ATENTIONβΌ New - CVE-2019-4650
π Read
via "National Vulnerability Database".
IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961.π Read
via "National Vulnerability Database".
π΄ Major US Companies Targeted in New Ransomware Campaign π΄
π Read
via "Dark Reading: ".
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.π Read
via "Dark Reading: ".
Dark Reading
Major US Companies Targeted in New Ransomware Campaign
Evil Corp. group hit at least 31 customers in campaign to deploy WastedLocker malware, according to Symantec.
π Congress proposes ban on government use of facial recognition software π
π Read
via "Security on TechRepublic".
The Facial Recognition and Biometric Technology Moratorium Act would explicitly ban police from using the technology.π Read
via "Security on TechRepublic".
TechRepublic
Congress proposes ban on government use of facial recognition software
The Facial Recognition and Biometric Technology Moratorium Act would explicitly ban police from using the technology.
β βCardplanetβ Operator Sentenced to 9 Years for Selling Stolen Credit Cards β
π Read
via "Threatpost".
The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.π Read
via "Threatpost".
Threat Post
βCardplanetβ Operator Sentenced to 9 Years for Selling Stolen Credit Cards
The carding store victimized mainly U.S. citizens and is responsible for $20 million in fraudulent purchases.
π Safari refinements justify setting the browser as default in macOS Big Sur π
π Read
via "Security on TechRepublic".
If Safari isn't your default Mac web browser, it should be when Apple releases macOS Big Sur. Here's how Apple developers have readied the browser for adulthood and the demands of the workplace.π Read
via "Security on TechRepublic".
TechRepublic
Safari refinements justify setting the browser as default in macOS Big Sur
If Safari isn't your default Mac web browser, it should be when Apple releases macOS Big Sur. Here's how Apple developers have readied the browser for adulthood and the demands of the workplace.
β 8 U.S. City Websites Targeted in Magecart Attacks β
π Read
via "Threatpost".
Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident.π Read
via "Threatpost".
Threat Post
8 U.S. City Websites Targeted in Magecart Attacks
Researchers believe that Click2Gov, municipal payment software, may be at the heart of this most recent government security incident.
β DarkCrewFriends Returns with Botnet Strategy β
π Read
via "Threatpost".
The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.π Read
via "Threatpost".
Threat Post
DarkCrewFriends Returns with Botnet Strategy
The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.
ATENTIONβΌ New - CVE-2013-7489
π Read
via "National Vulnerability Database".
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.π Read
via "National Vulnerability Database".
β Monday review β the hot 10 stories of the week β
π Read
via "Naked Security".
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 10 stories of the week
Get yourself up to date with everything we've written in the last seven days β it's weekly roundup time.
β Satori IoT botnet author sentenced to 13 months in prison β
π Read
via "Naked Security".
Kenneth Schuchman, the creator of the massive Satori botnet of enslaved devices, will be spending 13 months behind bars.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ATENTIONβΌ New - CVE-2019-20414
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20413
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20412
π Read
via "National Vulnerability Database".
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20411
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20410
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.π Read
via "National Vulnerability Database".
π Microsoft Edge browser: This new password monitor helps keep your data safe π
π Read
via "Security on TechRepublic".
The new Edge browser will soon warn you if one of your passwords shows up in a data breach -- a feature based on an Azure service that enterprises can already use to protect user passwords.π Read
via "Security on TechRepublic".
π Non-profit launches new programs to increase diversity in cybersecurity industry π
π Read
via "Security on TechRepublic".
Cybersecurity group pivots from speaking engagements and scholarships to analyzing skill gaps and connecting candidates with employers.π Read
via "Security on TechRepublic".
TechRepublic
Nonprofit launches new programs to increase diversity in cybersecurity industry
Cybersecurity group pivots from speaking engagements and scholarships to analyzing skill gaps and connecting candidates with employers.
β Beware βsecure DNSβ scam targeting website owners and bloggers β
π Read
via "Naked Security".
If you run a website or a blog, watch out for emails promising "DNSSEC upgrades" - these scammers are after your whole site.π Read
via "Naked Security".
π΄ Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions π΄
π Read
via "Dark Reading: ".
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.π Read
via "Dark Reading: ".
Dark Reading
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
π IBM Research releases differential privacy library that works with machine learning π
π Read
via "Security on TechRepublic".
The open-source repository is unique in that most tasks can be run with only a single line of code, according to the company.π Read
via "Security on TechRepublic".
TechRepublic
IBM Research releases differential privacy library that works with machine learning
The open-source repository is unique in that most tasks can be run with only a single line of code, according to the company.
ATENTIONβΌ New - CVE-2019-3681
π Read
via "National Vulnerability Database".
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .π Read
via "National Vulnerability Database".