π΄ IoT Security Trends & Challenges in the Wake of COVID-19 π΄
π Read
via "Dark Reading: ".
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.π Read
via "Dark Reading: ".
Dark Reading
IoT Security Trends & Challenges in the Wake of COVID-19
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
π How to protect your organization's domain from security threats π
π Read
via "Security on TechRepublic".
Unlocked domains are susceptible to malicious tactics that can lead to unauthorized DNS changes and domain name hijacking, says CSC.π Read
via "Security on TechRepublic".
TechRepublic
How to protect your organization's domain from security threats
Unlocked domains are susceptible to malicious tactics that can lead to unauthorized DNS changes and domain name hijacking, says CSC.
π΄ Half of Firms Likely Running Vulnerable Oracle E-Business Suite π΄
π Read
via "Dark Reading: ".
Two security vulnerabilities could open up companies to financial attacks and compliance violations if the software is not updated, Onapsis says.π Read
via "Dark Reading: ".
Dark Reading
Half of Firms Likely Running Vulnerable Oracle E-Business Suite
Two security vulnerabilities could open up companies to financial attacks and compliance violations if the software is not updated, Onapsis says.
π Most Americans say 'No' to coronavirus contact tracing apps π
π Read
via "Security on TechRepublic".
Some 71% of people polled cited privacy concerns as the main reason for not wanting to use a COVID-19 tracing app, says Avira.π Read
via "Security on TechRepublic".
TechRepublic
Most Americans say 'No' to coronavirus contact tracing apps
Some 71% of people polled cited privacy concerns as the main reason for not wanting to use a COVID-19 tracing app, says Avira.
ATENTIONβΌ New - CVE-2019-18614
π Read
via "National Vulnerability Database".
On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending "l2ping -s 600" to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384.π Read
via "National Vulnerability Database".
β βRipple20β Bugs Impact Hundreds of Millions of Connected Devices β
π Read
via "Threatpost".
The vulnerabilities affect everything from printers to insulin pumps to ICS gear.π Read
via "Threatpost".
Threat Post
βRipple20β Bugs Impact Hundreds of Millions of Connected Devices
The vulnerabilities affect everything from printers to insulin pumps to ICS gear.
β Theft of CIAβs βVault 7β Secrets Tied to βWoefully Laxβ Security β
π Read
via "Threatpost".
An internal investigation into the 2016 CIA breach condemned the agency's security measures, saying it βfocused more on building up cyber tools than keeping them secure."π Read
via "Threatpost".
Threat Post
Theft of CIAβs βVault 7β Secrets Tied to βWoefully Laxβ Security
An internal investigation into the 2016 CIA breach condemned the agency's security measures, saying it βfocused more on building up cyber tools than keeping them secure."
β Intel announces βexploit bustingβ features in its next processor chips β
π Read
via "Naked Security".
More bad news for cybercrooks... we hope.π Read
via "Naked Security".
Naked Security
Intel announces βexploit bustingβ features in its next processor chips
More bad news for cybercrooks⦠we hope.
π΄ Cisco Brings SecureX into Full Security Lineup to Cut Complexity π΄
π Read
via "Dark Reading: ".
This step is intended to address growing enterprise concerns around security and complexity, both top of mind among CISOs and CIOs.π Read
via "Dark Reading: ".
Dark Reading
Cisco Brings SecureX into Full Security Lineup to Cut Complexity
This step is intended to address growing enterprise concerns around security and complexity, both top of mind among CISOs and CIOs.
π΄ Ransomware from Your Lawyer's Perspective π΄
π Read
via "Dark Reading: ".
Three good reasons why your incident response team's first call after a data breach should be to outside counsel.π Read
via "Dark Reading: ".
Dark Reading
Ransomware from Your Lawyer's Perspective
Three good reasons why your incident response team's first call after a data breach should be to outside counsel.
π IT pros see increased workload and security threats amid shift to remote working π
π Read
via "Security on TechRepublic".
Malicious emails, risky employee behavior, and a rise in software vulnerabilities are the top threats seen by IT professionals, says Ivanti.π Read
via "Security on TechRepublic".
TechRepublic
IT pros see increased workload and security threats amid shift to remote working
Malicious emails, risky employee behavior, and a rise in software vulnerabilities are the top threats seen by IT professionals, says Ivanti.
π Fabricator Claims Competitor Poached Employees, Then Data π
π Read
via "Subscriber Blog RSS Feed ".
One company is alleging a rival shop lured two of its most senior employees away - along with trade secrets, confidential information, and a list of its customers.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Fabricator Claims Competitor Poached Employees, Then Data
One company is alleging a rival shop lured two of its most senior employees away - along with trade secrets, confidential information, and a list of its customers.
β Adobe Patches 18 Critical Flaws in Out-Of-Band Update β
π Read
via "Threatpost".
Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition.π Read
via "Threatpost".
Threat Post
Adobe Patches 18 Critical Flaws in Out-Of-Band Update
Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition.
π΄ 83% of Forbes 2000 Companies' Web Domains Are Poorly Protected π΄
π Read
via "Dark Reading: ".
Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.π Read
via "Dark Reading: ".
Dark Reading
83% of Forbes 2000 Companies' Web Domains Are Poorly Protected
Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.
β Qbot Trojan Reappears to Go After U.S. Banking Customers β
π Read
via "Threatpost".
The 12-year-old malware is still dangerous, sporting advanced evasion techniques.π Read
via "Threatpost".
Threat Post
Qbot Trojan Reappears to Go After U.S. Banking Customers
The 12-year-old malware is still dangerous, sporting advanced evasion techniques.
π΄ Adobe Releases PDF Protected Mode for Document Cloud π΄
π Read
via "Dark Reading: ".
The preview, open to Windows users, opens PDF files in a sandbox to protect users who open malicious Acrobat documents.π Read
via "Dark Reading: ".
Dark Reading
Adobe Releases PDF Protected Mode for Document Cloud
The preview, open to Windows users, opens PDF files in a sandbox to protect users who open malicious Acrobat documents.
π΄ CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools π΄
π Read
via "Dark Reading: ".
Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.π Read
via "Dark Reading: ".
Dark Reading
CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools
Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.
π΄ 'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices π΄
π Read
via "Dark Reading: ".
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.π Read
via "Dark Reading: ".
Dark Reading
'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.
π΄ Hosting Provider Hit With Largest-Ever DDoS Attack π΄
π Read
via "Dark Reading: ".
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.π Read
via "Dark Reading: ".
Dark Reading
Hosting Provider Hit With Largest-Ever DDoS Attack
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.
ATENTIONβΌ New - CVE-2019-17655
π Read
via "National Vulnerability Database".
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0540
π Read
via "National Vulnerability Database".
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.π Read
via "National Vulnerability Database".