ATENTIONβΌ New - CVE-2017-1659
π Read
via "National Vulnerability Database".
"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."π Read
via "National Vulnerability Database".
π΄ 4 Steps to a More Mature Identity Program π΄
π Read
via "Dark Reading: ".
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.π Read
via "Dark Reading: ".
Dark Reading
4 Steps to a More Mature Identity Program
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
π Be prepared: Why you need an incident response policy π
π Read
via "Security on TechRepublic".
Smart security teams have updated incident response plans in place before a security breach happens.π Read
via "Security on TechRepublic".
TechRepublic
Be prepared: Why you need an incident response policy
Smart security teams have updated incident response plans in place before a security breach happens.
π Business climate may be stabilizing for tech companies π
π Read
via "Security on TechRepublic".
New CompTIA poll finds members are receiving inquiries around cybersecurity, migrating to the cloud, and managed services.π Read
via "Security on TechRepublic".
TechRepublic
Business climate may be stabilizing for tech companies
New CompTIA poll finds members are receiving inquiries around cybersecurity, migrating to the cloud, and managed services.
β EvilQuest: Inside A βNew Classβ of Mac Malware β
π Read
via "Threatpost".
Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware.π Read
via "Threatpost".
Threat Post
EvilQuest: Inside A βNew Classβ of Mac Malware
Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware.
π΄ Microsoft Issues Out-of-Band Patches for RCE Flaws π΄
π Read
via "Dark Reading: ".
Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ New MacOS Ransomware Hides in Pirated Program π΄
π Read
via "Dark Reading: ".
A bogus installer for Little Snitch carries a ransomware hitchhiker.π Read
via "Dark Reading: ".
Dark Reading
New MacOS Ransomware Hides in Pirated Program
A bogus installer for Little Snitch carries a ransomware hitchhiker.
β Alina Point-of-Sale Malware Spotted in Ongoing Campaign β
π Read
via "Threatpost".
The malware is using DNS tunneling to exfiltrate payment-card data.π Read
via "Threatpost".
Threat Post
Alina Point-of-Sale Malware Spotted in Ongoing Campaign
The malware is using DNS tunneling to exfiltrate payment-card data.
β Cisco Warns of High-Severity Bug in Small Business Switch Lineup β
π Read
via "Threatpost".
A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches.π Read
via "Threatpost".
Threat Post
Cisco Warns of High-Severity Bug in Small Business Switch Lineup
A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches.
π΄ DHS Shares Data on Top Cyberthreats to Federal Agencies π΄
π Read
via "Dark Reading: ".
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.π Read
via "Dark Reading: ".
Dark Reading
DHS Shares Data on Top Cyberthreats to Federal Agencies
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.
π΄ Businesses Invest in Cloud Security Tools Despite Concerns π΄
π Read
via "Dark Reading: ".
A majority of organizations say the acceleration was driven by a need to support more remote employees.π Read
via "Dark Reading: ".
Dark Reading
Businesses Invest in Cloud Security Tools Despite Concerns
A majority of organizations say the acceleration was driven by a need to support more remote employees.
π΄ Chinese Software Company Aisino Uninstalls GoldenSpy Malware π΄
π Read
via "Dark Reading: ".
Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.π Read
via "Dark Reading: ".
Dark Reading
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.
ATENTIONβΌ New - CVE-2019-15312
π Read
via "National Vulnerability Database".
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an attacker to compromise the victim device from the Internet.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-15311
π Read
via "National Vulnerability Database".
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-15310
π Read
via "National Vulnerability Database".
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled.π Read
via "National Vulnerability Database".
π΄ Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign π΄
π Read
via "Dark Reading: ".
Malware used to download WastedLocker on target networks was hosted on legit websites belonging to one parent company, Symantec says.π Read
via "Dark Reading: ".
Dark Reading
Attackers Compromised Dozens of News Websites as Part of Ransomware Campaign
Malware used to download WastedLocker on target networks was hosted on legit websites belonging to one parent company, Symantec says.
ATENTIONβΌ New - CVE-2019-20417
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate internal services via an Information Disclosure vulnerability. The vulnerability is only exploitable if WebSudo is disabled in Jira. The affected versions are before version 8.4.2.π Read
via "National Vulnerability Database".
β 133m records for sale as fruits of data breach spree keep raining down β
π Read
via "Naked Security".
Databases can be had for as little as $100, on up to $1,100. Most, if not all, are being sold by the hacking group Shiny Hunters.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 7 IoT Tips for Home Users π΄
π Read
via "Dark Reading: ".
Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep every one secure.π Read
via "Dark Reading: ".
Dark Reading
7 IoT Tips for Home Users
Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep everyone secure.
π Zoom: We've delivered on all of our security and privacy promises, apart from one π
π Read
via "Security on TechRepublic".
CEO Eric Yuan said the company had been working to improve safety, privacy and security, but has pushed back the date for its transparency report.π Read
via "Security on TechRepublic".
TechRepublic
Zoom: We've delivered on all of our security and privacy promises, apart from one
CEO Eric Yuan said the company had been working to improve safety, privacy and security, but has pushed back the date for its transparency report.
π΄ DHS Shares Data on Top Cyber Threats to Federal Agencies π΄
π Read
via "Dark Reading: ".
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.π Read
via "Dark Reading: ".
Dark Reading
DHS Shares Data on Top Cyber Threats to Federal Agencies
Backdoors, cryptominers, and ransomware were the most widely detected threats by the DHS Cybersecurity and Infrastructure Security Agency (CISA)'s intrusion prevention system EINSTEIN.