🕴 UVA Researcher Charged with Computer Intrusion & Trade Secret Theft 🕴
📖 Read
via "Dark Reading: ".
Chinese national Haizhou Hu was researching bio-mimics and fluid dynamics at the University of Virginia.📖 Read
via "Dark Reading: ".
Dark Reading
UVA Researcher Charged with Computer Intrusion & Trade Secret Theft
Chinese national Haizhou Hu was researching bio-mimics and fluid dynamics at the University of Virginia.
ATENTION‼ New - CVE-2020-12644
📖 Read
via "National Vulnerability Database".
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-12643
📖 Read
via "National Vulnerability Database".
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-11618
📖 Read
via "National Vulnerability Database".
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-11617
📖 Read
via "National Vulnerability Database".
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.📖 Read
via "National Vulnerability Database".
🔐 Microsoft, Oracle, and Google top list of companies with most vulnerabilities disclosed in Q2 🔐
📖 Read
via "Security on TechRepublic".
Two days accounted for 818 vulnerabilities, or 7.3% of the entire midyear's disclosures so far, according to a new report.📖 Read
via "Security on TechRepublic".
❌ Charming Kitten Returns with WhatsApp, LinkedIn Effort ❌
📖 Read
via "Threatpost".
The Iran-linked APT is targeting Israeli scholars and U.S. government employees in a credential-stealing effort.📖 Read
via "Threatpost".
Threat Post
Charming Kitten Returns with WhatsApp, LinkedIn Effort
The Iran-linked APT is targeting Israeli scholars and U.S. government employees in a credential-stealing effort.
🔏 Six Tips to Keep Families Safe Online 🔏
📖 Read
via "Subscriber Blog RSS Feed ".
With kids returning to school - many of them remotely - the Federal Trade Commission offered tips for parents to better secure their families online.📖 Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
Six Tips to Keep Families Safe Online
With kids returning to school - many of them remotely - the Federal Trade Commission offered tips for parents to better secure their families online.
❌ Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign ❌
📖 Read
via "Threatpost".
The notarized malware payloads were discovered in a recent MacOS adware campaign, disguised as Adobe Flash Player updates.📖 Read
via "Threatpost".
Threat Post
Apple Accidentally Notarizes Shlayer Malware Used in Adware Campaign
The notarized malware payloads were discovered in a recent MacOS adware campaign, disguised as Adobe Flash Player updates.
🕴 Malicious Android Apps Slip Through Google Play Protection 🕴
📖 Read
via "Dark Reading: ".
Multiple Android apps were found spying on users and recruiting victims' devices into ad-fraud botnets.📖 Read
via "Dark Reading: ".
Dark Reading
Malicious Android Apps Slip Through Google Play Protection
Multiple Android apps were found spying on users and recruiting victims' devices into ad-fraud botnets.
🕴 Slack Patches Critical Desktop Vulnerability 🕴
📖 Read
via "Dark Reading: ".
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.📖 Read
via "Dark Reading: ".
Dark Reading
Slack Patches Critical Desktop Vulnerability
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
🔐 The best developer-centric security products 🔐
📖 Read
via "Security on TechRepublic".
Commentary: For organizations struggling to secure their IT, a host of new, developer-focused products are hitting the market. Check out this guide of the best developer-centric security products.📖 Read
via "Security on TechRepublic".
TechRepublic
Best Developer-Centric Security Products
Commentary: For organizations struggling to secure their IT, a host of new, developer-focused products are hitting the market. Check out this guide of the best developer-centric security products.
🕴 Testing & Automation Pay Off for NSA's DevSecOps Project 🕴
📖 Read
via "Dark Reading: ".
Communication with stakeholders, extensive testing, and robust automation pays dividends for military intelligence agency, one of several presenters at GitLab's virtual Commit conference.📖 Read
via "Dark Reading: ".
Dark Reading
Testing & Automation Pay Off for NSA's DevSecOps Project
Communication with stakeholders, extensive testing, and robust automation pays dividends for military intelligence agency, one of several presenters at GitLab's virtual Commit conference.
🕴 AI on the Email Offense 🕴
📖 Read
via "Dark Reading: ".
Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.📖 Read
via "Dark Reading: ".
Dark Reading
AI on the Email Offense
Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.
ATENTION‼ New - CVE-2020-14178
📖 Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0.📖 Read
via "National Vulnerability Database".
ATENTION‼ New - CVE-2020-12776
📖 Read
via "National Vulnerability Database".
Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.📖 Read
via "National Vulnerability Database".
❌ Pioneer Kitten APT Sells Corporate Network Access ❌
📖 Read
via "Threatpost".
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.📖 Read
via "Threatpost".
Threat Post
Pioneer Kitten APT Sells Corporate Network Access
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.
🕴 Why Are There Still So Many Windows 7 Devices? 🕴
📖 Read
via "Dark Reading: ".
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.📖 Read
via "Dark Reading: ".
Dark Reading
Why Are There Still So Many Windows 7 Devices?
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.
ATENTION‼ New - CVE-2018-12475
📖 Read
via "National Vulnerability Database".
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service .📖 Read
via "National Vulnerability Database".
❌ FBI: Ring Smart Doorbells Could Sabotage Cops ❌
📖 Read
via "Threatpost".
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.📖 Read
via "Threatpost".
Threat Post
FBI: Ring Smart Doorbells Could Sabotage Cops
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.