π Abandoned apps like TikTok pose a security risk in a BYOD world π
π Read
via "Security on TechRepublic".
Social media apps put corporate networks at risk and provide raw material for deep fakes.π Read
via "Security on TechRepublic".
TechRepublic
Abandoned apps like TikTok pose a security risk in a BYOD world
Social media apps put corporate networks at risk and provide raw material for deep fakes.
ATENTIONβΌ New - CVE-2020-0555
π Read
via "National Vulnerability Database".
Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0554
π Read
via "National Vulnerability Database".
Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0553
π Read
via "National Vulnerability Database".
Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0513
π Read
via "National Vulnerability Database".
Out of bounds write for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0512
π Read
via "National Vulnerability Database".
Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2020-0510
π Read
via "National Vulnerability Database".
Out of bounds read in some Intel(R) Graphics Drivers before versions 15.45.31.5127 and 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14630
π Read
via "National Vulnerability Database".
Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-14620
π Read
via "National Vulnerability Database".
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access.π Read
via "National Vulnerability Database".
β Amazon Alexa βOne-Clickβ Attack Can Divulge Personal Data β
π Read
via "Threatpost".
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.π Read
via "Threatpost".
Threat Post
Amazon Fixes Alexa Glitch That Could Have Divulged Personal Data
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.
β High-Severity TinyMCE Cross-Site Scripting Flaw Fixed β
π Read
via "Threatpost".
The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover.π Read
via "Threatpost".
Threat Post
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover.
β ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls β
π Read
via "Threatpost".
Rare attack on cellular protocol exploits an encryption-implementation flaw at base stations to record voice calls.π Read
via "Threatpost".
Threat Post
ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls
Rare attack on cellular protocol exploits an encryption-implementation flaw at base stations to record voice calls.
π΄ Emotet Return Brings New Tactics & Evasion Techniques π΄
π Read
via "Dark Reading: ".
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.π Read
via "Dark Reading: ".
Dark Reading
Emotet Return Brings New Tactics & Evasion Techniques
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
π΄ Adaptive Shield Emerges From Stealth π΄
π Read
via "Dark Reading: ".
Israeli startup joins growing number of vendors offering platform for detecting and mitigating common configuration errors in cloud environments.π Read
via "Dark Reading: ".
Dark Reading
Adaptive Shield Emerges From Stealth
Israeli startup joins growing number of vendors offering platform for detecting and mitigating common configuration errors in cloud environments.
π Amazon Alexa flaws could have revealed home address and other personal data π
π Read
via "Security on TechRepublic".
The flaws could also have helped attackers obtain usernames, phone numbers, voice history, and installed skills, says Check Point Research.π Read
via "Security on TechRepublic".
TechRepublic
Amazon Alexa flaws could have revealed home address and other personal data
The flaws could also have helped attackers obtain usernames, phone numbers, voice history, and installed skills, says Check Point Research.
π΄ With iOS's Privacy Nutrition Label, Apple Upstages Regulators π΄
π Read
via "Dark Reading: ".
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.π Read
via "Dark Reading: ".
Dark Reading
With iOS's Privacy Nutrition Label, Apple Upstages Regulators
New iOS privacy features require developers to disclose what data they're collecting, how they're using it, and with whom they share it.
π΄ Security Jobs With a Future -- And Ones on the Way Out π΄
π Read
via "Dark Reading: ".
Some titles are hot, while others are not, amid rapidly shifting business priorities.π Read
via "Dark Reading: ".
Dark Reading
Security Jobs With a Future -- And Ones on the Way Out
Some titles are hot, while others are not, amid rapidly shifting business priorities.
ATENTIONβΌ New - CVE-2019-4582
π Read
via "National Vulnerability Database".
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-16374
π Read
via "National Vulnerability Database".
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.π Read
via "National Vulnerability Database".
β New Global Threat Landscape Report Reveals βUnprecedentedβ Cyberattacks β
π Read
via "Threatpost".
Fortinet's recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 - and what that means for cybercrime.π Read
via "Threatpost".
Threat Post
New Global Threat Landscape Report Reveals βUnprecedentedβ Cyberattacks
Fortinet's recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 - and what that means for cybercrime.
π΄ Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity π΄
π Read
via "Dark Reading: ".
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.π Read
via "Dark Reading: ".
Dark Reading
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.