β AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals β
π Read
via "Threatpost".
Comparitechβs Paul Bischoff found that Amazonβs facial recognition platform misidentified an alarming number of people, and was racially biased.π Read
via "Threatpost".
Threat Post
AWS Facial Recognition Platform Misidentified Over 100 Politicians As Criminals
Comparitechβs Paul Bischoff found that Amazonβs facial recognition platform misidentified an alarming number of people, and was racially biased.
π ID theft: Fake Google alerts are now delivering malware π
π Read
via "Security on TechRepublic".
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.π Read
via "Security on TechRepublic".
TechRepublic
ID theft: Fake Google alerts are now delivering malware
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.
π ID theft: Fake Google alerts are now delivering malware π
π Read
via "Security on TechRepublic".
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.π Read
via "Security on TechRepublic".
TechRepublic
ID theft: Fake Google alerts are now delivering malware
E-mails telling you that your data has been compromised are now sometimes fake. Be careful what you click on.
β Tuesdayβs Magento 1 EOL Leaves Clock Ticking on 100K Online Stores β
π Read
via "Threatpost".
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.π Read
via "Threatpost".
Threat Post
Tuesdayβs Magento 1 EOL Leaves Clock Ticking on 100K Online Stores
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.
π΄ Files Stolen from 945 Websites Discovered on Dark Web π΄
π Read
via "Dark Reading: ".
Researchers who found the archived SQL files estimate up to 14 million people could be affected.π Read
via "Dark Reading: ".
Dark Reading
Files Stolen from 945 Websites Discovered on Dark Web
Researchers who found the archived SQL files estimate up to 14 million people could be affected.
π 2020 sees rise in invoice and payment fraud BEC attacks π
π Read
via "Security on TechRepublic".
Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.π Read
via "Security on TechRepublic".
TechRepublic
2020 sees rise in invoice and payment fraud BEC attacks
Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.
π Email Error Leads to Exposed PHI of 11,500 Patients π
π Read
via "Subscriber Blog RSS Feed ".
A health plan recently disclosed a data breach of 11,500 patients that was triggered by an email mistake.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Email Error Leads to Exposed PHI of 11,500 Patients
A health plan recently disclosed a data breach of 11,500 patients that was triggered by an email mistake.
π Why everyone should care about disinformation campaigns π
π Read
via "Security on TechRepublic".
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.π Read
via "Security on TechRepublic".
TechRepublic
Why everyone should care about disinformation campaigns
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.
π Why everyone should care about disinformation campaigns π
π Read
via "Security on TechRepublic".
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.π Read
via "Security on TechRepublic".
TechRepublic
Why everyone should care about disinformation campaigns
Fortalice CEO and former White House CIO Theresa Payton explains why disinformation is such a potent threat.
ATENTIONβΌ New - CVE-2018-6446
π Read
via "National Vulnerability Database".
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.π Read
via "National Vulnerability Database".
β REvil Ransomware Gang Adds Auction Feature for Stolen Data β
π Read
via "Threatpost".
An anonymous bidding mechanism enhances the REvil group's double-extortion game.π Read
via "Threatpost".
Threat Post
REvil Ransomware Gang Adds Auction Feature for Stolen Data
An anonymous bidding mechanism enhances the REvil group's double-extortion game.
π΄ HackerOne Reveals Top 10 Bug-Bounty Programs π΄
π Read
via "Dark Reading: ".
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.π Read
via "Dark Reading: ".
Dark Reading
HackerOne Reveals Top 10 Bug-Bounty Programs
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
π΄ Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years π΄
π Read
via "Dark Reading: ".
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.π Read
via "Dark Reading: ".
Dark Reading
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
π΄ University of California SF Pays Ransom After Medical Servers Hit π΄
π Read
via "Dark Reading: ".
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.π Read
via "Dark Reading: ".
Dark Reading
University of California SF Pays Ransom After Medical Servers Hit
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on several IT systems in the UCSF School of Medicine.
ATENTIONβΌ New - CVE-2019-20416
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-20415
π Read
via "National Vulnerability Database".
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.π Read
via "National Vulnerability Database".
β iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards β
π Read
via "Naked Security".
TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.π Read
via "Naked Security".
Naked Security
iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards
TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.
ATENTIONβΌ New - CVE-2017-18922
π Read
via "National Vulnerability Database".
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.π Read
via "National Vulnerability Database".
β How to Safeguard Data When the Majority of Your Workforce is Remote β
π Read
via "Threatpost".
More employees working remotely most likely means an increased reliance on cloud services and applications.π Read
via "Threatpost".
Threat Post
How to Safeguard Data When the Majority of Your Workforce is Remote
More employees working remotely most likely means an increased reliance on cloud services and applications.
π Botnet Encyclopedia helps security teams analyze suspicious activity in data centers π
π Read
via "Security on TechRepublic".
New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.π Read
via "Security on TechRepublic".
TechRepublic
Botnet Encyclopedia helps security teams analyze suspicious activity in data centers
New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.
β CISA: Nation-State Attackers Likely to Exploit Palo Alto Networks Bug β
π Read
via "Threatpost".
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.π Read
via "Threatpost".
Threat Post
CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.