ATENTIONβΌ New - CVE-2018-16848
π Read
via "National Vulnerability Database".
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-18869
π Read
via "National Vulnerability Database".
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.π Read
via "National Vulnerability Database".
β Youβve heard of sextortion β now thereβs βbreachstortionβ, too.. β
π Read
via "Naked Security".
Sextortion again - but with "we hacked your website and stole all your data" instead of "we hacked your webcam and made a video".π Read
via "Naked Security".
Naked Security
Youβve heard of sextortion β now thereβs βbreachstortionβ, too
Sextortion again β but with βwe hacked your website and stole all your dataβ instead of βwe hacked your webcam and made a videoβ.
π΄ Microsoft Releases Update for DoS Flaw in .NET Core π΄
π Read
via "Dark Reading: ".
Customers are advised to install the latest version of PowerShell to fully address CVE-2020-1108.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π Top 5 things to know about security breaches π
π Read
via "Security on TechRepublic".
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about security breaches
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.
π Top 5 things to know about security breaches π
π Read
via "Security on TechRepublic".
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about security breaches
Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches.
ATENTIONβΌ New - CVE-2019-20838
π Read
via "National Vulnerability Database".
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21246
π Read
via "National Vulnerability Database".
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2018-21245
π Read
via "National Vulnerability Database".
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.π Read
via "National Vulnerability Database".
β WFH Alert: Critical Bug Found in Old D-Link Router Models β
π Read
via "Threatpost".
Researchers find six bugs in consumer D-Link DIR-865L Wireless AC 1750 Dual Band Cloud Router.π Read
via "Threatpost".
Threat Post
WFH Alert: Critical Bug Found in Old D-Link Router Models
Researchers find six bugs in consumer D-Link DIR-865L Wireless AC 1750 Dual Band Cloud Router.
β Intel Adds Anti-Malware Protection in Tiger Lake CPUs β
π Read
via "Threatpost".
Intel's Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks.π Read
via "Threatpost".
Threat Post
Intel Adds Anti-Malware Protection in Tiger Lake CPUs
Intel's Tiger Lake CPUs will come with Control-flow Enforcement Technology (CET), aimed at battling common control-flow hijacking attacks.
π΄ Intel Tackles Malware Related to Memory Security at Hardware Level π΄
π Read
via "Dark Reading: ".
New control-flow enforcement technology will become available with upcoming Tiger Lake mobile processor, chipmaker says.π Read
via "Dark Reading: ".
Dark Reading
Intel Tackles Malware Related to Memory Security at Hardware Level
New control-flow enforcement technology will become available with upcoming Tiger Lake mobile processor, chipmaker says.
π Following Breach, Marketplace Minted Target of New CCPA Lawsuit π
π Read
via "Subscriber Blog RSS Feed ".
The online marketplace, which specializes in greeting cards and wedding invites, was hit with a class action lawsuit under the California Consumer Privacy Act last week, alleging it failed to protect its customers PII.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Following Breach, Marketplace Minted Target of New CCPA Lawsuit
The online marketplace, which specializes in greeting cards and wedding invites, was hit with a class action lawsuit under the California Consumer Privacy Act last week, alleging it failed to protect its customers PII.
β Twitter Disrupts Wide-Ranging Political Disinformation Campaigns β
π Read
via "Threatpost".
This removal, of 32K accounts, is not the first time Twitter has taken action to protect its users from influence operations. Researchers weighed in on the practice with Threatpost.π Read
via "Threatpost".
Threat Post
Twitter Disrupts Wide-Ranging Political Disinformation Campaigns
This removal, of 32K accounts, is not the first time Twitter has taken action to protect its users from influence operations. Researchers weighed in on the practice with Threatpost.
π΄ Now-Former eBay Security Team Members Charged in Bizarre Cyberstalking Campaign π΄
π Read
via "Dark Reading: ".
A bloody pig mask, doxing threats, and a foiled surveillance attempt were among the actions six ex-eBay employees took against an editor and publisher of a newsletter.π Read
via "Dark Reading: ".
Dark Reading
Now-Former eBay Security Team Members Charged in Bizarre Cyberstalking Campaign
A bloody pig mask, doxing threats, and a foiled surveillance attempt were among the actions six ex-eBay employees took against an editor and publisher of a newsletter.
π΄ Ryuk Continues to Dominate Ransomware Response Cases π΄
π Read
via "Dark Reading: ".
Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in.π Read
via "Dark Reading: ".
Dark Reading
Ryuk Continues to Dominate Ransomware Response Cases
Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in.
β Shadow IT: Why Itβs Still a Major Risk in Todayβs Environments β
π Read
via "Threatpost".
According to industry analyst firm Gartner, as many as one-third of successful attacks on enterprises target data that are housed in unsanctioned IT resources.π Read
via "Threatpost".
Threat Post
Shadow IT: Why Itβs Still a Major Risk in Todayβs Environments
As employees grow accustomed to cloud-based consumer applications, it's become challenging for IT and security teams to maintain visibility and control.
β Eavesdroppers can use light bulbs to listen in from afar β
π Read
via "Naked Security".
Researchers have developed an ingenious way to eavesdrop from a distance without relying on planted bugs: they just stare at a light bulb.π Read
via "Naked Security".
Naked Security
Eavesdroppers can use light bulbs to listen in from afar
Researchers have developed an ingenious way to eavesdrop from a distance without relying on planted bugs: they just stare at a light bulb.
β βAnonymousβ takes down Atlanta Police Dept. site after police shooting β
π Read
via "Naked Security".
Hackers affiliating themselves with the hacktivist label have joined the Black Lives Matter backlash after a fatal police shooting on Friday.π Read
via "Naked Security".
Naked Security
βAnonymousβ takes down Atlanta Police Dept. site after police shooting
Hackers affiliating themselves with the hacktivist label have joined the Black Lives Matter backlash after a fatal police shooting on Friday.
π΄ IoT Security Trends & Challenges in the Wake of COVID-19 π΄
π Read
via "Dark Reading: ".
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.π Read
via "Dark Reading: ".
Dark Reading
IoT Security Trends & Challenges in the Wake of COVID-19
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
π How to protect your organization's domain from security threats π
π Read
via "Security on TechRepublic".
Unlocked domains are susceptible to malicious tactics that can lead to unauthorized DNS changes and domain name hijacking, says CSC.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your organization's domain from security threats
Unlocked domains are susceptible to malicious tactics that can lead to unauthorized DNS changes and domain name hijacking, says CSC.