π΄ CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond π΄
π Read
via "Dark Reading: ".
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.π Read
via "Dark Reading: ".
Dark Reading
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
π A strong relationship between security and engineering teams accelerates the transition to DevSecOps π
π Read
via "Security on TechRepublic".
Embracing an "everyone is part of the security team" approach shifts DevOps to DevSecOps, according to a report from Cobalt.io.π Read
via "Security on TechRepublic".
TechRepublic
A strong relationship between security and engineering teams accelerates the transition to DevSecOps
Embracing an "everyone is part of the security team" approach shifts DevOps to DevSecOps, according to a report from Cobalt.io.
β Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years β
π Read
via "Threatpost".
Thousands of journalists, advocacy groups and politicians worldwide were targeted by Dark Basin.π Read
via "Threatpost".
Threat Post
Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years
Thousands of journalists, advocacy groups and politicians worldwide were targeted by Dark Basin.
π΄ Honda Pauses Production Due to Cyberattack π΄
π Read
via "Dark Reading: ".
The attack reportedly infected internal servers and forced Honda to halt production at plants around the world on Monday.π Read
via "Dark Reading: ".
Dark Reading
Honda Pauses Production Due to Cyberattack
The attack reportedly infected internal servers and forced Honda to halt production at plants around the world on Monday.
β Adobe Warns of Critical Flaws in Flash Player, Framemaker β
π Read
via "Threatpost".
Critical Adobe Flash Player and Framemaker flaws could enable arbitrary code execution.π Read
via "Threatpost".
Threat Post
Adobe Warns of Critical Flaws in Flash Player, Framemaker
Critical Adobe Flash Player and Framemaker flaws could enable arbitrary code execution.
β Facebook labels βstate-controlledβ Russian, Chinese, Iranian media β
π Read
via "Naked Security".
Facebook users will see notices labeling "state-controlled media", based on criteria such as funding, editorial independence, ownership structure and more.π Read
via "Naked Security".
Naked Security
Facebook labels βstate-controlledβ Russian, Chinese, Iranian media
Facebook users will see notices labeling βstate-controlled mediaβ, based on criteria such as funding, editorial independence, ownership structure and more.
π Haveged 1.9.9 π
π Go!
via "Security Tool Files β Packet Storm".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Haveged 1.9.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Hack-for-Hire Firm Connected to Attacks on Nonprofits, Journalists π΄
π Read
via "Dark Reading: ".
The Dark Basin group behind thousands of phishing and malware attacks is likely an India-based "ethical hacking" firm that works on behalf of commercial clients.π Read
via "Dark Reading: ".
Dark Reading
Hack-for-Hire Firm Connected to Attacks on Nonprofits, Journalists
The Dark Basin group behind thousands of phishing and malware attacks is likely an India-based ethical hacking firm that works on behalf of commercial clients.
β Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool β
π Read
via "Threatpost".
The FlowCloud modular remote-access trojan (RAT) has overlaps with the LookBack malware.π Read
via "Threatpost".
Threat Post
Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
The FlowCloud RAT has overlaps with the LookBack malware and possibly China-linked APT10.
π΄ Will Vote-by-App Ever Be Safe? π΄
π Read
via "Dark Reading: ".
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.π Read
via "Dark Reading: ".
Dark Reading
Will Vote-by-App Ever Be Safe?
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.
β Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update β
π Read
via "Threatpost".
The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs.π Read
via "Threatpost".
Threat Post
Microsoft June Patch Tuesday Fixes 129 Flaws in Largest-Ever Update
The June Patch Tuesday update included CVEs for 11 critical remote code-execution vulnerabilities and concerning SMB bugs.
π Macyβs to Settle 2018 Data Breach Class Action Suit π
π Read
via "Subscriber Blog RSS Feed ".
Two years after it happened, the popular department store is electing to settle a class action data breach lawsuit that alleged the company failed to properly secure customer data online.π Read
via "Subscriber Blog RSS Feed ".
π΄ DHS Warns on New Exploit of Windows 10 Vulnerability π΄
π Read
via "Dark Reading: ".
The vulnerability was patched in March, but a new proof of concept raises the stakes for organizations that haven't yet updated their software.π Read
via "Dark Reading: ".
Dark Reading
DHS Warns on New Exploit of Windows 10 Vulnerability
The vulnerability was patched in March, but a new proof of concept raises the stakes for organizations that haven't yet updated their software.
π΄ Vulnerability in Plug-and-Play Protocol Puts Billions of Devices at Risk π΄
π Read
via "Dark Reading: ".
"CallStranger" flaw in UPnP allows attackers to launch DDoS attacks and scan internal ports, security researcher says.π Read
via "Dark Reading: ".
Dark Reading
Vulnerability in Plug-and-Play Protocol Puts Billions of Devices at Risk
CallStranger flaw in UPnP allows attackers to launch DDoS attacks and scan internal ports, security researcher says.
π How to install sudo 1.9 and use the new policy tool π
π Read
via "Security on TechRepublic".
The sudo system is about to undergo some radical changes. Find out how to begin working with the new policy system, to make sudo even more powerful.π Read
via "Security on TechRepublic".
TechRepublic
How to install sudo 1.9 and use the new policy tool
The sudo system is about to undergo some radical changes. Find out how to begin working with the new policy system, to make sudo even more powerful.
π΄ Microsoft Fixes 129 Bugs in Largest Patch Tuesday Release π΄
π Read
via "Dark Reading: ".
The June release of security updates addresses several remote code execution vulnerabilities in SharePoint, Excel, Windows OLE, and other services.π Read
via "Dark Reading: ".
Darkreading
Microsoft Fixes 129 Bugs in Largest Patch Tuesday Release
The June release of security updates addresses several remote code execution vulnerabilities in SharePoint, Excel, Windows OLE, and other services.
ATENTIONβΌ New - CVE-2019-3617
π Read
via "National Vulnerability Database".
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-3613
π Read
via "National Vulnerability Database".
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.π Read
via "National Vulnerability Database".
β Billions of devices affected by UPnP vulnerability β
π Read
via "Naked Security".
Stop us if youβve heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play (UPnP) protocol.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Babylon mobile health app mixes up patient consultation videos β
π Read
via "Naked Security".
A heatlh care app user found 50 "consultation replay" videos in his personal profile - but they weren't his.π Read
via "Naked Security".
Naked Security
Babylon mobile health app mixes up patient consultation videos
A heatlh care app user found 50 βconsultation replayβ videos in his personal profile β but they werenβt his.
β βBot or Not?β β a game to train us to spot chatbots faking it as humans β
π Read
via "Naked Security".
Can you tell whether you're talking to a human or AI?π Read
via "Naked Security".
Naked Security
βBot or Not?β β a game to train us to spot chatbots faking it as humans
Can you tell whether youβre talking to a human or AI?