ATENTION‼ New - CVE-2019-20415
📖 Read
via "National Vulnerability Database".
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.📖 Read
via "National Vulnerability Database".
⚠ iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards ⚠
📖 Read
via "Naked Security".
TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.📖 Read
via "Naked Security".
Naked Security
iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards
TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.
ATENTION‼ New - CVE-2017-18922
📖 Read
via "National Vulnerability Database".
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.📖 Read
via "National Vulnerability Database".
❌ How to Safeguard Data When the Majority of Your Workforce is Remote ❌
📖 Read
via "Threatpost".
More employees working remotely most likely means an increased reliance on cloud services and applications.📖 Read
via "Threatpost".
Threat Post
How to Safeguard Data When the Majority of Your Workforce is Remote
More employees working remotely most likely means an increased reliance on cloud services and applications.
🔐 Botnet Encyclopedia helps security teams analyze suspicious activity in data centers 🔐
📖 Read
via "Security on TechRepublic".
New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.📖 Read
via "Security on TechRepublic".
TechRepublic
Botnet Encyclopedia helps security teams analyze suspicious activity in data centers
New resource lists source IPs, connect-back servers, and attack flows for established campaigns and emerging threats.
❌ CISA: Nation-State Attackers Likely to Exploit Palo Alto Networks Bug ❌
📖 Read
via "Threatpost".
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.📖 Read
via "Threatpost".
Threat Post
CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.
🕴 3 Ways to Flatten the Health Data Hacking Curve 🕴
📖 Read
via "Dark Reading: ".
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.📖 Read
via "Dark Reading: ".
Dark Reading
3 Ways to Flatten the Health Data Hacking Curve
With more people working from home, health data security is more challenging but vitally important. These tips can help safeguard healthcare data.
🕴 3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks 🕴
📖 Read
via "Dark Reading: ".
The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.📖 Read
via "Dark Reading: ".
Dark Reading
3 Years After NotPetya, Many Organizations Still in Danger of Similar Attacks
The same gaps that enabled ransomware to spread remain in patching, network segmentation, backup practices, security experts say.
ATENTION‼ New - CVE-2019-20893
📖 Read
via "National Vulnerability Database".
An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.📖 Read
via "National Vulnerability Database".
🕴 Profile of the Post-Pandemic CISO 🕴
📖 Read
via "Dark Reading: ".
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.📖 Read
via "Dark Reading: ".
Dark Reading
Profile of the Post-Pandemic CISO
Projects that were high priorities before the COVID-19 outbreak have taken a back seat to new business needs. For security leaders that has meant new responsibilities that could very well stick around in the pandemic's aftermath.
🔐 Why organizations often have trouble containing cyberattacks 🔐
📖 Read
via "Security on TechRepublic".
Many companies are hampered by the use of too many security tools and the lack of specific playbooks for common attacks, says IBM Security.📖 Read
via "Security on TechRepublic".
TechRepublic
Why organizations often have trouble containing cyberattacks
Many companies are hampered by the use of too many security tools and the lack of specific playbooks for common attacks, says IBM Security.
ATENTION‼ New - CVE-2019-19163
📖 Read
via "National Vulnerability Database".
A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-19161
📖 Read
via "National Vulnerability Database".
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.📖 Read
via "National Vulnerability Database".
❌ UCSF Pays $1.14M After NetWalker Ransomware Attack ❌
📖 Read
via "Threatpost".
UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers.📖 Read
via "Threatpost".
Threat Post
UCSF Pays $1.14M After NetWalker Ransomware Attack
UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers.
⚠ Google joins Apple in limiting web certificates to one year ⚠
📖 Read
via "Naked Security".
Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.📖 Read
via "Naked Security".
Naked Security
Google joins Apple in limiting web certificates to one year
Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.
🕴 CISA Issues Advisory on Home Routers 🕴
📖 Read
via "Dark Reading: ".
The increase in work-from-home employees raises the importance of home router security.📖 Read
via "Dark Reading: ".
Dark Reading
CISA Issues Advisory on Home Routers
The increase in work-from-home employees raises the importance of home router security.
🔐 How to protect your remote desktop environment from brute force attacks 🔐
📖 Read
via "Security on TechRepublic".
An RDP compromise provides a cybercriminal with a backdoor for ransomware and other types of malware, says security provider ESET.📖 Read
via "Security on TechRepublic".
TechRepublic
How to protect your remote desktop environment from brute force attacks
An RDP compromise provides a cybercriminal with a backdoor for ransomware and other types of malware, says security provider ESET.
❌ StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks ❌
📖 Read
via "Threatpost".
The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis.📖 Read
via "Threatpost".
Threat Post
StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis.
🕴 Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan 🕴
📖 Read
via "Dark Reading: ".
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.📖 Read
via "Dark Reading: ".
Dark Reading
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan
We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
🔏 Inventor of Anti-Corrosion Tech Allegedly Took IP to New Company 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
A new lawsuit alleges the chief developer of the company's IP left the company and took some of its confidential information with him to start a new competing company.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Inventor of Anti-Corrosion Tech Allegedly Took IP to New Company
A new lawsuit alleges the chief developer of the company's IP left the company and took some of its confidential information with him to start a new competing company.
🔐 Developers agree: Application security processes have a negative impact on productivity 🔐
📖 Read
via "Security on TechRepublic".
86% of developers polled in a recent survey said every single aspect of appsec hinders their ability to push code.📖 Read
via "Security on TechRepublic".
TechRepublic
Developers agree: Application security processes have a negative impact on productivity
86% of developers polled in a recent survey said every single aspect of appsec hinders their ability to push code.