β Congress wants to know who is using spyware against the US β
π Read
via "Naked Security".
A 2021 intelligence funding draft bill mandates a report on surveillance vendors and which countries or other actors are using spyware.π Read
via "Naked Security".
Naked Security
Congress wants to know who is using spyware against the US
A 2021 intelligence funding draft bill mandates a report on surveillance vendors and which countries or other actors are using spyware.
ATENTIONβΌ New - CVE-2019-19112
π Read
via "National Vulnerability Database".
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19111
π Read
via "National Vulnerability Database".
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19110
π Read
via "National Vulnerability Database".
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19109
π Read
via "National Vulnerability Database".
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-16848
π Read
via "National Vulnerability Database".
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18869
π Read
via "National Vulnerability Database".
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.π Read
via "National Vulnerability Database".
β Youβve heard of sextortion β now thereβs βbreachstortionβ, too.. β
π Read
via "Naked Security".
Sextortion again - but with "we hacked your website and stole all your data" instead of "we hacked your webcam and made a video".π Read
via "Naked Security".
Naked Security
Youβve heard of sextortion β now thereβs βbreachstortionβ, too
Sextortion again β but with βwe hacked your website and stole all your dataβ instead of βwe hacked your webcam and made a videoβ.
π΄ Microsoft Releases Update for DoS Flaw in .NET Core π΄
π Read
via "Dark Reading: ".
Customers are advised to install the latest version of PowerShell to fully address CVE-2020-1108.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π Top 5 things to know about security breaches π
π Read
via "Security on TechRepublic".
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about security breaches
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.
π Top 5 things to know about security breaches π
π Read
via "Security on TechRepublic".
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about security breaches
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.
ATENTIONβΌ New - CVE-2019-20838
π Read
via "National Vulnerability Database".
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21246
π Read
via "National Vulnerability Database".
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21245
π Read
via "National Vulnerability Database".
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.π Read
via "National Vulnerability Database".
β WFH Alert: Critical Bug Found in Old D-Link Router Models β
π Read
via "Threatpost".
Researchers find six bugs in consumer D-Link DIR-865L Wireless AC 1750 Dual Band Cloud Router.π Read
via "Threatpost".
Threat Post
WFH Alert: Critical Bug Found in Old D-Link Router Models
Researchers find six bugs in consumer D-Link DIR-865L Wireless AC 1750 Dual Band Cloud Router.
β Intel Adds Anti-Malware Protection in Tiger Lake CPUs β
π Read
via "Threatpost".
Intel's Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks.π Read
via "Threatpost".
Threat Post
Intel Adds Anti-Malware Protection in Tiger Lake CPUs
Intel's Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks.
π΄ Intel Tackles Malware Related to Memory Security at Hardware Level π΄
π Read
via "Dark Reading: ".
New control-flow enforcement technology will become available with upcoming Tiger Lake mobile processor, chipmaker says.π Read
via "Dark Reading: ".
Dark Reading
Intel Tackles Malware Related to Memory Security at Hardware Level
New control-flow enforcement technology will become available with upcoming Tiger Lake mobile processor, chipmaker says.
π Following Breach, Marketplace Minted Target of New CCPA Lawsuit π
π Read
via "Subscriber Blog RSS Feed ".
The online marketplace, which specializes in greeting cards and wedding invites, was hit with a class action lawsuit under the California Consumer Privacy Act last week, alleging it failed to protect its customers PII.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Following Breach, Marketplace Minted Target of New CCPA Lawsuit
The online marketplace, which specializes in greeting cards and wedding invites, was hit with a class action lawsuit under the California Consumer Privacy Act last week, alleging it failed to protect its customers PII.
β Twitter Disrupts Wide-Ranging Political Disinformation Campaigns β
π Read
via "Threatpost".
This removal, of 32K accounts, is not the first time Twitter has taken action to protect its users from influence operations. Researchers weighed in on the practice with Threatpost.π Read
via "Threatpost".
Threat Post
Twitter Disrupts Wide-Ranging Political Disinformation Campaigns
This removal, of 32K accounts, is not the first time Twitter has taken action to protect its users from influence operations. Researchers weighed in on the practice with Threatpost.
π΄ Now-Former eBay Security Team Members Charged in Bizarre Cyberstalking Campaign π΄
π Read
via "Dark Reading: ".
A bloody pig mask, doxing threats, and a foiled surveillance attempt were among the actions six ex-eBay employees took against an editor and publisher of a newsletter.π Read
via "Dark Reading: ".
Dark Reading
Now-Former eBay Security Team Members Charged in Bizarre Cyberstalking Campaign
A bloody pig mask, doxing threats, and a foiled surveillance attempt were among the actions six ex-eBay employees took against an editor and publisher of a newsletter.
π΄ Ryuk Continues to Dominate Ransomware Response Cases π΄
π Read
via "Dark Reading: ".
Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in.π Read
via "Dark Reading: ".
Dark Reading
Ryuk Continues to Dominate Ransomware Response Cases
Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in.