🕴 HackerOne Reveals Top 10 Bug-Bounty Programs 🕴
📖 Read
via "Dark Reading: ".
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.📖 Read
via "Dark Reading: ".
Dark Reading
HackerOne Reveals Top 10 Bug-Bounty Programs
Rankings based on total bounties paid, top single bounty paid, time to respond, and more.
🕴 Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years 🕴
📖 Read
via "Dark Reading: ".
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.📖 Read
via "Dark Reading: ".
Dark Reading
Russian Cybercriminal Behind CardPlanet Sentenced to 9 Years
Aleksei Burkov will go to federal prison for operating two websites built to facilitate payment card fraud, hacking, and other crimes.
🕴 University of California SF Pays Ransom After Medical Servers Hit 🕴
📖 Read
via "Dark Reading: ".
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on "several IT systems" in the UCSF School of Medicine.📖 Read
via "Dark Reading: ".
Dark Reading
University of California SF Pays Ransom After Medical Servers Hit
As one of at least three universities hit in June, the school paid $1.14 million to cybercriminals following an attack on several IT systems in the UCSF School of Medicine.
ATENTION‼ New - CVE-2019-20416
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-20415
📖 Read
via "National Vulnerability Database".
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.📖 Read
via "National Vulnerability Database".
⚠ iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards ⚠
📖 Read
via "Naked Security".
TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.📖 Read
via "Naked Security".
Naked Security
iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards
TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.
ATENTION‼ New - CVE-2017-18922
📖 Read
via "National Vulnerability Database".
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.📖 Read
via "National Vulnerability Database".
❌ How to Safeguard Data When the Majority of Your Workforce is Remote ❌
📖 Read
via "Threatpost".
More employees working remotely most likely means an increased reliance on cloud services and applications.📖 Read
via "Threatpost".
Threat Post
How to Safeguard Data When the Majority of Your Workforce is Remote
More employees working remotely most likely means an increased reliance on cloud services and applications.
🔐 Botnet Encyclopedia helps security teams analyze suspicious activity in data centers 🔐
📖 Read
via "Security on TechRepublic".
New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.📖 Read
via "Security on TechRepublic".
TechRepublic
Botnet Encyclopedia helps security teams analyze suspicious activity in data centers
New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.
❌ CISA: Nation-State Attackers Likely to Exploit Palo Alto Networks Bug ❌
📖 Read
via "Threatpost".
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.📖 Read
via "Threatpost".
Threat Post
CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.
🕴 3 Ways to Flatten the Health Data Hacking Curve 🕴
📖 Read
via "Dark Reading: ".
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.📖 Read
via "Dark Reading: ".
Dark Reading
3 Ways to Flatten the Health Data Hacking Curve
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
🕴 3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks 🕴
📖 Read
via "Dark Reading: ".
The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.📖 Read
via "Dark Reading: ".
Dark Reading
3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks
The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.
ATENTION‼ New - CVE-2019-20893
📖 Read
via "National Vulnerability Database".
An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.📖 Read
via "National Vulnerability Database".
🕴 Profile of the Post-Pandemic CISO 🕴
📖 Read
via "Dark Reading: ".
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.📖 Read
via "Dark Reading: ".
Dark Reading
Profile of the Post-Pandemic CISO
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.
🔐 Why organizations often have trouble containing cyberattacks 🔐
📖 Read
via "Security on TechRepublic".
Many companies are hampered by the use of too many security tools and the lack of specific playbooks for common attacks, says IBM Security.📖 Read
via "Security on TechRepublic".
TechRepublic
Why organizations often have trouble containing cyberattacks
Many companies are hampered by the use of too many security tools and the lack of specific playbooks for common attacks, says IBM Security.
ATENTION‼ New - CVE-2019-19163
📖 Read
via "National Vulnerability Database".
A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19161
📖 Read
via "National Vulnerability Database".
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.📖 Read
via "National Vulnerability Database".
❌ UCSF Pays $1.14M After NetWalker Ransomware Attack ❌
📖 Read
via "Threatpost".
UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers.📖 Read
via "Threatpost".
Threat Post
UCSF Pays $1.14M After NetWalker Ransomware Attack
UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers.
⚠ Google joins Apple in limiting web certificates to one year ⚠
📖 Read
via "Naked Security".
Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.📖 Read
via "Naked Security".
Naked Security
Google joins Apple in limiting web certificates to one year
Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.
🕴 CISA Issues Advisory on Home Routers 🕴
📖 Read
via "Dark Reading: ".
The increase in work-from-home employees raises the importance of home router security.📖 Read
via "Dark Reading: ".
Dark Reading
CISA Issues Advisory on Home Routers
The increase in work-from-home employees raises the importance of home router security.
🔐 How to protect your remote desktop environment from brute force attacks 🔐
📖 Read
via "Security on TechRepublic".
An RDP compromise provides a cybercriminal with a backdoor for ransomware and other types of malware, says security provider ESET.📖 Read
via "Security on TechRepublic".
TechRepublic
How to protect your remote desktop environment from brute force attacks
An RDP compromise provides a cybercriminal with a backdoor for ransomware and other types of malware, says security provider ESET.