β The rise of targeted ransomware β
π Read
via "Naked Security".
Ransomware hasn't gone away, but it is getting quieter and more targeted.π Read
via "Naked Security".
Naked Security
The rise of targeted ransomware
Ransomware hasnβt gone away, but it is getting quieter and more targeted.
π These industries will soon be impacted by biometric security π
π Read
via "Security on TechRepublic".
BioCatch's VP Frances Zelazny explains why companies are dropping passwords in favor of biometric security like fingerprint and iris scanners.π Read
via "Security on TechRepublic".
TechRepublic
These industries will soon be impacted by biometric security
BioCatch's VP Frances Zelazny explains why companies are dropping passwords in favor of biometric security like fingerprint and iris scanners.
ATENTIONβΌ New - CVE-2016-7068
π Read
via "National Vulnerability Database".
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-7047
π Read
via "National Vulnerability Database".
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2016-0750
π Read
via "National Vulnerability Database".
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.π Read
via "National Vulnerability Database".
π Why higher education is one of the worst industries at handling cyberattacks π
π Read
via "Security on TechRepublic".
Some 73% of institutions took three or more days to apply patches for cyberthreats, according to a recent EfficientIP report.π Read
via "Security on TechRepublic".
TechRepublic
Why higher education is one of the worst industries at handling cyberattacks
Some 73% of institutions took three or more days to apply patches for cyberthreats, according to a recent EfficientIP report.
β’ Online security 101: Tips for protecting your privacy from hackers and spies β’
π Read
via "Latest topics for ZDNet in Security".
This simple advice will help to protect you against hackers and government surveillance.π Read
via "Latest topics for ZDNet in Security".
ZDNet
Cybersecurity 101: Protect your privacy from hackers, spies, and the government | ZDNet
Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.
β Adobe Patches Six Critical Flaws in ColdFusion β
π Read
via "The first stop for security news | Threatpost ".
Adobe issued fixes for versions of its ColdFusion web development platform - including six critical flaws.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Adobe Patches Six Critical Flaws in ColdFusion
Adobe issued fixes for versions of its ColdFusion web development platform - including six critical flaws.
π΄ 4 Practical Measures to Improve Election Security Now π΄
π Read
via "Dark Reading: ".
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.π Read
via "Dark Reading: ".
Darkreading
4 Practical Measures to Improve Election Security Now
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
β’ First IoT security bill reaches governor's desk in California β’
π Read
via "Latest topics for ZDNet in Security".
California IoT security bill criticized by security researcher. Expert says bill "is based upon an obviously superficial understanding of the problem."π Read
via "Latest topics for ZDNet in Security".
ZDNet
First IoT security bill reaches governor's desk in California | ZDNet
California IoT security bill criticized by security researcher. Expert says bill "is based upon an obviously superficial understanding of the problem."
π΄ British Airways Breach Linked to Ticketmaster Breach Attackers π΄
π Read
via "Dark Reading: ".
Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers say.π Read
via "Dark Reading: ".
Dark Reading
British Airways Breach Linked to Ticketmaster Breach Attackers
Magecart attackers hit airline with the same digital skimmers they used on the entertainment company in June, researchers say.
ATENTIONβΌ New - CVE-2016-7066
π Read
via "National Vulnerability Database".
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitary operations.π Read
via "National Vulnerability Database".
β Drive away a Tesla today (even if it isnβt yours) β
π Read
via "Naked Security".
Raspberry Pi's processing power versus Tesla's Model X cryptography - victory for the little guy!π Read
via "Naked Security".
Naked Security
Drive away a Tesla today (even if it isnβt yours)
Raspberry Piβs processing power versus Teslaβs Model S cryptography β victory for the little guy!
ATENTIONβΌ New - CVE-2016-0715
π Read
via "National Vulnerability Database".
Pivotal Cloud Foundry Elastic Runtime version 1.4.0 through 1.4.5, 1.5.0 through 1.5.11 and 1.6.0 through 1.6.11 is vulnerable to a remote information disclosure. It was found that original mitigation configuration instructions provided as part of CVE-2016-0708 were incomplete and could leave PHP Buildpack, Staticfile Buildpack and potentially other custom Buildpack applications vulnerable to remote information disclosure. Affected applications use automated buildpack detection, serve files directly from the root of the application and have a buildpack that matched after the Java Buildpack in the system buildpack priority when Java Buildpack versions 2.0 through 3.4 were present.π Read
via "National Vulnerability Database".
π΄ The Key to Stealing a Tesla Model S π΄
π Read
via "Dark Reading: ".
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.π Read
via "Dark Reading: ".
Dark Reading
The Key to Stealing a Tesla Model S
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
β Millions of Records Exposed in Veeam Misconfigured Server β
π Read
via "The first stop for security news | Threatpost ".
Exposed data included names, emails addresses and IP addresses.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Millions of Records Exposed in Veeam Misconfigured Server
Exposed data included names, emails addresses and IP addresses.
β Bad Actors Sizing Up Systems Via Lightweight Recon Malware β
π Read
via "The first stop for security news | Threatpost ".
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Bad Actors Sizing Up Systems Via Lightweight Recon Malware
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest.
π Here's what happens during a social engineering cyber-attack π
π Read
via "Security on TechRepublic".
BioCatch's VP Frances Zelazny explains each step of social engineering hacks, low-tech cyberattacks that have a big impact on business.π Read
via "Security on TechRepublic".
TechRepublic
Here's what happens during a social engineering cyber-attack
BioCatch's VP Frances Zelazny explains each step of social engineering hacks, low-tech cyberattacks that have a big impact on business.
β’ Microsoft patches recent ALPC zero-day in September 2018 Patch Tuesday updates β’
π Read
via "Latest topics for ZDNet in Security".
Microsoft engineers patch 62 vulnerabilities, including 17 rated 'Critical'π Read
via "Latest topics for ZDNet in Security".
ZDNET
Microsoft patches recent ALPC zero-day in September 2018 Patch Tuesday updates
Microsoft engineers patch 62 vulnerabilities, including 17 rated 'Critical'
π΄ Mirai, Gafgyt Botnets Resurface with New Tricks π΄
π Read
via "Dark Reading: ".
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.π Read
via "Dark Reading: ".
Darkreading
Mirai, Gafgyt Botnets Resurface with New Tricks
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.
β Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday β
π Read
via "The first stop for security news | Threatpost ".
Microsoft's September Patch Tuesday release tackles three vulnerabilities actively being exploited in the wild.π Read
via "The first stop for security news | Threatpost ".
Threat Post
Microsoft Patches Actively Exploited Bug as Part of Patch Tuesday
Microsoftβs September Patch Tuesday release tackles a vulnerability actively being exploited in the wild.