β Beware βsecure DNSβ scam targeting website owners and bloggers β
π Read
via "Naked Security".
If you run a website or a blog, watch out for emails promising "DNSSEC upgrades" - these scammers are after your whole site.π Read
via "Naked Security".
π΄ Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions π΄
π Read
via "Dark Reading: ".
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.π Read
via "Dark Reading: ".
Dark Reading
Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions
SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.
π IBM Research releases differential privacy library that works with machine learning π
π Read
via "Security on TechRepublic".
The open-source repository is unique in that most tasks can be run with only a single line of code, according to the company.π Read
via "Security on TechRepublic".
TechRepublic
IBM Research releases differential privacy library that works with machine learning
The open-source repository is unique in that most tasks can be run with only a single line of code, according to the company.
ATENTIONβΌ New - CVE-2019-3681
π Read
via "National Vulnerability Database".
A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .π Read
via "National Vulnerability Database".
π΄ Good Cyber Hygiene in a Pandemic-Driven World Starts with Us π΄
π Read
via "Dark Reading: ".
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.π Read
via "Dark Reading: ".
Dark Reading
Good Cyber Hygiene in a Pandemic-Driven World Starts with Us
Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.
π Sifter 7.5 π
π Go!
via "Security Tool Files β Packet Storm".
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Sifter 7.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Haveged 1.9.13 π
π Go!
via "Security Tool Files β Packet Storm".
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.π Go!
via "Security Tool Files β Packet Storm".
Packetstormsecurity
Haveged 1.9.13 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ATENTIONβΌ New - CVE-2019-19160
π Read
via "National Vulnerability Database".
Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18256
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18254
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18252
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18248
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the productΓ’β¬β’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-18246
π Read
via "National Vulnerability Database".
BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure.π Read
via "National Vulnerability Database".
β Unpatched Wi-Fi Extender Opens Home Networks to Remote Control β
π Read
via "Threatpost".
The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.π Read
via "Threatpost".
Threat Post
Unpatched Wi-Fi Extender Opens Home Networks to Remote Control
The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.
β AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals β
π Read
via "Threatpost".
Comparitechβs Paul Bischoff found that Amazonβs facial recognition platform misidentified an alarming number of people, and was racially biased.π Read
via "Threatpost".
Threat Post
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Comparitechβs Paul Bischoff found that Amazonβs facial recognition platform misidentified an alarming number of people, and was racially biased.
π ID theft: Fake Google alerts are now delivering malware π
π Read
via "Security on TechRepublic".
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.π Read
via "Security on TechRepublic".
TechRepublic
ID theft: Fake Google alerts are now delivering malware
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.
π ID theft: Fake Google alerts are now delivering malware π
π Read
via "Security on TechRepublic".
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.π Read
via "Security on TechRepublic".
TechRepublic
ID theft: Fake Google alerts are now delivering malware
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.
β Tuesdayβs Magento 1 EOL Leaves Clock Ticking on 100K Online Stores β
π Read
via "Threatpost".
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.π Read
via "Threatpost".
Threat Post
Tuesdayβs Magento 1 EOL Leaves Clock Ticking on 100K Online Stores
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.
π΄ Files Stolen from 945 Websites Discovered on Dark Web π΄
π Read
via "Dark Reading: ".
Researchers who found the archived SQL files estimate up to 14 million people could be affected.π Read
via "Dark Reading: ".
Dark Reading
Files Stolen from 945 Websites Discovered on Dark Web
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
π 2020 sees rise in invoice and payment fraud BEC attacks π
π Read
via "Security on TechRepublic".
Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.π Read
via "Security on TechRepublic".
TechRepublic
2020 sees rise in invoice and payment fraud BEC attacks
Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.
π Email Error Leads to Exposed PHI of 11,500 Patients π
π Read
via "Subscriber Blog RSS Feed ".
A health plan recently disclosed a data breach of 11,500 patients that was triggered by an email mistake.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Email Error Leads to Exposed PHI of 11,500 Patients
A health plan recently disclosed a data breach of 11,500 patients that was triggered by an email mistake.