.0.206(C432E4R1P11) BLA-L29C Versions earlier than 9.0.0.179(C576E2R1P7T8), Versions earlier than 9.0.0.194(C185E2R1P13), Versions earlier than 9.0.0.206(C432E4R1P11), Versions earlier than 9.0.0.210(C635E4R1P13) Berkeley-AL20 Versions earlier than 9.0.0.156(C00E156R2P14T8) Berkeley-L09 Versions earlier than 8.0.0.172(C432), Versions earlier than 8.0.0.173(C636) Emily-L29C Versions earlier than 9.0.0.159(C185E2R1P12T8), Versions earlier than 9.0.0.159(C461E2R1P11T8), Versions earlier than 9.0.0.160(C432E7R1P11T8), Versions earlier than 9.0.0.165(C605E2R1P12), Versions earlier than 9.0.0.168(C636E7R1P13T8), Versions earlier than 9.0.0.168(C782E3R1P11T8), Versions earlier than 9.0.0.196(C635E2R1P11T8) Figo-L03 Versions earlier than 9.1.0.130(C605E6R1P5T8) Figo-L21 Versions earlier than 9.1.0.130(C185E6R1P5T8), Versions earlier than 9.1.0.130(C635E6R1P5T8) Figo-L23 Versions earlier than 9.1.0.130(C605E6R1P5T8) Figo-L31 Versions earlier than 9.1.0.130(C432E8R1P5T8) Florida-L03 Versions earlier than 9.1.0.121(C605E5R1P1T8) Florida-L21 Versions earlier than 8.0.0.129(C605), Versions earlier than 8.0.0.131(C432), Versions earlier than 8.0.0.132(C185) Florida-L22 Versions earlier than 8.0.0.132(C636) Florida-L23 Versions earlier than 8.0.0.144(C605) HUAWEI P smart Versions earlier than 9.1.0.130(C185E6R1P5T8), Versions earlier than 9.1.0.130(C605E6R1P5T8) HUAWEI P smart, HUAWEI Y7s Versions earlier than 9.1.0.124(C636E6R1P5T8) HUAWEI P20 lite Versions earlier than 8.0.0.148(C635), Versions earlier than 8.0.0.155(C185), Versions earlier than 8.0.0.155(C605), Versions earlier than 8.0.0.156(C605), Versions earlier than 8.0.0.157(C432) HUAWEI nova 3e, HUAWEI P20 lite Versions earlier than 8.0.0.147(C461), Versions earlier than 8.0.0.148(ZAFC185), Versions earlier than 8.0.0.160(C185), Versions earlier than 8.0.0.160(C605), Versions earlier than 8.0.0.168(C432), Versions earlier than 8.0.0.172(C636) Honor View 10 Versions earlier than 9.0.0.202(C567E6R1P12T8) Leland-AL00A Versions earlier than 8.0.0.182(C00) Leland-L21A Versions earlier than 8.0.0.135(C185), Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L22A Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L22C Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L31A Versions earlier than 8.0.0.139(C432)π Read
via "National Vulnerability Database".
β Singaporeβs Contact Tracing Wearable Causes Privacy Backlash β
π Read
via "Threatpost".
Thousands have signed a petition that underscores data privacy issues with Singapore's newly announced contact-tracing wearable, in development.π Read
via "Threatpost".
Threat Post
Singaporeβs Contact Tracing Wearable Causes Privacy Backlash
Thousands have signed a petition that underscores data privacy issues with Singapore's newly announced contact-tracing wearable, in development.
π΄ Chinese and Iranian APT Groups Targeted US Presidential Campaigns π΄
π Read
via "Dark Reading: ".
Google analysts report advanced persistent threat groups linked to China and Iran launched phishing attacks against the Biden and Trump campaigns.π Read
via "Dark Reading: ".
Dark Reading
Chinese and Iranian APT Groups Targeted US Presidential Campaigns
Google analysts report advanced persistent threat groups linked to China and Iran launched phishing attacks against the Biden and Trump campaigns.
π΄ DARPA Launches Bug Bounty Program π΄
π Read
via "Dark Reading: ".
Unlike most crowdsourced vulnerability-hunting projects, this one is targeted at hardware defenses.π Read
via "Dark Reading: ".
Dark Reading
DARPA Launches Bug Bounty Program
Unlike most crowdsourced vulnerability-hunting projects, this one is targeted at hardware defenses.
π 10 takeaways from Mimecast's 2020 email security report π
π Read
via "Security on TechRepublic".
Phishing is on the rise, ransomware continues to be a threat, and email exploits are more popular than ever. Here are the email security risks, and what you can do about them, in 2020.π Read
via "Security on TechRepublic".
TechRepublic
10 takeaways from Mimecast's 2020 email security report
Phishing is on the rise, ransomware continues to be a threat, and email exploits are more popular than ever. Here are the email security risks, and what you can do about them, in 2020.
β Brave CEO apologises for adding affiliate links to URLs β
π Read
via "Naked Security".
The Brave browser has provoked unhappiness among some of its users after being caught redirecting searches to affiliate links that earned it commission.π Read
via "Naked Security".
Naked Security
Brave CEO apologises for adding affiliate links to URLs
The Brave browser has provoked unhappiness among some of its users after being caught redirecting searches to affiliate links that earned it commission.
π Security faux pas: 56% of employees use personal computers to WFH π
π Read
via "Security on TechRepublic".
Using nonwork authorized tech at home places company data at risk, especially since 23% of employees are unsure what security protocols exist on their devices, Morphisec found.π Read
via "Security on TechRepublic".
TechRepublic
Security faux pas: 56% of employees use personal computers to WFH
Using nonwork authorized tech at home places company data at risk, especially since 23% of employees are unsure what security protocols exist on their devices, Morphisec found.
π Cybercrime against retail brands is up 41% during pandemic π
π Read
via "Security on TechRepublic".
A dramatic uptick in scams, counterfeiting, and hacking plague retail and e-commerce industries during the coronavirus crisis, as businesses try to define their new normal.π Read
via "Security on TechRepublic".
TechRepublic
Cybercrime against retail brands is up 41% during pandemic
A dramatic uptick in scams, counterfeiting, and hacking plague retail and e-commerce industries during the coronavirus crisis, as businesses try to define their new normal.
β Cryptomining criminals under the spotlight β a SophosLabs report β
π Read
via "Naked Security".
A new SophosLabs report takes you inside a cryptomining gang.π Read
via "Naked Security".
Naked Security
Cryptomining criminals under the spotlight β a SophosLabs report
A new SophosLabs report takes you inside a cryptomining gang.
π΄ CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond π΄
π Read
via "Dark Reading: ".
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.π Read
via "Dark Reading: ".
Dark Reading
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
π A strong relationship between security and engineering teams accelerates the transition to DevSecOps π
π Read
via "Security on TechRepublic".
Embracing an "everyone is part of the security team" approach shifts DevOps to DevSecOps, according to a report from Cobalt.io.π Read
via "Security on TechRepublic".
TechRepublic
A strong relationship between security and engineering teams accelerates the transition to DevSecOps
Embracing an "everyone is part of the security team" approach shifts DevOps to DevSecOps, according to a report from Cobalt.io.
β Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years β
π Read
via "Threatpost".
Thousands of journalists, advocacy groups and politicians worldwide were targeted by Dark Basin.π Read
via "Threatpost".
Threat Post
Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years
Thousands of journalists, advocacy groups and politicians worldwide were targeted by Dark Basin.
π΄ Honda Pauses Production Due to Cyberattack π΄
π Read
via "Dark Reading: ".
The attack reportedly infected internal servers and forced Honda to halt production at plants around the world on Monday.π Read
via "Dark Reading: ".
Dark Reading
Honda Pauses Production Due to Cyberattack
The attack reportedly infected internal servers and forced Honda to halt production at plants around the world on Monday.
β Adobe Warns of Critical Flaws in Flash Player, Framemaker β
π Read
via "Threatpost".
Critical Adobe Flash Player and Framemaker flaws could enable arbitrary code execution.π Read
via "Threatpost".
Threat Post
Adobe Warns of Critical Flaws in Flash Player, Framemaker
Critical Adobe Flash Player and Framemaker flaws could enable arbitrary code execution.
β Facebook labels βstate-controlledβ Russian, Chinese, Iranian media β
π Read
via "Naked Security".
Facebook users will see notices labeling "state-controlled media", based on criteria such as funding, editorial independence, ownership structure and more.π Read
via "Naked Security".
Naked Security
Facebook labels βstate-controlledβ Russian, Chinese, Iranian media
Facebook users will see notices labeling βstate-controlled mediaβ, based on criteria such as funding, editorial independence, ownership structure and more.
π Haveged 1.9.9 π
π Go!
via "Security Tool Files β Packet Storm".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Haveged 1.9.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Hack-for-Hire Firm Connected to Attacks on Nonprofits, Journalists π΄
π Read
via "Dark Reading: ".
The Dark Basin group behind thousands of phishing and malware attacks is likely an India-based "ethical hacking" firm that works on behalf of commercial clients.π Read
via "Dark Reading: ".
Dark Reading
Hack-for-Hire Firm Connected to Attacks on Nonprofits, Journalists
The Dark Basin group behind thousands of phishing and malware attacks is likely an India-based ethical hacking firm that works on behalf of commercial clients.
β Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool β
π Read
via "Threatpost".
The FlowCloud modular remote-access trojan (RAT) has overlaps with the LookBack malware.π Read
via "Threatpost".
Threat Post
Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
The FlowCloud RAT has overlaps with the LookBack malware and possibly China-linked APT10.
π΄ Will Vote-by-App Ever Be Safe? π΄
π Read
via "Dark Reading: ".
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.π Read
via "Dark Reading: ".
Dark Reading
Will Vote-by-App Ever Be Safe?
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.
β Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update β
π Read
via "Threatpost".
The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs.π Read
via "Threatpost".
Threat Post
Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update
The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs.