🔐 Facebook data privacy scandal: A cheat sheet 🔐
📖 Read
via "Security on TechRepublic".
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.📖 Read
via "Security on TechRepublic".
TechRepublic
Facebook data privacy scandal: A cheat sheet
Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.
ATENTION‼ New - CVE-2020-10930
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10929
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10928
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10927
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10926
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10925
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10924
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10923
📖 Read
via "National Vulnerability Database".
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.📖 Read
via "National Vulnerability Database".
🕴 Avon Server Leaks User Info and Administrative Data 🕴
📖 Read
via "Dark Reading: ".
An unprotected server has exposed more than 7GB of data from the beauty brand.📖 Read
via "Dark Reading: ".
Dark Reading
Avon Server Leaks User Info and Administrative Data
An unprotected server has exposed more than 7GB of data from the beauty brand.
❌ Lazarus Group Brings APT Tactics to Ransomware ❌
📖 Read
via "Threatpost".
A new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.📖 Read
via "Threatpost".
Threat Post
Lazarus Group Brings APT Tactics to Ransomware
A new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.
🕴 Lazarus Group Shifts Gears with Custom Ransomware 🕴
📖 Read
via "Dark Reading: ".
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.📖 Read
via "Dark Reading: ".
Dark Reading
Lazarus Group Shifts Gears with Custom Ransomware
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.
ATENTION‼ New - CVE-2020-10985
📖 Read
via "National Vulnerability Database".
Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10984
📖 Read
via "National Vulnerability Database".
Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10983
📖 Read
via "National Vulnerability Database".
Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-10982
📖 Read
via "National Vulnerability Database".
Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.📖 Read
via "National Vulnerability Database".
🔐 IBM finds cyberattacks costing companies nearly $4 million per breach 🔐
📖 Read
via "Security on TechRepublic".
The study showed concrete financial benefits to having security systems and teams in place.📖 Read
via "Security on TechRepublic".
TechRepublic
IBM finds cyberattacks costing companies nearly $4 million per breach
The study showed concrete financial benefits to having security systems and teams in place.
🔐 The future of encryption: Getting ready for the quantum computer attack 🔐
📖 Read
via "Security on TechRepublic".
PQShield, a spin-out from the UK's Oxford University, is developing advanced cryptographic solutions for hardware, software and communications to protect businesses' data from the quantum threat.📖 Read
via "Security on TechRepublic".
TechRepublic
The future of encryption: Getting ready for the quantum computer attack
PQShield, a spin-out from the UK's Oxford University, is developing advanced cryptographic solutions for hardware, software and communications to protect businesses' data from the quantum threat.
❌ OkCupid Security Flaw Threatens Intimate Dater Details ❌
📖 Read
via "Threatpost".
Attackers could exploit various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.📖 Read
via "Threatpost".
Threat Post
OkCupid Security Flaw Threatens Intimate Dater Details
Attackers could have exploited various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.
❌ Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems ❌
📖 Read
via "Threatpost".
Algorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces.📖 Read
via "Threatpost".
Threat Post
Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems
Algorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces.
🔐 87% of Americans view data privacy as a human right, but most still use risky security practices 🔐
📖 Read
via "Security on TechRepublic".
While 56% of Americans want more control over personal data, more than 40% said they reuse passwords, use public Wi-Fi, or save a credit card to an online store, KPMG found.📖 Read
via "Security on TechRepublic".