🕴 Data Privacy Challenges for California COVID-19 Contact Tracing Technology 🕴
📖 Read
via "Dark Reading: ".
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.📖 Read
via "Dark Reading: ".
Dark Reading
Data Privacy Challenges for California COVID-19 Contact Tracing Technology
Developers, governments, and regulators must work with the cybersecurity industry to apply rigorous standards to contact-tracing apps to make sure that the societal impact of COVID-19 doesn't extend into personal privacy.
🔐 How to enable guest accounts from the lock screen in Android 🔐
📖 Read
via "Security on TechRepublic".
If you frequently hand your phone over to others, Guest Mode is a feature you should be using on Android. Jack Wallen shows you how to access the feature from your lock screen.📖 Read
via "Security on TechRepublic".
TechRepublic
How to enable guest accounts from the lock screen in Android | TechRepublic
If you frequently hand your phone over to others, Guest Mode is a feature you should be using on Android. Jack Wallen shows you how to access the feature from your lock screen.
ATENTION‼ New - CVE-2020-12638
📖 Read
via "National Vulnerability Database".
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10922
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10921
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10920
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which listens on TCP port 9999 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10493.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10919
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format using a hard-coded key. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10918
📖 Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182.📖 Read
via "National Vulnerability Database".
❌ Garmin Suffers Reported Ransomware Attack ❌
📖 Read
via "Threatpost".
Garmin's services, websites and customer service have all been down since Wednesday night.📖 Read
via "Threatpost".
Threat Post
UPDATED: Garmin Suffers Reported Ransomware Attack
Garmin's consumer and commercial aviation services, websites and customer service have all been rendered unavailable.
❌ Cisco Network Security Flaw Leaks Sensitive Data ❌
📖 Read
via "Threatpost".
The flaw exists in Cisco's network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software.📖 Read
via "Threatpost".
Threat Post
Cisco Network Security Flaw Leaks Sensitive Data
The flaw exists in Cisco's network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software.
🕴 Twitter Breach a Reminder of Need to Protect Corporate Social Media Use 🕴
📖 Read
via "Dark Reading: ".
Intruders had access to direct messages associated with 36 accounts in last week's attack, social media giant discloses.📖 Read
via "Dark Reading: ".
Dark Reading
Twitter Breach a Reminder of Need to Protect Corporate Social Media Use
Intruders had access to direct messages associated with 36 accounts in last week's attack, social media giant discloses.
🔐 A quick and easy way to lock down SSH 🔐
📖 Read
via "Security on TechRepublic".
Anxious to get your Linux server SSH access locked down? Jack Wallen shows you one more step you can take--one that will only take seconds.📖 Read
via "Security on TechRepublic".
TechRepublic
A quick and easy way to lock down SSH
Anxious to get your Linux server SSH access locked down? Jack Wallen shows you one more step you can take--one that will only take seconds.
🕴 DNA Site Leaves Records Open to Law Enforcement 🕴
📖 Read
via "Dark Reading: ".
A pair of breaches reset user accounts to allow access for two days.📖 Read
via "Dark Reading: ".
Dark Reading
DNA Site Leaves Records Open to Law Enforcement
A pair of breaches reset user accounts to allow access for two days.
🔐 The challenges and opportunities of shadow IT 🔐
📖 Read
via "Security on TechRepublic".
The shadow IT genie is out of the bottle and offers benefits and threats. Learn some tips from the experts on how to effectively harness shadow IT in your company.📖 Read
via "Security on TechRepublic".
TechRepublic
Shadow IT: The challenges and opportunities
The shadow IT genie is out of the bottle and offers benefits and threats. Learn tips from experts on how to effectively harness shadow IT in your company.
🕴 Fundamentals of Network Traffic Decryption and Risk Management 🕴
📖 Read
via "Dark Reading: ".
Visibility into and inspection of inbound encrypted network traffic is essential for sound enterprise network security. Decryption approaches must soon change due to increasing cost and complexity, but alternative technologies are emerging.📖 Read
via "Dark Reading: ".
Ovumkc
Login
🕴 Twilio Security Incident Shows Danger of Misconfigured S3 Buckets 🕴
📖 Read
via "Dark Reading: ".
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.📖 Read
via "Dark Reading: ".
Dark Reading
Twilio Security Incident Shows Danger of Misconfigured S3 Buckets
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.
ATENTION‼ New - CVE-2020-11625
📖 Read
via "National Vulnerability Database".
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit different responses depending on whether a user account exists. Because the responses indicate whether a submitted username is valid or not, they make it easier to identify legitimate usernames. If a login request is sent to ISAPI/Security/sessionLogin/capabilities using a username that exists, it will return the value of the salt given to that username, even if the password is incorrect. However, if a login request is sent using a username that is not present in the database, it will return an empty salt value. This allows attackers to enumerate legitimate usernames, facilitating brute-force attacks. NOTE: this is different from CVE-2020-7057.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-11624
📖 Read
via "National Vulnerability Database".
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-11623
📖 Read
via "National Vulnerability Database".
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to the UART interface could access additional diagnostic and configuration functionalities as well as the camera's bootloader. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system. It could even render the device inoperable.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2019-18834
📖 Read
via "National Vulnerability Database".
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.📖 Read
via "National Vulnerability Database".
❌ Malicious ‘Blur’ Photo App Campaign Discovered on Google Play ❌
📖 Read
via "Threatpost".
Twenty-nine bad mobile apps with a combined 3.5 million downloads bombard users with out-of-context ads.📖 Read
via "Threatpost".
Threat Post
Malicious ‘Blur’ Photo App Campaign Discovered on Google Play
Twenty-nine bad mobile apps with a combined 3.5 million downloads bombard users with out-of-context ads.