β Instagram Retained Deleted User Data Despite GDPR Rules β
π Read
via "Threatpost".
The photo-sharing app retained peopleβs photos and private direct messages on its servers even after users removed them.π Read
via "Threatpost".
Threat Post
Instagram Retained Deleted User Data Despite GDPR Rules
The photo-sharing app retained peopleβs photos and private direct messages on its servers even after users removed them.
π΄ WFH Summer 2020 Caption Contest Winners π΄
π Read
via "Dark Reading: ".
Clever wordplay on sandcastles, sandboxes, zero trust. and granular controls. And the winners are ...π Read
via "Dark Reading: ".
Dark Reading
WFH Summer 2020 Caption Contest Winners
Clever wordplay on sandcastles, sandboxes, zero trust. and granular controls. And the winners are ...
π΄ 7 Ways to Keep Your Remote Workforce Safe π΄
π Read
via "Dark Reading: ".
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.π Read
via "Dark Reading: ".
Dark Reading
7 Ways to Keep Your Remote Workforce Safe
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
π How cybercriminals are exploiting US unemployment benefits to make money π
π Read
via "Security on TechRepublic".
Scammers use Social Security numbers and other data to create synthetic IDs to collect unemployment benefits, says IntSights.π Read
via "Security on TechRepublic".
TechRepublic
How cybercriminals are exploiting US unemployment benefits to make money
Scammers use Social Security numbers and other data to create synthetic IDs to collect unemployment benefits, says IntSights.
π Friday Five: 8/14 Edition π
π Read
via "Subscriber Blog RSS Feed ".
Ransomware group launches a new data leak site, 1 Billion Android phones possibly at risk of data theft, and England is testing a new coronavirus contact-tracing app - catch up on the week's news with the Friday Five.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Friday Five: 8/14 Edition
Ransomware group launches a new data leak site, 1 Billion Android phones possibly at risk of data theft, and England is testing a new coronavirus contact-tracing app - catch up on the week's news with the Friday Five.
ATENTIONβΌ New - CVE-2019-7410
π Read
via "National Vulnerability Database".
There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-6112
π Read
via "National Vulnerability Database".
A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search field).π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2019-19643
π Read
via "National Vulnerability Database".
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.π Read
via "National Vulnerability Database".
π΄ Forcepoint Hopes for Breakout Moment by Hopping on the ZTA Bandwagon π΄
π Read
via "Dark Reading: ".
The debut of Forcepoint's two-pronged zero trust access (ZTA) solution delivers much-needed competitive momentum, but it must do more to stand out against a growing field of ZTA competitors.π Read
via "Dark Reading: ".
Ovumkc
Login
ATENTIONβΌ New - CVE-2019-5591
π Read
via "National Vulnerability Database".
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.π Read
via "National Vulnerability Database".
β Critical Flaws in WordPress Quiz Plugin Allow Site Takeover β
π Read
via "Threatpost".
The recently patched flaws could be abused by an unauthenticated, remote attackers to take over vulnerable websites.π Read
via "Threatpost".
Threat Post
Critical Flaws in WordPress Quiz Plugin Allow Site Takeover
The recently patched flaws could be abused by an unauthenticated, remote attackers to take over vulnerable websites.
π΄ DHS CISA Warns of Phishing Emails Rigged with KONNI Malware π΄
π Read
via "Dark Reading: ".
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.π Read
via "Dark Reading: ".
Dark Reading
DHS CISA Warns of Phishing Emails Rigged with KONNI Malware
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.
ATENTIONβΌ New - CVE-2015-8033
π Read
via "National Vulnerability Database".
In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2015-8032
π Read
via "National Vulnerability Database".
In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.π Read
via "National Vulnerability Database".
β Mac Users Targeted by Spyware Spreading via Xcode Projects β
π Read
via "Threatpost".
The XCSSET suite of malware also hijacks browsers, has a ransomware module and more -- and uses a pair of zero-day exploits.π Read
via "Threatpost".
Threat Post
Mac Users Targeted by Spyware Spreading via Xcode Projects
The XCSSET suite of malware also hijacks browsers, has a ransomware module and more β and uses a pair of zero-day exploits.
π΄ IcedID Shows Obfuscation Sophistication in New Campaign π΄
π Read
via "Dark Reading: ".
The malware's developers have turned to dynamic link libraries (DLLs) to hide their work.π Read
via "Dark Reading: ".
Dark Reading
IcedID Shows Obfuscation Sophistication in New Campaign
The malware's developers have turned to dynamic link libraries (DLLs) to hide their work.
π΄ Research Casts Doubt on Value of Threat Intel Feeds π΄
π Read
via "Dark Reading: ".
Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility.π Read
via "Dark Reading: ".
Dark Reading
Research Casts Doubt on Value of Threat Intel Feeds
Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility.
β PoC Exploit Targeting Apache Struts Surfaces on GitHub β
π Read
via "Threatpost".
Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2.π Read
via "Threatpost".
Threat Post
PoC Exploit Targeting Apache Struts Surfaces on GitHub
Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2.
ATENTIONβΌ New - CVE-2020-0255
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-11085
π Read
via "National Vulnerability Database".
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.π Read
via "National Vulnerability Database".
β Monday review β catch up on our latest articles and videos β
π Read
via "Naked Security".
Our recent articles and videos, all in one place.π Read
via "Naked Security".
Naked Security
Monday review β catch up on our latest articles and videos
Our recent articles and videos, all in one place.